| |
| |||||||
Log-Analyse und Auswertung: Windows Recovery MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
28.04.2011, 09:46
| #1 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows Recovery Malware Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.04.2011, 17:01
| #2 |
 | Windows Recovery Malware Hier die OTL Logs:
__________________Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.04.2011 17:42:09 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\7\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS
Computer Name: KIMI | User Name: 7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{89B4EF01-905C-48CC-8872-7CD20EB210A7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B09B40B8-2806-4B86-BC13-27DA58073611}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00881F97-EAEE-41C6-9362-AA52A41144A8}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{033BC8E4-C354-4D55-ADE3-F39FC15B3F74}" = protocol=6 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe |
"{04C0D378-871B-4F17-AFDF-EB2B1D7B6ABD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{07912DAC-1A6D-40DD-9703-0AB05261B04A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{093992C2-433C-4715-AC56-2B01AE65B7C4}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{0CDBB453-DBD9-44AC-B67F-DBC1BF9514D1}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{0EC49438-8F0A-4040-8AAA-ED4BC61678DF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{10667D16-2BA4-49AC-BC62-45D0DCFA505C}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{163FC50B-0E10-4A71-A899-9BE0EE9AAE58}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{1676170B-0AB5-4149-A13D-DD55CABACF7A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{20369679-E082-4B56-9FC4-7570BD426636}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{2143CB3F-8F35-4251-8B36-FD1FE952FC09}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{2200A927-CF83-417B-A2C3-3CB547DAA989}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{2C6A8D8C-2D13-4677-A1FB-E3A555C89A2D}" = protocol=6 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{2FFFD39F-7C72-41DD-8937-ADB64058E0B6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{37BD2B39-8B58-4E95-B74E-FF2BA84BCDDA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe |
"{38CB3C76-78F5-40E6-8341-875F147C80B0}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{39443E23-F5FD-47F8-B5DA-67E9C37F124F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{39E3C019-5F90-48F7-A011-B8025F271307}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe |
"{43508F5C-14B2-4717-B8E9-812ED9EF3C80}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{460BE376-DCC1-4871-A1DE-A9A3B96194BD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{47D1AC52-BCFD-4F4A-BDD8-3996797F89C4}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{48F9ADA6-A0AE-4C0F-B6A4-06241AF57930}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{50386EB2-5E44-44B7-8845-DBF78F691BEE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{57228C1A-A6AA-4B06-9883-AB1E0AC011FC}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{5A801C4C-1F29-45EC-97AD-337D691AB30B}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{5AC42AA5-6D84-4E8C-9821-34D39894D5A4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{5DC1544A-8A3C-414A-91F8-81558962B707}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{636E765D-F601-4434-95E3-EA7F449E6912}" = protocol=6 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{63E6DDD5-DF24-4277-B22E-EF744A6516A8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{65D26928-DBB0-4E15-BCC6-E007F284B925}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{69B34F51-06B3-416B-8219-A4A10B5C4805}" = protocol=17 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe |
"{6AE190C0-5FC9-4D94-AB08-A41EFB502696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{6B30B8D6-E6A8-48ED-891E-190E9420A830}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{6B390095-D23A-42C8-A42D-7D58CE2F9D53}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{6B3D1B0C-2982-4EC6-A0F9-4063D77A98CC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{6B8A43A4-2C83-4125-89BA-13ADE7341EC2}" = protocol=17 | dir=in | app=d:\pc spiele\fear\fear.exe |
"{6C59307C-9890-492E-8569-A4FCC4F3C202}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{6D39FA59-0F18-404B-BF67-6932BA53B884}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{6E8E2A86-5796-4529-A666-0CEA2C4CEDB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{716E9D8B-1810-431A-9B8E-B3661080BCA0}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{72FEEEAD-578B-46CE-8A9A-FEB86D175EFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{739CFEB8-9D58-4C4C-AB81-3682ACEAE42D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{753F0EA5-B71C-45BF-AD80-57EEA5472313}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{7B2ADEC2-7FC6-421B-8A2C-AC9D38A5CCE6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{7B86C298-BEA0-4888-AA0D-23C71CE4D5D0}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{8042BB3C-8AC9-4A71-86DD-70E0D936FDE8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{85EF2E3C-CBCE-4655-B0FC-F29C1896D550}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{88B4323A-EF28-45CD-A4CB-651A2552C875}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{8B61664C-D979-4CF3-BBC2-203E2637756C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{8FC66E8E-A274-4EC9-A4A0-04AF95BD1BB4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9A53DCAE-15B1-4150-8A4F-EE672109158A}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9C87FDF3-5A6E-4164-B5E0-63B9A95E7004}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{9D88428B-69BF-42C8-8D79-9B05033BBF7B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{A0BB3638-15AB-4369-8E6F-4845858BF637}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{A62DCED7-6A06-4A1F-9E22-5615A7012006}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{A983E2E2-1D7A-4D7A-BE58-049729767CA3}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{AA4C476A-15A8-4906-A87E-E030A932E2DD}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{AB183F35-3D12-433A-83F6-C12C91EBE51A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{ABD8BF7C-C9B7-4C6E-90CE-A0305605B9B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AC701468-614E-4C65-854D-78065A2F4622}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{B0888DBC-D0E4-4748-AB73-E0082E4FBD0B}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{B0BF9390-7BB5-465F-A2EF-6F3F68294987}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BB4C1A59-3668-4365-8890-CAF393219A91}" = protocol=6 | dir=in | app=d:\pc spiele\gears of war\binaries\wargame-g4wlive.exe |
"{BDD016F8-3150-4A59-A93B-212323926AEC}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{BED37DA5-CCC7-4127-9399-7C9540180E26}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C1CAEDF8-58A8-4EB1-A26D-0AF0F53F123F}" = protocol=17 | dir=in | app=d:\pc spiele\kane&lynch\kaneandlynch.exe |
"{C318C7B3-74B0-432F-8D18-56C555CBD326}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{C4A7F102-7ED7-4C5B-8A7A-1F882355E324}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{C6256626-0912-4990-98D4-697452CAB04F}" = protocol=17 | dir=in | app=d:\pc spiele\stalker\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C702B647-3647-4722-ABFE-7002B1C5A698}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C783260A-EA35-441C-936E-8C808C8A99C6}" = protocol=17 | dir=in | app=c:\program files\rapidsolution\rs audials one\tunebite\tunebitehelper.exe |
"{CE6C5139-02AB-420D-89DB-941D13902D42}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CF4F276E-9C8C-43FD-97A5-5307821F54FD}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{D351B421-BB61-46E0-A4F9-9B71E717A3D1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D39353BA-952A-4798-8D76-40B595920E04}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D3F60A33-9B6A-4598-BE63-A0D44A2594A1}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe |
"{D6C1A101-9FDF-4849-A2EC-D3B2B51E8D94}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D7261367-0EB4-4E9E-B03C-A5D7B459F59E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D84CEABD-9BD6-49DD-87B1-503474E37904}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{DF69DF74-ABBB-4F95-9B5C-997D55348E93}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{E874F2E9-0CA2-48DC-ACBC-2C3E76EFAC7D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{E99353F8-2131-483D-9BCA-C8E33D7FC3D7}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{EA0C4E70-E940-4814-83B2-AF6CE1E449DE}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{EAAA9DE9-7DA1-4583-8119-8AFAEC1CE63D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1196697833\ee\aolsoftware.exe |
"{ECA0D9FE-2F62-4C10-B25E-6B61704E9E16}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{EFD48411-205C-4ADD-85D4-B5D73E9AE19B}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{F1566BAF-C5BF-48EE-9E0A-CD71351E5E8C}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{F22A275C-3996-4B68-9DDD-C2F26D7DFE9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1196336032\ee\aolsoftware.exe |
"{F6F6DA57-BA61-4367-A504-BD3EC8D1351E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F95C589B-C1D3-4B77-ABE5-7D0ACE38B25C}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"{F9E0BBA9-9818-4CF7-9AD2-EC5AED7FEBCA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FC2FE601-4E44-402C-9888-4C80411F0066}" = protocol=6 | dir=in | app=d:\pc spiele\fear\fear.exe |
"{FD254CEB-12B4-48DF-8913-A99BFC0FFC8A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{FDE4CF68-1D98-4DB1-A7AF-E5B105519B83}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{FF58AE98-5FF4-4A9F-833D-377DC5180D4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"TCP Query User{01E31ECE-0085-4B72-B20E-3C12BA46A1D3}D:\pc spiele\fear\fpupdate.exe" = protocol=6 | dir=in | app=d:\pc spiele\fear\fpupdate.exe |
"TCP Query User{090D0BA8-B644-46E8-B74E-35784BCF3068}D:\vga\icq6.5\icq.exe" = protocol=6 | dir=in | app=d:\vga\icq6.5\icq.exe |
"TCP Query User{0EAD0715-7848-4603-83D5-DE6CFEEBEE14}D:\pc spiele\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\bin32\farcry.exe |
"TCP Query User{52D450CE-4B9D-4E90-A986-86982EAED7B3}D:\pc spiele\pes 2009\pes2009.exe" = protocol=6 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe |
"TCP Query User{65097D5C-FFF4-443F-995F-E057B360C2A3}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe |
"TCP Query User{6563F20A-CCAE-4AB5-8DD0-7237C40BB7B8}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe |
"TCP Query User{66F4EF41-2A1D-4EE7-9D04-98E9BB36BFF3}C:\test drive\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\test drive\testdriveunlimited.exe |
"TCP Query User{6AAA06DC-5610-4300-98F0-2E520A67F83D}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{766864EC-B6BC-473A-8ADF-4CF4D7E6815F}F:\kituri\torent\utorrent.exe" = protocol=6 | dir=in | app=f:\kituri\torent\utorrent.exe |
"TCP Query User{A96EACA2-B7DF-4C1E-B5ED-10E1F36A2997}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{AF5126A3-6396-4291-B79B-383482B04A98}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B681F4F1-30D2-49F3-B339-31AEF74E9CB8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C0149211-4F1B-48C9-A1D0-3DA71AA1933D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{C0DEF41C-1468-4075-AF47-2F77922CDDB5}D:\pc spiele\moh pacific\mohpa.exe" = protocol=6 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe |
"TCP Query User{D1FAAEBA-DBDA-4628-98DE-82C66E933EE1}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=6 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"TCP Query User{FCDA7CF5-EC7A-43AB-AD29-F4DB1D840FCF}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"TCP Query User{FD31CD66-4500-4512-9940-494900798374}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe |
"UDP Query User{0702EAAA-0508-42DA-98D5-B7C7B563D43E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{15DD011C-A065-471D-BDDD-5D35A57EBDC2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2C0B62B4-E381-46A7-A7B4-6FC42593CA0D}D:\pc spiele\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\far cry\bin32\farcry.exe |
"UDP Query User{2C65ABE8-612F-460C-A135-EEE620FF5ABD}D:\pc spiele\pes 2009\pes2009.exe" = protocol=17 | dir=in | app=d:\pc spiele\pes 2009\pes2009.exe |
"UDP Query User{2FD7310F-C0E3-459D-B3C2-53CC93AF577F}C:\program files\ubisoft\crytek\far cry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\crytek\far cry\bin32\farcry.exe |
"UDP Query User{38E638F3-6B24-4E67-A874-8BAAF264C253}C:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\inari187\team fortress 2\hl2.exe |
"UDP Query User{47064FD9-B422-4E91-97C5-BD3BB49BA6D1}D:\pc spiele\fear\fpupdate.exe" = protocol=17 | dir=in | app=d:\pc spiele\fear\fpupdate.exe |
"UDP Query User{5F61E3A3-3B58-4970-B30D-76A9B7CDAA47}D:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=d:\pc spiele\splinter cell\scda-offline\system\splintercell4.exe |
"UDP Query User{5FC7B76C-EB10-4538-8F6D-0F6EDE746A3B}C:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe" = protocol=17 | dir=in | app=c:\users\7\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe |
"UDP Query User{674093BC-7F76-4158-9613-C3A81B9DAF03}D:\pc spiele\moh pacific\mohpa.exe" = protocol=17 | dir=in | app=d:\pc spiele\moh pacific\mohpa.exe |
"UDP Query User{9A73F0A4-032C-43D6-8071-524596EA7742}D:\pc spiele\bin32\farcry.exe" = protocol=17 | dir=in | app=d:\pc spiele\bin32\farcry.exe |
"UDP Query User{A1D514EA-D8D6-4791-B34E-F19DA4098975}F:\kituri\torent\utorrent.exe" = protocol=17 | dir=in | app=f:\kituri\torent\utorrent.exe |
"UDP Query User{AC741147-98D3-4BF2-BAF9-654521B013FF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{BF14F94C-C984-4CCE-A5C1-AF5166303232}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D2C7E5D6-0501-46B1-8A68-B78B1139B176}C:\test drive\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\test drive\testdriveunlimited.exe |
"UDP Query User{E1968F26-2526-4A32-9EE1-A127430AC318}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EBFCE35B-F715-468C-B136-660C6718D8EF}D:\vga\icq6.5\icq.exe" = protocol=17 | dir=in | app=d:\vga\icq6.5\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.012.00
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{345CDDCB-8241-4E76-9D3B-155F2FD6F07E}" = Sony Ericsson PC Suite
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}" = Medal of Honor Pacific Assault(tm)
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}" = PixiePack Codec Pack
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = The Witcher Enhanced Edition - "Nebenwirkungen"
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE DVD
"{76D6737F-CF8D-4e9c-B3FE-1C65604804E1}" = FotoUp
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9639A939-076D-4fdc-8F0C-F9D531E0E2A6}" = W3FotoUp
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A66C4716-7E10-4A53-8101-00C3C11D6A9C}" = Kane and Lynch: Dead Men
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Sitecom Wireless Network USB Adapter Turbo G WL-172
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"2D96D7FEFC2FEFB9F9D638DA8C3C6ECD3BDF9531" = Windows-Treiberpaket - Atheros Communications Inc. (athrusb) Net (03/26/2008 2.2.0.15)
"3868648A8462AE872BD70533258F5196B59F7823" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187B) Net (09/04/2007 6.1102.0904.2007)
"58A20748E54772454ED3FD879ADF67B0F2F740AD" = Windows-Treiberpaket - Ralink (netr28u) Net (04/21/2008 2.01.06.0000)
"76ED8308D49DD425D85813FD8C2AFC6AA75D1099" = Windows-Treiberpaket - Ralink (rt70x86) Net (10/09/2007 3.01.00.0000)
"7-Zip" = 7-Zip 4.57
"93A6F6D028ABE440673A298C1022FF011EF69A50" = Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8187) Net (01/30/2007 6.1281.0130.2007)
"A4608AD9231CF116CF8816A4DF61FB9E497FBACA" = Windows-Treiberpaket - Ralink Technology, Corp. (netr28) Net (05/19/2008 2.00.06.0000)
"A7FCE32D22855DCF300C7415E453EFBE8549AC46" = Windows-Treiberpaket - Ralink (netr73) Net (02/26/2008 3.01.04.0000)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Premium
"C06E598F706862939966091EF919ACEB82037A3F" = Windows-Treiberpaket - Ralink Technology, Inc. (RT2500) Net (06/01/2006 3.02.00.0000)
"CCleaner" = CCleaner (remove only)
"Clickster161" = Clickster
"D63EA7FA1ED78B2B5396F0C16AD513F162102F14" = Windows-Treiberpaket - Ralink Technology Corp. (rt61x86) Net (09/28/2007 2.01.00.0000)
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v4.60
"facemoods" = facemoods
"Free Fire Screensaver" = Free Fire Screensaver
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"Grand Theft Auto IV Screenshot" = Grand Theft Auto IV Screenshot Screen Saver
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Matrix Code Emulator_is1" = Matrix Code Emulator 1.50
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Nano" = Nano 1.1.1
"NAVIGON Fresh" = NAVIGON Fresh 1.4.6
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer Basic
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SeaStorm 3D Screensaver" = SeaStorm 3D Screensaver (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3012
Description =
Error - 27.04.2011 11:03:26 | Computer Name = KIMI | Source = LoadPerf | ID = 3011
Description =
Error - 27.04.2011 11:10:47 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00310045, Prozess-ID 0xfd0, Anwendungsstartzeit
01cc04eb461ff6e8.
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4112
Description = Bei der Anforderung nach einer Resource des Betriebssystems trat ein
Fehler auf. Die Resource 'GAVID_SRV' wurde nicht zugewiesen. Der Grund hierfür könnte
zu wenig Hauptspeicher oder ein anderer Systemfehler sein. Fehlercode: 0x5
Error - 27.04.2011 15:22:28 | Computer Name = KIMI | Source = Avira AntiVir | ID = 4122
Description = Die Datei GAVID_SRV konnte nicht geladen werden. Fehlercode: 0x5
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 27.04.2011 15:23:02 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:02:36 | Computer Name = KIMI | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.04.2011 11:04:14 | Computer Name = KIMI | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 15.4.3508.1109, Zeitstempel
0x4cda7240, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000000, Prozess-ID 0xf9c, Anwendungsstartzeit
01cc05b5428dda90.
[ System Events ]
Error - 07.04.2011 16:04:09 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.04.2011 um 22:02:28 unerwartet heruntergefahren.
Error - 10.04.2011 04:20:15 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 16.04.2011 14:14:47 | Computer Name = KIMI | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.04.2011 um 20:13:11 unerwartet heruntergefahren.
Error - 20.04.2011 15:24:52 | Computer Name = KIMI | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{A276DE79-56F2-4C3D-9808-91BDD051C09A} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 23.04.2011 09:43:39 | Computer Name = KIMI | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =
Error - 23.04.2011 15:59:17 | Computer Name = KIMI | Source = Service Control Manager | ID = 7009
Description =
Error - 25.04.2011 03:24:40 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 03:32:52 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 04:00:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
Error - 25.04.2011 04:30:14 | Computer Name = KIMI | Source = Service Control Manager | ID = 7022
Description =
< End of report >
----------------------------------------------------------------------------------- OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 28.04.2011 17:42:08 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\7\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,29 Gb Total Space | 64,92 Gb Free Space | 44,99% Space Free | Partition Type: NTFS Drive D: | 144,04 Gb Total Space | 92,51 Gb Free Space | 64,23% Space Free | Partition Type: NTFS Computer Name: KIMI | User Name: 7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Users\7\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Logitech\QuickCam\Quickcam.exe () PRC - C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe () PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\7\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (gmer) -- C:\Windows\System32\drivers\gmer.sys (GMER) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI) DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI) DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*hxxp://de.search.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/7/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_498ebeee.pac" FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.28 13:50:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.25 16:34:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 16:34:39 | 000,000,000 | ---D | M] [2008.12.01 18:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Extensions [2011.04.26 17:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions [2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.25 21:38:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.04.26 17:14:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.25 10:19:08 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\ffxtlbr@Facemoods.com [2011.04.25 10:19:09 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\7\AppData\Roaming\mozilla\Firefox\Profiles\j0y8h3s8.default\extensions\gutscheinmieze@synatix-gmbh.de [2011.04.23 19:32:20 | 000,001,056 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\icqplugin.xml [2010.01.25 20:07:02 | 000,003,915 | ---- | M] () -- C:\Users\7\AppData\Roaming\Mozilla\Firefox\Profiles\j0y8h3s8.default\searchplugins\sweetim.xml [2011.04.25 16:34:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} File not found (No name found) -- [2010.04.11 19:16:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.27 20:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.10 10:48:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.25 18:16:54 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.10 10:09:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 22:53:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml [2010.11.22 20:43:34 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found. O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\7\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe () O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Programme\Xilisoft\Download YouTube Video\upod_link.HTM () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found O24 - Desktop WallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\7\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.28 17:12:16 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.28 17:03:20 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{16EB5C1E-DAC2-4587-826D-69894AC40C3E} [2011.04.27 21:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest [2011.04.27 16:57:38 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{501E7A4A-E1A5-4A3B-937C-C76EED02733E} [2011.04.26 19:10:30 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8BB93BEB-4B45-4B02-AE09-B0D37CE4EF35} [2011.04.26 17:12:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{66DB1119-8650-4A22-99A9-6A74E608241A} [2011.04.25 10:48:06 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Roaming\Malwarebytes [2011.04.25 10:47:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.25 10:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.25 10:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.25 10:47:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.25 10:47:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{39C73259-6ADD-456E-9B16-6594E9E662D8} [2011.04.24 10:06:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6608C630-1C30-47A7-A210-181D369EC1F6} [2011.04.23 21:59:23 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{FFA6E56B-78E6-42FC-A910-BA317800EA60} [2011.04.23 19:19:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{ED0C1408-14A3-402B-B500-63FBB58786D3} [2011.04.23 15:44:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7640FEA8-762E-4977-BFBF-155073DA73F3} [2011.04.22 09:35:05 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{49160889-ABD3-47B5-BFF1-11D96AE74F48} [2011.04.21 17:09:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{5A8DFD98-2E91-4FB6-90F5-3A3A281D1B5E} [2011.04.20 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C39F67C-7BE6-4724-9882-8184FA661881} [2011.04.19 17:01:21 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{A9242E20-77ED-4FAB-9B2F-B2F875559784} [2011.04.19 17:00:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{55D1AF0B-03FE-4E96-85BB-9D0C5FDB8262} [2011.04.18 14:30:50 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{B34016DD-8A7C-4FAE-9211-1AAA597F8249} [2011.04.17 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{97E4E3D2-0073-4E19-89EB-FDA32DF3B62D} [2011.04.16 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{C51E5897-08D9-4F5C-9635-3145D24FBBAE} [2011.04.15 17:07:56 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{DD97A9BC-A942-4F48-8898-494E5A862591} [2011.04.14 17:16:46 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{D82BC95B-8430-4559-A296-B5989B43BB9D} [2011.04.13 21:30:03 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.13 21:30:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.13 21:29:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.13 21:29:58 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.13 21:29:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.13 21:29:52 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.13 17:13:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{4F925A13-2B50-4306-B6E2-45C10D95F5AB} [2011.04.12 17:19:17 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{6442C79A-30A0-40F8-A8D6-92883DD808A5} [2011.04.11 21:46:57 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{147AB97D-BBF3-4083-AA91-69691C6C8667} [2011.04.11 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F7DEEE5A-811D-4403-9EE9-40480BA248F5} [2011.04.10 10:15:48 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F181078E-0662-44D0-B116-E511F89D028C} [2011.04.09 08:55:43 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{EB1E6DB1-475B-45B8-8E30-0E1C11AD5AEA} [2011.04.07 21:48:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.07 21:48:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.07 21:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.07 21:48:19 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.07 21:48:19 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.07 21:48:19 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.07 21:48:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.07 21:48:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.07 21:48:18 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.07 21:48:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.07 21:48:18 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.07 21:48:17 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.07 21:48:17 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.07 21:48:17 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.07 21:48:17 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.07 21:48:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.07 21:48:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.07 21:48:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.07 21:48:17 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.07 21:48:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.07 21:48:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.07 21:48:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.07 21:48:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.07 21:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.07 21:48:16 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.07 21:48:16 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.07 21:48:16 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.07 21:48:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.07 21:48:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.07 21:48:16 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.07 21:48:15 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.07 21:48:15 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.07 21:48:15 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.07 21:48:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.07 21:48:15 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.07 21:48:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.07 21:48:15 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.07 21:48:15 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.07 21:48:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2011.04.07 17:19:03 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{AE37ABB7-8E51-4EB5-B7C9-D6BF0462D71B} [2011.04.07 17:18:27 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{1AA7FFF1-CFE5-45FE-B44A-B54784232588} [2011.04.06 17:57:32 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{8C3D2F3B-94D1-48AF-AB94-CFA637DB736B} [2011.04.05 17:24:11 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E1C408E6-86CC-4F43-A999-E93C851AB0FD} [2011.04.04 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{81697491-542F-4C0E-A1A1-B81BCA4FC230} [2011.04.03 09:04:25 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{87E89821-5BFE-4AF1-A1E8-13D9EAC7D055} [2011.04.02 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7FB87039-6520-43C4-B908-ADEF4D2832BC} [2011.04.01 16:58:42 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{F76F653E-1196-4CF6-8DC9-D58EDC6C5D4B} [2011.03.31 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{E3F59802-CA46-4507-ACA9-B6AF9529669C} [2011.03.30 17:11:01 | 000,000,000 | ---D | C] -- C:\Users\7\AppData\Local\{7284C2D3-E83E-4578-B4CA-27EA0343E498} [2009.11.30 19:35:48 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7119.dll [2007.10.29 16:40:03 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007.07.26 11:29:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.28 17:05:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.28 17:04:31 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.04.28 17:01:58 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:01:55 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.28 17:01:51 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.04.28 17:01:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 17:03:30 | 020,142,370 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.27 17:03:30 | 006,595,066 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.27 17:03:30 | 006,461,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.27 17:03:30 | 005,836,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 19:43:49 | 000,000,784 | ---- | M] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk [2011.04.25 16:58:41 | 000,000,554 | ---- | M] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk [2011.04.25 16:34:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.25 10:47:35 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 09:29:21 | 000,000,392 | ---- | M] () -- C:\ProgramData\34594568 [2011.04.25 09:27:06 | 000,000,120 | ---- | M] () -- C:\ProgramData\~34594568 [2011.04.25 09:27:05 | 000,000,136 | ---- | M] () -- C:\ProgramData\~34594568r [2011.04.25 09:19:29 | 000,036,533 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.04.24 16:57:05 | 000,008,592 | ---- | M] () -- C:\Users\7\AppData\Local\d3d9caps.dat [2011.04.16 20:14:41 | 185,343,855 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.04.14 17:13:27 | 000,324,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.07 21:48:31 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat [2011.04.07 21:48:31 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat [2011.04.07 21:48:20 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2011.04.07 21:48:20 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.04.07 21:48:19 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.04.07 21:48:19 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2011.04.07 21:48:19 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2011.04.07 21:48:19 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2011.04.07 21:48:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2011.04.07 21:48:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2011.04.07 21:48:18 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.07 21:48:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2011.04.07 21:48:18 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2011.04.07 21:48:17 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2011.04.07 21:48:17 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2011.04.07 21:48:17 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.07 21:48:17 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2011.04.07 21:48:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.04.07 21:48:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2011.04.07 21:48:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2011.04.07 21:48:17 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2011.04.07 21:48:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2011.04.07 21:48:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2011.04.07 21:48:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2011.04.07 21:48:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2011.04.07 21:48:17 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2011.04.07 21:48:16 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.04.07 21:48:16 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.07 21:48:16 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.07 21:48:16 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll [2011.04.07 21:48:16 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2011.04.07 21:48:16 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll [2011.04.07 21:48:16 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2011.04.07 21:48:15 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.04.07 21:48:15 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.07 21:48:15 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll [2011.04.07 21:48:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll [2011.04.07 21:48:15 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.07 21:48:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2011.04.07 21:48:15 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2011.04.07 21:48:15 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2011.04.07 21:48:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.26 19:43:49 | 000,000,784 | ---- | C] () -- C:\Users\7\Desktop\OTL - Verknüpfung.lnk [2011.04.25 16:58:41 | 000,000,554 | ---- | C] () -- C:\Users\7\Desktop\unhide - Verknüpfung.lnk [2011.04.25 16:34:44 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.25 16:34:44 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.04.25 10:47:35 | 000,000,928 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.25 09:27:05 | 000,000,136 | ---- | C] () -- C:\ProgramData\~34594568r [2011.04.25 09:27:05 | 000,000,120 | ---- | C] () -- C:\ProgramData\~34594568 [2011.04.25 09:26:42 | 000,000,392 | ---- | C] () -- C:\ProgramData\34594568 [2011.04.07 21:48:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2010.07.28 13:49:41 | 000,023,657 | ---- | C] () -- C:\Windows\hpqins15.dat [2010.07.15 15:56:34 | 000,000,280 | ---- | C] () -- C:\Windows\game.ini [2009.12.29 21:23:32 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2009.12.03 10:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.08.26 18:03:16 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.08.26 18:01:11 | 000,036,533 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.08.26 15:40:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.26 15:40:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.07.10 20:15:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009.01.12 19:14:17 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2008.12.16 22:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2008.12.16 22:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll [2008.10.08 10:57:49 | 000,000,464 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.ini [2008.10.08 10:57:49 | 000,000,000 | ---- | C] () -- C:\Users\7\AppData\Roaming\Patch-Master.exe.dat [2008.08.14 13:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.03 11:49:41 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll [2008.07.03 11:49:41 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll [2008.05.20 07:57:30 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll [2008.02.27 11:30:18 | 000,000,022 | ---- | C] () -- C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631 [2008.02.15 17:07:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008.02.07 21:50:15 | 000,585,791 | ---- | C] () -- C:\Windows\gmer.dll [2008.02.07 21:50:15 | 000,581,632 | ---- | C] () -- C:\Windows\gmer.exe [2008.02.07 21:50:15 | 000,000,250 | ---- | C] () -- C:\Windows\gmer.ini [2008.01.08 17:28:47 | 000,048,640 | ---- | C] () -- C:\Windows\AKDeInstall.exe [2008.01.02 19:25:41 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.01.02 19:25:39 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2007.12.20 14:50:52 | 000,640,957 | ---- | C] () -- C:\Windows\unins000.exe [2007.12.20 14:50:52 | 000,000,789 | ---- | C] () -- C:\Windows\unins000.dat [2007.12.14 12:32:52 | 000,012,632 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2007.12.14 10:37:32 | 000,008,592 | ---- | C] () -- C:\Users\7\AppData\Local\d3d9caps.dat [2007.12.13 21:56:50 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.12.08 20:53:41 | 000,000,216 | ---- | C] () -- C:\Windows\Ulead32.ini [2007.12.06 14:28:21 | 000,035,840 | ---- | C] () -- C:\Users\7\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.12.05 19:58:32 | 000,000,089 | ---- | C] () -- C:\Users\7\AppData\Local\fusioncache.dat [2007.11.29 15:15:33 | 000,166,995 | ---- | C] () -- C:\Windows\hpoins21.dat [2007.11.29 15:15:33 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat [2007.11.28 13:13:38 | 000,000,819 | ---- | C] () -- C:\Windows\aolback.exe.lnk [2007.11.28 13:11:43 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat [2007.11.23 10:57:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2007.11.23 10:57:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2007.11.20 21:44:18 | 000,001,650 | ---- | C] () -- C:\Users\7\AppData\Roaming\wklnhst.dat [2007.11.19 23:08:06 | 000,000,022 | ---- | C] () -- C:\Windows\msoffice.ini [2007.10.29 16:42:18 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2007.10.29 16:42:18 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2007.10.29 16:40:03 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2007.08.23 18:30:00 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2007.07.26 21:28:01 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.26 19:31:59 | 000,000,742 | ---- | C] () -- C:\Windows\generic.ini [2007.07.26 19:31:59 | 000,000,128 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.07.26 19:31:56 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll [2007.07.26 11:29:30 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin [2006.11.02 17:33:31 | 020,142,370 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 006,461,834 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,324,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 006,595,066 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 005,836,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll [2005.01.25 16:15:42 | 000,010,240 | R--- | C] () -- C:\Windows\System32\PA207USD.DLL [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Bioshock [2007.11.21 10:37:03 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\eSobi [2009.02.09 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\GlarySoft [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\gtk-2.0 [2010.11.17 22:04:40 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Guitar Pro 6 [2011.04.25 10:19:07 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Gutscheinmieze [2011.02.04 19:18:24 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ICQ [2008.08.19 13:19:53 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Leadertech [2010.05.11 08:39:28 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Lexware [2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\ProtectDisc [2011.04.25 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Stellarium [2007.12.05 19:56:08 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\T-Online [2008.06.01 16:09:14 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Teleca [2007.11.20 21:44:32 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Template [2009.11.22 12:11:10 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tobit [2009.02.08 13:15:59 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Tunebite [2007.12.08 21:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Ulead Systems [2008.12.15 16:14:20 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\uTorrent [2008.12.01 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Windows-Optimierer [2008.04.09 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\7\AppData\Roaming\Xilisoft Corporation [2011.04.27 22:12:54 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Gruß |
|
| Themen zu Windows Recovery Malware |
| anti-malware, appdata, dateien, desktop, entfernt, explorer, heute, infizierte, install, malwar, malware, malwarebytes, microsoft, recovery, richtig, roaming, scan, service, software, start, start menu, temp, trojan.fakealert, trojaner, version, windows, wirklich |
Hybrid-Darstellung
