![]() |
Log-Analyse und Auswertung: Firefox öffnet WerbeseitenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Firefox öffnet Werbeseiten Huhu. Mein Firefox öffnet seit heute wenn ich z.B bei Google auf Suchergebnisse gehe statt der gewünschten Seite iwelche Werbeseiten. mein hijack log findet ihr hoffentlich im anhang wenn das so funktioniert wie ich es will ![]() hoffe jemand kann mir helfen, da das problem wirklich sehr nervig ist ![]() lg gele |
![]() | #2 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Firefox öffnet Werbeseiten![]() Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Schritt # 1: Registry mit ERUNT absichern Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern: Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen. Schritt # 2: TDSS Killer ausführen Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM) Downloade Dir bitte Malwarebytes' Anti-Malware
Schritt # 4: ComboFix ausführen Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
![]() Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen: ![]() Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. Schritt # 5: Benutzerdefinierter Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %PROGRAMFILES%\*. %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s /md5start explorer.exe regedit.exe winlogon.exe wininit.exe userinit.exe /md5stop HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT
Schritt # 6: Fragen beantworten Bitte beantworte mir folgende Fragen:
Schritt # 7: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
![]() | #3 |
| ![]() Firefox öffnet Werbeseiten OTL.txt :OTL Logfile:
ATTFilter OTL logfile created on: 18.05.2011 21:39:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Maxl\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32 Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.10.12 17:35:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.06.30 16:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.05.07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (SafeList) ========== MOD - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.23 07:57:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.29 21:47:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.09.30 17:41:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.03.25 13:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.03.25 13:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.03.25 13:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.07.03 09:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 20:12:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 18:30:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.09 18:54:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions [2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.18 19:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Firefox\Profiles\yur1shno.default\extensions [2010.07.19 22:19:39 | 000,002,057 | ---- | M] () -- C:\Users\Maxl\AppData\Roaming\Mozilla\Firefox\Profiles\yur1shno.default\searchplugins\youtube-videosuche.xml [2011.05.08 19:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.08 19:53:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.19 20:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.04.19 20:12:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File not found (No name found) -- [2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.01.01 10:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.07.07 01:54:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.19 16:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.25 23:13:22 | 000,002,048 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml [2011.05.02 21:31:48 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchost.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.18 21:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Maxl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.18 21:38:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.18 21:38:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.18 21:19:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.18 21:19:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.18 21:19:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.18 21:19:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.18 21:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.18 21:19:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.18 21:08:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.18 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.18 21:08:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo [2011.05.14 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Media Player Classic [2011.05.09 18:55:18 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\Thunderbird [2011.05.09 18:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2011.05.09 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Profiles [2011.05.09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Avira [2011.05.09 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.09 18:46:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.09 18:46:20 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.09 18:46:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.09 18:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.08 21:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.08 16:22:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\5xtxf0dx.default [2011.05.02 21:31:41 | 000,000,000 | ---D | C] -- C:\Programme\Movie Subtitles Searcher [2011.04.29 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Square Enix [2011.04.29 18:46:56 | 000,000,000 | ---D | C] -- C:\Programme\SQUARE ENIX - Eidos Interactive [2011.04.28 00:28:43 | 000,000,000 | ---D | C] -- C:\dreamloaddata [2011.04.28 00:28:01 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dreamload [2011.04.28 00:27:58 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\dreamload [2011.04.28 00:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Dreamload LLC [2011.04.27 16:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2011.04.27 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2011.04.27 15:40:12 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2011.04.27 15:40:12 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2011.04.27 15:40:11 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL [2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\BRS [2011.04.27 15:40:10 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.04.27 15:35:56 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.04.27 15:35:55 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.04.27 15:35:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.04.27 15:35:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.04.27 15:35:53 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.04.27 15:35:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.04.27 15:35:51 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.04.27 15:35:48 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.04.27 15:31:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.04.27 15:31:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.04.27 15:31:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.04.27 15:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.04.27 15:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters [2011.04.27 03:18:59 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar [2011.04.27 02:03:59 | 000,000,000 | ---D | C] -- C:\Programme\m-r-software [2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Aerosoft [2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft [2011.04.27 00:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Simulator [2011.04.27 00:05:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\wcs [2011.04.26 01:37:41 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\SKIDROW [2011.04.26 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.04.26 01:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Valve [2011.04.25 23:12:23 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.04.25 23:08:37 | 000,000,000 | ---D | C] -- C:\Downloads [2011.04.25 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft [2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Xilisoft [2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft [2011.04.23 18:46:42 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2011.04.22 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\PunkBuster [2011.04.20 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\gemeindefest [2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll [2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [2011.02.06 16:50:33 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2010.06.12 17:00:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.06.12 17:00:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2010.06.12 17:00:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2010.06.12 17:00:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.18 21:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.18 21:18:44 | 004,351,251 | R--- | M] () -- C:\Users\Maxl\Desktop\ComboFix.exe [2011.05.18 21:17:48 | 003,650,622 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.18 21:17:48 | 001,502,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.18 21:17:48 | 001,090,310 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.18 21:17:48 | 000,983,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.18 21:11:26 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.18 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.18 21:11:14 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2011.05.18 21:08:30 | 000,000,718 | ---- | M] () -- C:\Users\Maxl\Desktop\ERUNT.lnk [2011.05.18 20:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.18 19:49:45 | 000,000,680 | ---- | M] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat [2011.05.18 18:51:20 | 000,008,470 | ---- | M] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt [2011.05.15 16:51:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.05.14 16:29:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.14 16:18:20 | 000,031,744 | ---- | M] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.12 00:17:20 | 000,023,616 | ---- | M] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg [2011.05.09 19:15:21 | 020,533,281 | ---- | M] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe [2011.05.09 18:54:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.05.09 18:46:26 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 21:47:16 | 000,260,848 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg [2011.05.01 21:47:09 | 000,000,100 | -H-- | M] () -- C:\Users\Maxl\Documents\.picasa.ini [2011.04.30 11:24:47 | 000,706,486 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00090.JPG [2011.04.30 01:25:24 | 001,302,341 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00047.JPG [2011.04.29 23:10:33 | 000,026,080 | ---- | M] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg [2011.04.29 23:02:41 | 001,261,041 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088.JPG [2011.04.28 00:28:01 | 000,000,878 | ---- | M] () -- C:\Users\Maxl\Desktop\Dreamload.lnk [2011.04.27 15:40:11 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.04.27 15:40:10 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.04.26 17:21:11 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.04.26 01:34:32 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.25 21:18:42 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2011.04.25 21:18:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk [2011.04.25 20:21:15 | 000,001,882 | ---- | M] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk [2011.04.19 20:12:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.18 21:19:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.18 21:19:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.18 21:19:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.18 21:19:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.18 21:19:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.18 21:18:37 | 004,351,251 | R--- | C] () -- C:\Users\Maxl\Desktop\ComboFix.exe [2011.05.18 21:08:30 | 000,000,718 | ---- | C] () -- C:\Users\Maxl\Desktop\ERUNT.lnk [2011.05.18 20:01:13 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys [2011.05.18 18:49:28 | 000,008,470 | ---- | C] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt [2011.05.12 00:17:20 | 000,023,616 | ---- | C] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg [2011.05.09 19:15:08 | 020,533,281 | ---- | C] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe [2011.05.09 18:46:26 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 21:47:16 | 000,260,848 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg [2011.05.01 21:47:09 | 000,000,100 | -H-- | C] () -- C:\Users\Maxl\Documents\.picasa.ini [2011.04.30 11:24:25 | 000,706,486 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00090.JPG [2011.04.30 01:24:47 | 001,302,341 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00047.JPG [2011.04.29 23:10:32 | 000,026,080 | ---- | C] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg [2011.04.29 23:02:05 | 001,261,041 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088.JPG [2011.04.28 00:28:01 | 000,000,878 | ---- | C] () -- C:\Users\Maxl\Desktop\Dreamload.lnk [2011.04.26 01:34:32 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.25 23:12:35 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.04.25 23:12:35 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.04.25 23:12:35 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.04.25 21:18:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.04.25 21:18:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk [2011.04.25 20:21:15 | 000,001,882 | ---- | C] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk [2011.04.22 18:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.04.22 18:37:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.04.19 20:12:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.12 19:45:48 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.08 22:17:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.02.06 16:50:44 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2011.02.06 16:50:44 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2011.02.06 16:50:37 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2011.02.06 16:50:33 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2010.12.29 14:56:29 | 000,148,811 | ---- | C] () -- C:\Windows\hppins20.dat [2010.12.29 14:56:21 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat [2010.10.08 15:06:01 | 000,000,680 | ---- | C] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat [2010.06.12 17:00:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.06.12 17:00:44 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.06.12 17:00:43 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.05.30 13:29:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.30 13:29:33 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.30 13:29:33 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.30 13:29:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.05.24 14:17:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.24 14:17:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.23 17:52:43 | 000,031,744 | ---- | C] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.08.04 15:16:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.08.04 15:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.04 12:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.01.21 09:15:58 | 003,650,622 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 001,090,310 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.01.23 14:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,358,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,502,722 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,983,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.18 21:38:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.02.13 17:26:59 | 000,000,000 | ---D | M] -- C:\BDS [2008.08.04 11:38:08 | 000,000,000 | ---D | M] -- C:\Boot [2011.04.12 19:52:16 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\ComboFix [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.12 01:28:50 | 000,000,000 | ---D | M] -- C:\Downloads [2011.04.28 00:28:43 | 000,000,000 | ---D | M] -- C:\dreamloaddata [2011.04.29 16:28:33 | 000,000,000 | ---D | M] -- C:\Games [2011.05.07 12:12:16 | 000,000,000 | ---D | M] -- C:\Movies [2008.08.04 13:59:13 | 000,000,000 | R--D | M] -- C:\MSOCache [2011.04.19 20:32:53 | 000,000,000 | ---D | M] -- C:\Musik [2010.05.24 13:36:39 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.05.18 21:08:29 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.07 01:50:04 | 000,000,000 | ---D | M] -- C:\Programs [2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.18 21:40:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Temp [2010.05.23 17:45:16 | 000,000,000 | R--D | M] -- C:\Users [2011.05.18 21:38:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2011.05.18 20:00:16 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip [2008.08.04 14:07:43 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites [2008.08.04 12:58:44 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2011.04.27 02:03:58 | 000,000,000 | ---D | M] -- C:\Programme\Aerosoft [2011.04.10 11:28:31 | 000,000,000 | ---D | M] -- C:\Programme\AMD [2010.05.30 13:23:16 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update [2010.10.04 19:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Avidemux 2.5 [2011.05.09 18:46:20 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2011.03.20 14:34:50 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent [2011.04.27 15:40:13 | 000,000,000 | ---D | M] -- C:\Programme\BRS [2008.08.08 15:18:33 | 000,000,000 | ---D | M] -- C:\Programme\Buhl [2011.04.29 16:53:06 | 000,000,000 | ---D | M] -- C:\Programme\Codemasters [2010.05.31 00:32:27 | 000,000,000 | ---D | M] -- C:\Programme\ColdCut [2011.05.18 21:29:39 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2010.09.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Programme\ConvertHelper [2010.10.04 19:26:05 | 000,000,000 | ---D | M] -- C:\Programme\CutAssistant [2010.09.30 17:41:16 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite [2008.08.08 15:17:49 | 000,000,000 | ---D | M] -- C:\Programme\DataDesign [2010.09.13 01:08:59 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2010.12.11 02:47:51 | 000,000,000 | ---D | M] -- C:\Programme\DRAGON [2010.12.25 16:28:02 | 000,000,000 | ---D | M] -- C:\Programme\Dream MKV Converter [2011.04.28 00:30:05 | 000,000,000 | ---D | M] -- C:\Programme\Dreamload LLC [2011.04.12 19:45:39 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes [2010.11.21 15:38:36 | 000,000,000 | ---D | M] -- C:\Programme\Emsisoft Anti-Malware [2010.11.13 12:20:37 | 000,000,000 | ---D | M] -- C:\Programme\Emulator [2011.05.18 21:08:33 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2010.09.26 01:42:40 | 000,000,000 | ---D | M] -- C:\Programme\Google [2011.01.10 19:07:38 | 000,000,000 | ---D | M] -- C:\Programme\GoogleEULA [2011.04.16 13:48:24 | 000,000,000 | ---D | M] -- C:\Programme\GrabIt [2010.12.25 16:20:10 | 000,000,000 | ---D | M] -- C:\Programme\HamsterSoft [2010.12.29 15:08:38 | 000,000,000 | ---D | M] -- C:\Programme\HP [2011.03.29 13:18:36 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.1 [2011.04.05 19:14:42 | 000,000,000 | ---D | M] -- C:\Programme\IDM [2011.04.27 02:03:58 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2008.08.04 12:21:48 | 000,000,000 | ---D | M] -- C:\Programme\Intel [2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2011.05.08 19:53:40 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.04.25 23:14:34 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader [2011.02.03 13:01:49 | 000,000,000 | ---D | M] -- C:\Programme\JEdit [2010.05.30 13:29:59 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack [2011.03.24 16:19:52 | 000,000,000 | ---D | M] -- C:\Programme\Left 4 Dead 2 [2008.08.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Programme\LetsTrade [2010.11.17 17:48:53 | 000,000,000 | ---D | M] -- C:\Programme\Logitech [2011.03.29 13:17:07 | 000,000,000 | ---D | M] -- C:\Programme\LogMeIn Hamachi [2011.04.05 19:11:18 | 000,000,000 | ---D | M] -- C:\Programme\Longman [2011.04.25 23:57:40 | 000,000,000 | ---D | M] -- C:\Programme\LucasArts [2011.04.27 03:01:54 | 000,000,000 | ---D | M] -- C:\Programme\m-r-software [2011.05.18 20:37:28 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.24 14:16:58 | 000,000,000 | ---D | M] -- C:\Programme\MarkAny [2010.05.24 04:31:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2011.04.27 15:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games for Windows - LIVE [2008.08.04 14:00:28 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2011.04.29 21:40:11 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2008.08.04 14:00:31 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2008.08.04 14:00:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.10.09 12:13:11 | 000,000,000 | ---D | M] -- C:\Programme\MixVibesHOME7DEMO [2010.11.01 12:35:18 | 000,000,000 | ---D | M] -- C:\Programme\MobMapUpdater [2008.01.21 04:35:17 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.05.09 18:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Movie Subtitles Searcher [2011.05.18 20:38:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2011.05.09 18:54:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Thunderbird [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2008.08.04 14:08:38 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2008.08.04 13:30:45 | 000,000,000 | ---D | M] -- C:\Programme\Nero [2011.04.17 10:52:33 | 000,000,000 | ---D | M] -- C:\Programme\NewsLeecher [2010.09.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Programme\NVIDIA Corporation [2011.04.27 15:40:11 | 000,000,000 | ---D | M] -- C:\Programme\OpenAL [2010.07.11 14:18:34 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Orbitdownloader [2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\Programme\Pando Networks [2010.07.09 13:37:55 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET [2010.12.10 15:16:46 | 000,000,000 | ---D | M] -- C:\Programme\PopCap Games [2011.04.27 03:17:46 | 000,000,000 | ---D | M] -- C:\Programme\QuickPar [2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2010.10.12 17:35:29 | 000,000,000 | ---D | M] -- C:\Programme\Real [2008.08.04 12:07:59 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.05.24 14:17:58 | 000,000,000 | ---D | M] -- C:\Programme\Samsung [2011.02.08 22:11:11 | 000,000,000 | R--D | M] -- C:\Programme\Skype [2011.04.12 19:47:31 | 000,000,000 | ---D | M] -- C:\Programme\SlySoft [2010.10.09 11:41:40 | 000,000,000 | ---D | M] -- C:\Programme\SpacialAudio [2011.04.29 18:46:56 | 000,000,000 | ---D | M] -- C:\Programme\SQUARE ENIX - Eidos Interactive [2011.05.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Programme\Steam [2011.04.23 18:46:42 | 000,000,000 | ---D | M] -- C:\Programme\SystemRequirementsLab [2010.06.13 15:52:08 | 000,000,000 | ---D | M] -- C:\Programme\Teamspeak2_RC2 [2011.02.27 15:56:01 | 000,000,000 | ---D | M] -- C:\Programme\TmNationsForever [2010.12.29 21:47:51 | 000,000,000 | ---D | M] -- C:\Programme\TrueCrypt [2011.04.22 18:22:11 | 000,000,000 | ---D | M] -- C:\Programme\Ubisoft [2008.08.04 13:07:14 | 000,000,000 | ---D | M] -- C:\Programme\Ulead Systems [2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2011.04.26 01:11:08 | 000,000,000 | ---D | M] -- C:\Programme\Valve [2010.05.24 15:28:17 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN [2010.10.09 12:05:50 | 000,000,000 | ---D | M] -- C:\Programme\VirtualDJ [2011.05.11 16:34:34 | 000,000,000 | ---D | M] -- C:\Programme\Webcam Simulator [2010.09.06 14:47:50 | 000,000,000 | ---D | M] -- C:\Programme\Winamp [2010.05.23 17:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Winamp Detect [2008.01.21 04:35:18 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2008.01.21 04:35:09 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal [2010.05.24 04:31:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2010.05.24 04:30:52 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2008.08.13 09:16:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2010.05.23 17:41:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2008.08.08 15:07:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2010.05.23 20:56:40 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR [2011.04.18 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\World of Warcraft [2011.04.25 20:20:44 | 000,000,000 | ---D | M] -- C:\Programme\Xilisoft < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\ERDNT\cache\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Geändert von Gelendil (18.05.2011 um 20:46 Uhr) |
![]() | #4 |
| ![]() Firefox öffnet Werbeseiten OTL.txt :OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.05.2011 21:39:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Maxl\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32 Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2010.10.12 17:35:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.06.30 16:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.05.07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (SafeList) ========== MOD - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.23 07:57:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.12.29 21:47:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.09.30 17:41:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.03.25 13:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2010.03.25 13:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2010.03.25 13:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.07.03 09:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 20:12:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 18:30:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.09 18:54:49 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions [2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.18 19:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Firefox\Profiles\yur1shno.default\extensions [2010.07.19 22:19:39 | 000,002,057 | ---- | M] () -- C:\Users\Maxl\AppData\Roaming\Mozilla\Firefox\Profiles\yur1shno.default\searchplugins\youtube-videosuche.xml [2011.05.08 19:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.05.08 19:53:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.19 20:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2011.04.19 20:12:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} File not found (No name found) -- [2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.01.01 10:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.07.07 01:54:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.05.19 16:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.04.25 23:13:22 | 000,002,048 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml [2011.05.02 21:31:48 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchost.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.05.18 21:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Maxl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe () MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.18 21:38:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.05.18 21:38:18 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.05.18 21:19:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011.05.18 21:19:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011.05.18 21:19:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011.05.18 21:19:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2011.05.18 21:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox [2011.05.18 21:19:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011.05.18 21:08:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.05.18 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.05.18 21:08:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo [2011.05.14 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Media Player Classic [2011.05.09 18:55:18 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\Thunderbird [2011.05.09 18:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2011.05.09 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Profiles [2011.05.09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Avira [2011.05.09 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.05.09 18:46:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.05.09 18:46:20 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.05.09 18:46:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.05.09 18:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.05.08 21:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.05.08 16:22:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\5xtxf0dx.default [2011.05.02 21:31:41 | 000,000,000 | ---D | C] -- C:\Programme\Movie Subtitles Searcher [2011.04.29 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Square Enix [2011.04.29 18:46:56 | 000,000,000 | ---D | C] -- C:\Programme\SQUARE ENIX - Eidos Interactive [2011.04.28 00:28:43 | 000,000,000 | ---D | C] -- C:\dreamloaddata [2011.04.28 00:28:01 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dreamload [2011.04.28 00:27:58 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\dreamload [2011.04.28 00:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Dreamload LLC [2011.04.27 16:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters [2011.04.27 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound [2011.04.27 15:40:12 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll [2011.04.27 15:40:12 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll [2011.04.27 15:40:11 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL [2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\BRS [2011.04.27 15:40:10 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.04.27 15:35:56 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2011.04.27 15:35:55 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2011.04.27 15:35:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2011.04.27 15:35:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl [2011.04.27 15:35:53 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2011.04.27 15:35:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2011.04.27 15:35:51 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll [2011.04.27 15:35:48 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2011.04.27 15:31:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2011.04.27 15:31:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2011.04.27 15:31:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2011.04.27 15:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE [2011.04.27 15:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters [2011.04.27 03:18:59 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar [2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar [2011.04.27 02:03:59 | 000,000,000 | ---D | C] -- C:\Programme\m-r-software [2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Aerosoft [2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft [2011.04.27 00:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Simulator [2011.04.27 00:05:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\wcs [2011.04.26 01:37:41 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\SKIDROW [2011.04.26 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.04.26 01:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Valve [2011.04.25 23:12:23 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.04.25 23:08:37 | 000,000,000 | ---D | C] -- C:\Downloads [2011.04.25 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft [2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Xilisoft [2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft [2011.04.23 18:46:42 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab [2011.04.22 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\PunkBuster [2011.04.20 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\gemeindefest [2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll [2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll [2011.02.06 16:50:33 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll [2010.06.12 17:00:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010.06.12 17:00:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2010.06.12 17:00:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2010.06.12 17:00:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.18 21:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.05.18 21:18:44 | 004,351,251 | R--- | M] () -- C:\Users\Maxl\Desktop\ComboFix.exe [2011.05.18 21:17:48 | 003,650,622 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.18 21:17:48 | 001,502,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.18 21:17:48 | 001,090,310 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.18 21:17:48 | 000,983,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.05.18 21:11:26 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.18 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.18 21:11:14 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2011.05.18 21:08:30 | 000,000,718 | ---- | M] () -- C:\Users\Maxl\Desktop\ERUNT.lnk [2011.05.18 20:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.18 19:49:45 | 000,000,680 | ---- | M] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat [2011.05.18 18:51:20 | 000,008,470 | ---- | M] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt [2011.05.15 16:51:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011.05.14 16:29:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2011.05.14 16:18:20 | 000,031,744 | ---- | M] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.12 00:17:20 | 000,023,616 | ---- | M] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg [2011.05.09 19:15:21 | 020,533,281 | ---- | M] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe [2011.05.09 18:54:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2011.05.09 18:46:26 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 21:47:16 | 000,260,848 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg [2011.05.01 21:47:09 | 000,000,100 | -H-- | M] () -- C:\Users\Maxl\Documents\.picasa.ini [2011.04.30 11:24:47 | 000,706,486 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00090.JPG [2011.04.30 01:25:24 | 001,302,341 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00047.JPG [2011.04.29 23:10:33 | 000,026,080 | ---- | M] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg [2011.04.29 23:02:41 | 001,261,041 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088.JPG [2011.04.28 00:28:01 | 000,000,878 | ---- | M] () -- C:\Users\Maxl\Desktop\Dreamload.lnk [2011.04.27 15:40:11 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll [2011.04.27 15:40:10 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll [2011.04.26 17:21:11 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.04.26 01:34:32 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.25 21:18:42 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll [2011.04.25 21:18:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk [2011.04.25 20:21:15 | 000,001,882 | ---- | M] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk [2011.04.19 20:12:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.18 21:19:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011.05.18 21:19:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011.05.18 21:19:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011.05.18 21:19:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011.05.18 21:19:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.05.18 21:18:37 | 004,351,251 | R--- | C] () -- C:\Users\Maxl\Desktop\ComboFix.exe [2011.05.18 21:08:30 | 000,000,718 | ---- | C] () -- C:\Users\Maxl\Desktop\ERUNT.lnk [2011.05.18 20:01:13 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys [2011.05.18 18:49:28 | 000,008,470 | ---- | C] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt [2011.05.12 00:17:20 | 000,023,616 | ---- | C] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg [2011.05.09 19:15:08 | 020,533,281 | ---- | C] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe [2011.05.09 18:46:26 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2011.05.01 21:47:16 | 000,260,848 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg [2011.05.01 21:47:09 | 000,000,100 | -H-- | C] () -- C:\Users\Maxl\Documents\.picasa.ini [2011.04.30 11:24:25 | 000,706,486 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00090.JPG [2011.04.30 01:24:47 | 001,302,341 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00047.JPG [2011.04.29 23:10:32 | 000,026,080 | ---- | C] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg [2011.04.29 23:02:05 | 001,261,041 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088.JPG [2011.04.28 00:28:01 | 000,000,878 | ---- | C] () -- C:\Users\Maxl\Desktop\Dreamload.lnk [2011.04.26 01:34:32 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk [2011.04.25 23:12:35 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.04.25 23:12:35 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.04.25 23:12:35 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.04.25 21:18:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.04.25 21:18:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk [2011.04.25 20:21:15 | 000,001,882 | ---- | C] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk [2011.04.22 18:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.04.22 18:37:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.04.19 20:12:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.12 19:45:48 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.08 22:17:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.02.06 16:50:44 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe [2011.02.06 16:50:44 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2011.02.06 16:50:37 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys [2011.02.06 16:50:33 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe [2010.12.29 14:56:29 | 000,148,811 | ---- | C] () -- C:\Windows\hppins20.dat [2010.12.29 14:56:21 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat [2010.10.08 15:06:01 | 000,000,680 | ---- | C] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat [2010.06.12 17:00:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2010.06.12 17:00:44 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2010.06.12 17:00:43 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010.05.30 13:29:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.30 13:29:33 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.05.30 13:29:33 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.05.30 13:29:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.05.24 14:17:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.24 14:17:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.05.23 17:52:43 | 000,031,744 | ---- | C] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.08.04 15:16:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.08.04 15:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.08.04 12:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2008.01.21 09:15:58 | 003,650,622 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 001,090,310 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.01.23 14:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,358,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 001,502,722 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,983,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.05.18 21:38:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.02.13 17:26:59 | 000,000,000 | ---D | M] -- C:\BDS [2008.08.04 11:38:08 | 000,000,000 | ---D | M] -- C:\Boot [2011.04.12 19:52:16 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\ComboFix [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.05.12 01:28:50 | 000,000,000 | ---D | M] -- C:\Downloads [2011.04.28 00:28:43 | 000,000,000 | ---D | M] -- C:\dreamloaddata [2011.04.29 16:28:33 | 000,000,000 | ---D | M] -- C:\Games [2011.05.07 12:12:16 | 000,000,000 | ---D | M] -- C:\Movies [2008.08.04 13:59:13 | 000,000,000 | R--D | M] -- C:\MSOCache [2011.04.19 20:32:53 | 000,000,000 | ---D | M] -- C:\Musik [2010.05.24 13:36:39 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.05.18 21:08:29 | 000,000,000 | R--D | M] -- C:\Programme [2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme [2010.07.07 01:50:04 | 000,000,000 | ---D | M] -- C:\Programs [2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.05.18 21:40:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.11.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Temp [2010.05.23 17:45:16 | 000,000,000 | R--D | M] -- C:\Users [2011.05.18 21:38:18 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %PROGRAMFILES%\*. > [2011.05.18 20:00:16 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip [2008.08.04 14:07:43 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites [2008.08.04 12:58:44 | 000,000,000 | ---D | M] -- C:\Programme\Adobe [2011.04.27 02:03:58 | 000,000,000 | ---D | M] -- C:\Programme\Aerosoft [2011.04.10 11:28:31 | 000,000,000 | ---D | M] -- C:\Programme\AMD [2010.05.30 13:23:16 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update [2010.10.04 19:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Avidemux 2.5 [2011.05.09 18:46:20 | 000,000,000 | ---D | M] -- C:\Programme\Avira [2011.03.20 14:34:50 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent [2011.04.27 15:40:13 | 000,000,000 | ---D | M] -- C:\Programme\BRS [2008.08.08 15:18:33 | 000,000,000 | ---D | M] -- C:\Programme\Buhl [2011.04.29 16:53:06 | 000,000,000 | ---D | M] -- C:\Programme\Codemasters [2010.05.31 00:32:27 | 000,000,000 | ---D | M] -- C:\Programme\ColdCut [2011.05.18 21:29:39 | 000,000,000 | ---D | M] -- C:\Programme\Common Files [2010.09.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Programme\ConvertHelper [2010.10.04 19:26:05 | 000,000,000 | ---D | M] -- C:\Programme\CutAssistant [2010.09.30 17:41:16 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite [2008.08.08 15:17:49 | 000,000,000 | ---D | M] -- C:\Programme\DataDesign [2010.09.13 01:08:59 | 000,000,000 | ---D | M] -- C:\Programme\DivX [2010.12.11 02:47:51 | 000,000,000 | ---D | M] -- C:\Programme\DRAGON [2010.12.25 16:28:02 | 000,000,000 | ---D | M] -- C:\Programme\Dream MKV Converter [2011.04.28 00:30:05 | 000,000,000 | ---D | M] -- C:\Programme\Dreamload LLC [2011.04.12 19:45:39 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes [2010.11.21 15:38:36 | 000,000,000 | ---D | M] -- C:\Programme\Emsisoft Anti-Malware [2010.11.13 12:20:37 | 000,000,000 | ---D | M] -- C:\Programme\Emulator [2011.05.18 21:08:33 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT [2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien [2010.09.26 01:42:40 | 000,000,000 | ---D | M] -- C:\Programme\Google [2011.01.10 19:07:38 | 000,000,000 | ---D | M] -- C:\Programme\GoogleEULA [2011.04.16 13:48:24 | 000,000,000 | ---D | M] -- C:\Programme\GrabIt [2010.12.25 16:20:10 | 000,000,000 | ---D | M] -- C:\Programme\HamsterSoft [2010.12.29 15:08:38 | 000,000,000 | ---D | M] -- C:\Programme\HP [2011.03.29 13:18:36 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.1 [2011.04.05 19:14:42 | 000,000,000 | ---D | M] -- C:\Programme\IDM [2011.04.27 02:03:58 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information [2008.08.04 12:21:48 | 000,000,000 | ---D | M] -- C:\Programme\Intel [2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer [2011.05.08 19:53:40 | 000,000,000 | ---D | M] -- C:\Programme\Java [2011.04.25 23:14:34 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader [2011.02.03 13:01:49 | 000,000,000 | ---D | M] -- C:\Programme\JEdit [2010.05.30 13:29:59 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack [2011.03.24 16:19:52 | 000,000,000 | ---D | M] -- C:\Programme\Left 4 Dead 2 [2008.08.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Programme\LetsTrade [2010.11.17 17:48:53 | 000,000,000 | ---D | M] -- C:\Programme\Logitech [2011.03.29 13:17:07 | 000,000,000 | ---D | M] -- C:\Programme\LogMeIn Hamachi [2011.04.05 19:11:18 | 000,000,000 | ---D | M] -- C:\Programme\Longman [2011.04.25 23:57:40 | 000,000,000 | ---D | M] -- C:\Programme\LucasArts [2011.04.27 03:01:54 | 000,000,000 | ---D | M] -- C:\Programme\m-r-software [2011.05.18 20:37:28 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.24 14:16:58 | 000,000,000 | ---D | M] -- C:\Programme\MarkAny [2010.05.24 04:31:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games [2011.04.27 15:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games for Windows - LIVE [2008.08.04 14:00:28 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office [2011.04.29 21:40:11 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight [2008.08.04 14:00:31 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works [2008.08.04 14:00:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET [2010.10.09 12:13:11 | 000,000,000 | ---D | M] -- C:\Programme\MixVibesHOME7DEMO [2010.11.01 12:35:18 | 000,000,000 | ---D | M] -- C:\Programme\MobMapUpdater [2008.01.21 04:35:17 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker [2011.05.09 18:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Movie Subtitles Searcher [2011.05.18 20:38:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox [2011.05.09 18:54:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Thunderbird [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild [2008.08.04 14:08:38 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0 [2008.08.04 13:30:45 | 000,000,000 | ---D | M] -- C:\Programme\Nero [2011.04.17 10:52:33 | 000,000,000 | ---D | M] -- C:\Programme\NewsLeecher [2010.09.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Programme\NVIDIA Corporation [2011.04.27 15:40:11 | 000,000,000 | ---D | M] -- C:\Programme\OpenAL [2010.07.11 14:18:34 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3 [2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Orbitdownloader [2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\Programme\Pando Networks [2010.07.09 13:37:55 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET [2010.12.10 15:16:46 | 000,000,000 | ---D | M] -- C:\Programme\PopCap Games [2011.04.27 03:17:46 | 000,000,000 | ---D | M] -- C:\Programme\QuickPar [2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime [2010.10.12 17:35:29 | 000,000,000 | ---D | M] -- C:\Programme\Real [2008.08.04 12:07:59 | 000,000,000 | ---D | M] -- C:\Programme\Realtek [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies [2010.05.24 14:17:58 | 000,000,000 | ---D | M] -- C:\Programme\Samsung [2011.02.08 22:11:11 | 000,000,000 | R--D | M] -- C:\Programme\Skype [2011.04.12 19:47:31 | 000,000,000 | ---D | M] -- C:\Programme\SlySoft [2010.10.09 11:41:40 | 000,000,000 | ---D | M] -- C:\Programme\SpacialAudio [2011.04.29 18:46:56 | 000,000,000 | ---D | M] -- C:\Programme\SQUARE ENIX - Eidos Interactive [2011.05.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Programme\Steam [2011.04.23 18:46:42 | 000,000,000 | ---D | M] -- C:\Programme\SystemRequirementsLab [2010.06.13 15:52:08 | 000,000,000 | ---D | M] -- C:\Programme\Teamspeak2_RC2 [2011.02.27 15:56:01 | 000,000,000 | ---D | M] -- C:\Programme\TmNationsForever [2010.12.29 21:47:51 | 000,000,000 | ---D | M] -- C:\Programme\TrueCrypt [2011.04.22 18:22:11 | 000,000,000 | ---D | M] -- C:\Programme\Ubisoft [2008.08.04 13:07:14 | 000,000,000 | ---D | M] -- C:\Programme\Ulead Systems [2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information [2011.04.26 01:11:08 | 000,000,000 | ---D | M] -- C:\Programme\Valve [2010.05.24 15:28:17 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN [2010.10.09 12:05:50 | 000,000,000 | ---D | M] -- C:\Programme\VirtualDJ [2011.05.11 16:34:34 | 000,000,000 | ---D | M] -- C:\Programme\Webcam Simulator [2010.09.06 14:47:50 | 000,000,000 | ---D | M] -- C:\Programme\Winamp [2010.05.23 17:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Winamp Detect [2008.01.21 04:35:18 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar [2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration [2008.01.21 04:35:09 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender [2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal [2010.05.24 04:31:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live [2010.05.24 04:30:52 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive [2008.08.13 09:16:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail [2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player [2010.05.23 17:41:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT [2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery [2008.08.08 15:07:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar [2010.05.23 20:56:40 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR [2011.04.18 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\World of Warcraft [2011.04.25 20:20:44 | 000,000,000 | ---D | M] -- C:\Programme\Xilisoft < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\ERDNT\cache\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.05.2011 21:39:54 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Maxl\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32 Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0DE6B45E-7DDC-48E7-94B8-E9C34F9A60EC}" = rport=137 | protocol=17 | dir=out | app=system | "{101BEBE4-2A43-46BB-B463-F4D283DE8A24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{104D84CD-2773-4BA9-98DC-2C1D6450822F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{21E2512F-C410-4907-A4B0-B07C1260214E}" = lport=139 | protocol=6 | dir=in | app=system | "{4509C0EB-DC9C-4B30-9289-4F022EB14CF7}" = lport=2869 | protocol=6 | dir=in | app=system | "{47DB870B-E94B-4211-9BDE-D109AABD9079}" = rport=445 | protocol=6 | dir=out | app=system | "{5B1CF9FD-ED14-4BC7-9E13-050D7B6647AE}" = rport=138 | protocol=17 | dir=out | app=system | "{940621E8-8B83-4413-908D-C023781FC37E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BDDB8D7F-A2FF-4F17-B8D7-46D6A1F7DD57}" = lport=138 | protocol=17 | dir=in | app=system | "{D8AFBC90-30D7-47D4-8156-934CC76E84B4}" = lport=137 | protocol=17 | dir=in | app=system | "{DA61B32B-05D8-43BE-946B-12A6081F3EFD}" = rport=139 | protocol=6 | dir=out | app=system | "{DA8AF75A-5863-4593-92A9-97A13FB7A87E}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D43123-1818-4C4B-9636-E33C36215B90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{08643B90-8AF3-4834-8F39-60D91FA64F1C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{09C692A0-5307-4342-A41E-6662B28ABA72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{09CF51DB-FE23-4B18-A2B5-89BDA2518B53}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{0E1C3024-0A4A-4F13-B65F-1ED50A58534C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{111A9C40-7FD0-4CDD-AFED-FCDD2BCCEAA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | "{17334BE1-AE53-4142-80C0-3FA9953AD34A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1B62B478-7279-446E-B5D6-2C6613C12698}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{200EC952-0D5C-44C5-B71F-3F2FFA17FCAB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{26A063FB-677C-4EB6-91A3-C31A815A47A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{2C5E63D2-1352-475B-ADD5-EBDF83BA49BC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{356A25FF-DDD5-4872-85E7-94555F4D4616}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{364A8C24-CFD9-44D2-A2B2-8DDD842D5509}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{39FC97D9-4501-4E17-A7B7-8A386C52EF2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3AB13818-02E9-490C-A72D-28BF1C5FD172}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{40B80213-691C-4969-B5EA-238A40A747CE}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{4A83CDD1-101A-41D1-B240-4DD3D0B897FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{4CE9825C-CF4C-407C-9AAE-BFBB0650413F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{54048270-A1EC-4143-9F7E-CD388336E0EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{574C31CB-872A-4F91-8410-C1B6DFD2AE2B}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | "{591A1128-6102-4EF2-8542-C7B0AE2F4570}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | "{5CFFF6BA-E5CC-4702-B356-BFF8DC49B3AE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{5DBA3131-B6CC-4289-9563-F650719C24F8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{5DCD091E-D6E4-4BA6-A83F-D1AFACC4CCBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5ECA4AB6-ECD2-4E5C-816A-A6071C2A4B98}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | "{5F6BAB31-FF46-4743-AE13-1A6F3C6D3483}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{602DAFFF-6AF0-49EE-AB2D-80A0D95320DC}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | "{603A6028-6C32-458B-8D57-7AB8D045BF77}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{6605790D-E94C-4409-A7C1-C249FDB3599A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{6D63AFDA-7A7F-471D-BAE2-EC76E63B1E16}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{711A7C45-297E-46BC-BE83-7198B4B576F3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{71E069A4-9A1A-42E2-87F8-E96BEA84EBEB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | "{737BD13A-83D1-42BE-86E8-E28212122D79}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{7895AB0F-97EF-408D-8D35-8D4ED35EBAB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{7AC2BA9C-87D1-4982-BF35-8883B8327BD4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{7C9C1FE0-16C2-4A21-9D58-ED48D870502E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{82DE6601-2ACE-478E-890E-5422208460D7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hit_pitt\counter-strike source\hl2.exe | "{856F21C8-D0C2-447B-B99A-D0103EB1AB31}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | "{8861954B-9757-41C8-881C-252170A65FE7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | "{88B22B08-4B9B-4283-A4F1-4B7274E0CA21}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{925E0FEB-B584-4A1E-A31B-CF92013D7ECC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hit_pitt\counter-strike source\hl2.exe | "{9793F8AC-0647-4BBA-AB25-E1D93341673A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | "{9996C112-02AD-44D8-9FC5-E7F8D2AC8216}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{99DF733C-32CC-4B7D-92FF-763DB036253A}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | "{9FA8C3A2-F5E4-40F3-9BDF-D64D5D385565}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | "{A46A0FA4-8177-4DC9-8E2F-672B24CBDFF6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{A6469983-F1E6-4C4F-BF4D-3B58B4EEDCEE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{AA906F69-81EA-4883-AE8D-6FF173918895}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | "{ACEC8EC1-67C8-4BDE-9712-7B5C3B5F17BF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{B86AA195-1FB1-4FBD-B2FD-0F903444BB2F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{BB334B48-8727-4DC4-92ED-6D95F5502986}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{BD6406FD-C145-4C91-B0B1-4621B77994F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{C033B7FA-9F88-40E4-9B28-097B9F4BBAEC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | "{C30AC916-6EE7-4EB4-8DEC-5E05311D26A3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{C8188B0D-717B-4189-88CD-5C7736057A00}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{DC20797D-ED5F-4D94-9A84-81F2EEFB13F2}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | "{DE95DADF-5EE7-4435-AA3D-257A365081D0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{E22821C8-1237-4181-B9F7-CC733D435333}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{EBD4DC13-6F6B-4D68-9568-03F015ED9493}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{F231C38E-F13C-453B-A585-36DA86A909B1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | "{F753E5C2-00D8-4087-9429-7A8B8672EAB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{FA922452-08D9-4A8A-9FF6-A199150813C7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{FB1EED06-C8A4-4242-AF1E-7477079C0ED7}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | "{FBEE7F72-E3D1-414A-9B2A-C0CEB72F3EC3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{360022A4-9339-426B-8F36-1465CBAEABC0}" = D7300 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials "{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = Trust Webcam 15082 "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software "{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM) "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{66712EEE-ECBC-4CA6-A474-dream-mkv-converter}_is1" = Dream MKV Converter "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help "{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4 "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1489-3350-5074-6281" = JDownloader 0.9 "7-Zip" = 7-Zip 4.65 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "AnyDVD" = AnyDVD "Avidemux 2.5" = Avidemux 2.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BitTorrent" = BitTorrent "CloneDVD2" = CloneDVD2 "DRAGON" = DRAGON 1.6 "Dreamload" = Dreamload "ERUNT_is1" = ERUNT 1.1j "GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "Google Chrome" = Google Chrome "GrabIt_is1" = GrabIt 1.7.1 Beta (build 960) "Hamster Free Video Converter_is1" = HamsterFreeVideoConverter "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "Jeopardy!®_Editor_1.0.21.0" = Classroom Jeopardy! Editor 1.05 "KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Full) "Left4Dead2-hohesC_is1" = Left 4 Dead 2 Version "LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars "LetsTrade" = LetsTrade Komponenten "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MixVibesHomedemo.exe" = MixVibes HOME DEMO uninstall "MobMap_is1" = MobMap 4.01 "Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de) "Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10) "NewsLeecher_is1" = NewsLeecher v4.0 Final "NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "Picasa 3" = Picasa 3 "Plants vs. Zombies" = Plants vs. Zombies "PokerStars.net" = PokerStars.net "Postal 2_is1" = Portal 2 "PROSetDX" = Intel(R) Network Connections "PunkBusterSvc" = PunkBuster Services "QUICKfind" = QUICKfind server v1.1 "QuickPar" = QuickPar 0.9 "RealPlayer 12.0" = RealPlayer "SAMPDJ" = SAM Party DJ v4 "SP6" = Logitech SetPoint 6.15 "Steam App 17510" = Age of Chivalry "Steam App 220" = Half-Life 2 "Steam App 240" = Counter-Strike: Source "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TmNationsForever_is1" = TmNationsForever "TrueCrypt" = TrueCrypt "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "TeamSpeak 3 Client" = TeamSpeak 3 Client "Winamp Detect" = Winamp Detector Plug-in "Xilisoft MKV Converter 6" = Xilisoft MKV Converter 6 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Habe nun auch ca 20 Links geöffnet über Google und keine Werbeseite wurde mehr angezeigt! Scheint geholfen zu haben. Vielen vielen Dank !!! |
![]() | #5 | |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Firefox öffnet Werbeseiten Hallo Zitat:
![]() Aber das heißt nicht, dass wir schon fertig sind. ![]() Schritt # 1: Peer to Peer oder Filesharing Programme Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall BitTorent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben genannte Software. Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Schritt # 2: Fix mit OTL
ATTFilter :OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present [2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo :Commands [emptytemp]
Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Schritt # 4: Java deinstallieren/neu installieren
Schritt # 5: Wichtige Updates
Schritt # 6: ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
![]() Code:
ATTFilter "%ProgramFiles%\Eset\Eset Online Scanner\log.txt" Schritt # 7: Systemscan mit OTL
Schritt # 8: Durchführung einer Sicherheitskontrolle Downloade Dir bitte SecurityCheck
Schritt # 9: Deine Rückmeldung Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
![]() | #6 |
/// TB-Ausbilder ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Firefox öffnet Werbeseiten Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
![]() |
Themen zu Firefox öffnet Werbeseiten |
anhang, firefox, funktionier, funktioniert, google, heute, hijack, hijack log, hoffe, log, nervig, problem, seite, suchergebnisse, werbeseite, werbeseiten, wirklich, öffnet |