Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox öffnet Werbeseiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.05.2011, 19:53   #1
Gelendil
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten



Huhu.
Mein Firefox öffnet seit heute wenn ich z.B bei Google auf Suchergebnisse gehe statt der gewünschten Seite iwelche Werbeseiten.
mein hijack log findet ihr hoffentlich im anhang wenn das so funktioniert wie ich es will

hoffe jemand kann mir helfen, da das problem wirklich sehr nervig ist

lg gele

Alt 18.05.2011, 20:00   #2
M-K-D-B
/// TB-Ausbilder
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten





Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
  • Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
  • Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.





Schritt # 1: Registry mit ERUNT absichern
Da wir in der Registry Änderungen vornehmen müssen, wirst Du die Registry vorher wie folgt sichern:
Lade das Tool ERUNT von Lars Hederer herunter und installiere es. Starte die erunt.exe und erstelle damit eine Backup der Registry in den vorgegebenen Ordner. Unter Sicherungsoptionen bitte alle drei Möglichkeiten anhaken. Das Programm nicht in den Systemstart aufnehmen.





Schritt # 2: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.
  • Schließe alle laufenden Programme.
  • Trenne dich von Internet.
  • Deaktiviere deine AntiViren Software.
  • Starte TDSSkiller.exe mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start scan.
    Mache während dem Scan nichts am Rechner
    1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
    2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
      Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
  • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
  • Bitte poste mir den Inhalt hier in deinen Thread.




Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
Downloade Dir bitte Malwarebytes' Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 4: ComboFix ausführen
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 5: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%PROGRAMFILES%\*.
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe 
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Schritt # 6: Fragen beantworten
Bitte beantworte mir folgende Fragen:
  • Bitte starte Firefox und den Internet Explorer und berichte, ob du immer noch umgeleitet wirst.
  • Gibt es sonst noch Probleme?




Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • das Logfile des TDSS Killers,
  • das Logfile von MBAM,
  • das Logfile von ComboFix,
  • die beiden Logfiles von OTL (OTL.txt und Extras.txt) und
  • die Beantwortung der gestellten Fragen.
__________________


Alt 18.05.2011, 20:13   #3
Gelendil
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten



OTL.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.05.2011 21:39:54 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Maxl\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.10.12 17:35:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.06.30 16:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.05.07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.23 07:57:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.29 21:47:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.09.30 17:41:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.25 13:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.03.25 13:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.03.25 13:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.03 09:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 20:12:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 18:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.09 18:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions
[2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.18 19:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Firefox\Profiles\yur1shno.default\extensions
[2010.07.19 22:19:39 | 000,002,057 | ---- | M] () -- C:\Users\Maxl\AppData\Roaming\Mozilla\Firefox\Profiles\yur1shno.default\searchplugins\youtube-videosuche.xml
[2011.05.08 19:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.08 19:53:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.19 20:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.19 20:12:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- 
[2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.01.01 10:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.07.07 01:54:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.19 16:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.25 23:13:22 | 000,002,048 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2011.05.02 21:31:48 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchost.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.18 21:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Maxl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.18 21:38:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.18 21:38:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.18 21:19:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.18 21:19:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.18 21:19:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.18 21:19:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.18 21:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.18 21:19:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.18 21:08:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.18 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.18 21:08:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo
[2011.05.14 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Media Player Classic
[2011.05.09 18:55:18 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\Thunderbird
[2011.05.09 18:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.05.09 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Profiles
[2011.05.09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Avira
[2011.05.09 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.09 18:46:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.09 18:46:20 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.09 18:46:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.09 18:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.05.08 21:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.08 16:22:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\5xtxf0dx.default
[2011.05.02 21:31:41 | 000,000,000 | ---D | C] -- C:\Programme\Movie Subtitles Searcher
[2011.04.29 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Square Enix
[2011.04.29 18:46:56 | 000,000,000 | ---D | C] -- C:\Programme\SQUARE ENIX - Eidos Interactive
[2011.04.28 00:28:43 | 000,000,000 | ---D | C] -- C:\dreamloaddata
[2011.04.28 00:28:01 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dreamload
[2011.04.28 00:27:58 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\dreamload
[2011.04.28 00:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Dreamload LLC
[2011.04.27 16:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.04.27 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.04.27 15:40:12 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll
[2011.04.27 15:40:12 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011.04.27 15:40:11 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\BRS
[2011.04.27 15:40:10 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.27 15:35:56 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.04.27 15:35:55 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.04.27 15:35:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.04.27 15:35:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.04.27 15:35:53 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.04.27 15:35:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.04.27 15:35:51 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.04.27 15:35:48 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.04.27 15:31:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.04.27 15:31:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.04.27 15:31:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.04.27 15:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.04.27 15:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters
[2011.04.27 03:18:59 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2011.04.27 02:03:59 | 000,000,000 | ---D | C] -- C:\Programme\m-r-software
[2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Aerosoft
[2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
[2011.04.27 00:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Simulator
[2011.04.27 00:05:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\wcs
[2011.04.26 01:37:41 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\SKIDROW
[2011.04.26 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.04.26 01:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Valve
[2011.04.25 23:12:23 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2011.04.25 23:08:37 | 000,000,000 | ---D | C] -- C:\Downloads
[2011.04.25 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Xilisoft
[2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft
[2011.04.23 18:46:42 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2011.04.22 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\PunkBuster
[2011.04.20 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\gemeindefest
[2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
[2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[2011.02.06 16:50:33 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2010.06.12 17:00:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.06.12 17:00:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.06.12 17:00:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2010.06.12 17:00:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.18 21:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.18 21:18:44 | 004,351,251 | R--- | M] () -- C:\Users\Maxl\Desktop\ComboFix.exe
[2011.05.18 21:17:48 | 003,650,622 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.18 21:17:48 | 001,502,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.18 21:17:48 | 001,090,310 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.18 21:17:48 | 000,983,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.18 21:11:26 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.18 21:11:14 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.18 21:08:30 | 000,000,718 | ---- | M] () -- C:\Users\Maxl\Desktop\ERUNT.lnk
[2011.05.18 20:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.18 19:49:45 | 000,000,680 | ---- | M] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat
[2011.05.18 18:51:20 | 000,008,470 | ---- | M] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt
[2011.05.15 16:51:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.14 16:29:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.14 16:18:20 | 000,031,744 | ---- | M] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.12 00:17:20 | 000,023,616 | ---- | M] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg
[2011.05.09 19:15:21 | 020,533,281 | ---- | M] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe
[2011.05.09 18:54:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.05.09 18:46:26 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.01 21:47:16 | 000,260,848 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg
[2011.05.01 21:47:09 | 000,000,100 | -H-- | M] () -- C:\Users\Maxl\Documents\.picasa.ini
[2011.04.30 11:24:47 | 000,706,486 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00090.JPG
[2011.04.30 01:25:24 | 001,302,341 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00047.JPG
[2011.04.29 23:10:33 | 000,026,080 | ---- | M] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg
[2011.04.29 23:02:41 | 001,261,041 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088.JPG
[2011.04.28 00:28:01 | 000,000,878 | ---- | M] () -- C:\Users\Maxl\Desktop\Dreamload.lnk
[2011.04.27 15:40:11 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.27 15:40:10 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.26 17:21:11 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.04.26 01:34:32 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.04.25 21:18:42 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.25 21:18:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2011.04.25 20:21:15 | 000,001,882 | ---- | M] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.19 20:12:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 21:19:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.18 21:19:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.18 21:19:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.18 21:19:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.18 21:19:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.18 21:18:37 | 004,351,251 | R--- | C] () -- C:\Users\Maxl\Desktop\ComboFix.exe
[2011.05.18 21:08:30 | 000,000,718 | ---- | C] () -- C:\Users\Maxl\Desktop\ERUNT.lnk
[2011.05.18 20:01:13 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.18 18:49:28 | 000,008,470 | ---- | C] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt
[2011.05.12 00:17:20 | 000,023,616 | ---- | C] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg
[2011.05.09 19:15:08 | 020,533,281 | ---- | C] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe
[2011.05.09 18:46:26 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.01 21:47:16 | 000,260,848 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg
[2011.05.01 21:47:09 | 000,000,100 | -H-- | C] () -- C:\Users\Maxl\Documents\.picasa.ini
[2011.04.30 11:24:25 | 000,706,486 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00090.JPG
[2011.04.30 01:24:47 | 001,302,341 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00047.JPG
[2011.04.29 23:10:32 | 000,026,080 | ---- | C] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg
[2011.04.29 23:02:05 | 001,261,041 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088.JPG
[2011.04.28 00:28:01 | 000,000,878 | ---- | C] () -- C:\Users\Maxl\Desktop\Dreamload.lnk
[2011.04.26 01:34:32 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.04.25 23:12:35 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.04.25 23:12:35 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.04.25 23:12:35 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.04.25 21:18:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.25 21:18:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2011.04.25 20:21:15 | 000,001,882 | ---- | C] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.22 18:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.22 18:37:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.19 20:12:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.12 19:45:48 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.08 22:17:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.02.06 16:50:44 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe
[2011.02.06 16:50:44 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2011.02.06 16:50:37 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2011.02.06 16:50:33 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
[2010.12.29 14:56:29 | 000,148,811 | ---- | C] () -- C:\Windows\hppins20.dat
[2010.12.29 14:56:21 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2010.10.08 15:06:01 | 000,000,680 | ---- | C] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat
[2010.06.12 17:00:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.06.12 17:00:44 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.06.12 17:00:43 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.05.30 13:29:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.30 13:29:33 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.30 13:29:33 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.30 13:29:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.24 14:17:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.24 14:17:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.23 17:52:43 | 000,031,744 | ---- | C] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.04 15:16:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.08.04 15:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.04 12:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.01.21 09:15:58 | 003,650,622 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 001,090,310 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.01.23 14:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,358,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,502,722 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,983,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.18 21:38:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.02.13 17:26:59 | 000,000,000 | ---D | M] -- C:\BDS
[2008.08.04 11:38:08 | 000,000,000 | ---D | M] -- C:\Boot
[2011.04.12 19:52:16 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\ComboFix
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.12 01:28:50 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.04.28 00:28:43 | 000,000,000 | ---D | M] -- C:\dreamloaddata
[2011.04.29 16:28:33 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.07 12:12:16 | 000,000,000 | ---D | M] -- C:\Movies
[2008.08.04 13:59:13 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.04.19 20:32:53 | 000,000,000 | ---D | M] -- C:\Musik
[2010.05.24 13:36:39 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.05.18 21:08:29 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.07 01:50:04 | 000,000,000 | ---D | M] -- C:\Programs
[2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.18 21:40:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.11.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Temp
[2010.05.23 17:45:16 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.18 21:38:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2011.05.18 20:00:16 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip
[2008.08.04 14:07:43 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2008.08.04 12:58:44 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2011.04.27 02:03:58 | 000,000,000 | ---D | M] -- C:\Programme\Aerosoft
[2011.04.10 11:28:31 | 000,000,000 | ---D | M] -- C:\Programme\AMD
[2010.05.30 13:23:16 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2010.10.04 19:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Avidemux 2.5
[2011.05.09 18:46:20 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2011.03.20 14:34:50 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent
[2011.04.27 15:40:13 | 000,000,000 | ---D | M] -- C:\Programme\BRS
[2008.08.08 15:18:33 | 000,000,000 | ---D | M] -- C:\Programme\Buhl
[2011.04.29 16:53:06 | 000,000,000 | ---D | M] -- C:\Programme\Codemasters
[2010.05.31 00:32:27 | 000,000,000 | ---D | M] -- C:\Programme\ColdCut
[2011.05.18 21:29:39 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2010.09.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Programme\ConvertHelper
[2010.10.04 19:26:05 | 000,000,000 | ---D | M] -- C:\Programme\CutAssistant
[2010.09.30 17:41:16 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite
[2008.08.08 15:17:49 | 000,000,000 | ---D | M] -- C:\Programme\DataDesign
[2010.09.13 01:08:59 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2010.12.11 02:47:51 | 000,000,000 | ---D | M] -- C:\Programme\DRAGON
[2010.12.25 16:28:02 | 000,000,000 | ---D | M] -- C:\Programme\Dream MKV Converter
[2011.04.28 00:30:05 | 000,000,000 | ---D | M] -- C:\Programme\Dreamload LLC
[2011.04.12 19:45:39 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes
[2010.11.21 15:38:36 | 000,000,000 | ---D | M] -- C:\Programme\Emsisoft Anti-Malware
[2010.11.13 12:20:37 | 000,000,000 | ---D | M] -- C:\Programme\Emulator
[2011.05.18 21:08:33 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.09.26 01:42:40 | 000,000,000 | ---D | M] -- C:\Programme\Google
[2011.01.10 19:07:38 | 000,000,000 | ---D | M] -- C:\Programme\GoogleEULA
[2011.04.16 13:48:24 | 000,000,000 | ---D | M] -- C:\Programme\GrabIt
[2010.12.25 16:20:10 | 000,000,000 | ---D | M] -- C:\Programme\HamsterSoft
[2010.12.29 15:08:38 | 000,000,000 | ---D | M] -- C:\Programme\HP
[2011.03.29 13:18:36 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.1
[2011.04.05 19:14:42 | 000,000,000 | ---D | M] -- C:\Programme\IDM
[2011.04.27 02:03:58 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2008.08.04 12:21:48 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2011.05.08 19:53:40 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.04.25 23:14:34 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader
[2011.02.03 13:01:49 | 000,000,000 | ---D | M] -- C:\Programme\JEdit
[2010.05.30 13:29:59 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack
[2011.03.24 16:19:52 | 000,000,000 | ---D | M] -- C:\Programme\Left 4 Dead 2
[2008.08.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Programme\LetsTrade
[2010.11.17 17:48:53 | 000,000,000 | ---D | M] -- C:\Programme\Logitech
[2011.03.29 13:17:07 | 000,000,000 | ---D | M] -- C:\Programme\LogMeIn Hamachi
[2011.04.05 19:11:18 | 000,000,000 | ---D | M] -- C:\Programme\Longman
[2011.04.25 23:57:40 | 000,000,000 | ---D | M] -- C:\Programme\LucasArts
[2011.04.27 03:01:54 | 000,000,000 | ---D | M] -- C:\Programme\m-r-software
[2011.05.18 20:37:28 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.24 14:16:58 | 000,000,000 | ---D | M] -- C:\Programme\MarkAny
[2010.05.24 04:31:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2011.04.27 15:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games for Windows - LIVE
[2008.08.04 14:00:28 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2011.04.29 21:40:11 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight
[2008.08.04 14:00:31 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2008.08.04 14:00:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2010.10.09 12:13:11 | 000,000,000 | ---D | M] -- C:\Programme\MixVibesHOME7DEMO
[2010.11.01 12:35:18 | 000,000,000 | ---D | M] -- C:\Programme\MobMapUpdater
[2008.01.21 04:35:17 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2011.05.09 18:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Movie Subtitles Searcher
[2011.05.18 20:38:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2011.05.09 18:54:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Thunderbird
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2008.08.04 14:08:38 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2008.08.04 13:30:45 | 000,000,000 | ---D | M] -- C:\Programme\Nero
[2011.04.17 10:52:33 | 000,000,000 | ---D | M] -- C:\Programme\NewsLeecher
[2010.09.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Programme\NVIDIA Corporation
[2011.04.27 15:40:11 | 000,000,000 | ---D | M] -- C:\Programme\OpenAL
[2010.07.11 14:18:34 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3
[2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Orbitdownloader
[2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\Programme\Pando Networks
[2010.07.09 13:37:55 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET
[2010.12.10 15:16:46 | 000,000,000 | ---D | M] -- C:\Programme\PopCap Games
[2011.04.27 03:17:46 | 000,000,000 | ---D | M] -- C:\Programme\QuickPar
[2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2010.10.12 17:35:29 | 000,000,000 | ---D | M] -- C:\Programme\Real
[2008.08.04 12:07:59 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.05.24 14:17:58 | 000,000,000 | ---D | M] -- C:\Programme\Samsung
[2011.02.08 22:11:11 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.04.12 19:47:31 | 000,000,000 | ---D | M] -- C:\Programme\SlySoft
[2010.10.09 11:41:40 | 000,000,000 | ---D | M] -- C:\Programme\SpacialAudio
[2011.04.29 18:46:56 | 000,000,000 | ---D | M] -- C:\Programme\SQUARE ENIX - Eidos Interactive
[2011.05.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Programme\Steam
[2011.04.23 18:46:42 | 000,000,000 | ---D | M] -- C:\Programme\SystemRequirementsLab
[2010.06.13 15:52:08 | 000,000,000 | ---D | M] -- C:\Programme\Teamspeak2_RC2
[2011.02.27 15:56:01 | 000,000,000 | ---D | M] -- C:\Programme\TmNationsForever
[2010.12.29 21:47:51 | 000,000,000 | ---D | M] -- C:\Programme\TrueCrypt
[2011.04.22 18:22:11 | 000,000,000 | ---D | M] -- C:\Programme\Ubisoft
[2008.08.04 13:07:14 | 000,000,000 | ---D | M] -- C:\Programme\Ulead Systems
[2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2011.04.26 01:11:08 | 000,000,000 | ---D | M] -- C:\Programme\Valve
[2010.05.24 15:28:17 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.10.09 12:05:50 | 000,000,000 | ---D | M] -- C:\Programme\VirtualDJ
[2011.05.11 16:34:34 | 000,000,000 | ---D | M] -- C:\Programme\Webcam Simulator
[2010.09.06 14:47:50 | 000,000,000 | ---D | M] -- C:\Programme\Winamp
[2010.05.23 17:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Winamp Detect
[2008.01.21 04:35:18 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2008.01.21 04:35:09 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2010.05.24 04:31:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2010.05.24 04:30:52 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2008.08.13 09:16:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.05.23 17:41:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2008.08.08 15:07:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2010.05.23 20:56:40 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR
[2011.04.18 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\World of Warcraft
[2011.04.25 20:20:44 | 000,000,000 | ---D | M] -- C:\Programme\Xilisoft
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\ERDNT\cache\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
--- --- ---
__________________

Geändert von Gelendil (18.05.2011 um 20:46 Uhr)

Alt 18.05.2011, 20:47   #4
Gelendil
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten



OTL.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.05.2011 21:39:54 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Maxl\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.10.12 17:35:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.06.30 16:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.05.07 17:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.05.07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.18 21:17:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Maxl\Downloads\OTL.exe
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.28 16:14:56 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.23 07:57:42 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.04 12:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.01 17:07:25 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.04.01 17:07:25 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.29 21:47:51 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.12.01 21:06:29 | 000,108,104 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.09.30 17:41:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.14 02:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.25 13:09:06 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.03.25 13:09:06 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.03.25 13:09:06 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.07.03 09:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.19 20:12:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.09 18:30:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.09 18:54:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions
[2010.05.23 17:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.05.18 19:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maxl\AppData\Roaming\mozilla\Firefox\Profiles\yur1shno.default\extensions
[2010.07.19 22:19:39 | 000,002,057 | ---- | M] () -- C:\Users\Maxl\AppData\Roaming\Mozilla\Firefox\Profiles\yur1shno.default\searchplugins\youtube-videosuche.xml
[2011.05.08 19:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.08 19:53:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.19 20:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.19 20:12:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File not found (No name found) -- 
[2010.07.07 01:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.01.01 10:00:00 | 000,135,168 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.07.07 01:54:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.19 16:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.25 23:13:22 | 000,002,048 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2011.05.02 21:31:48 | 000,002,046 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchost.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.05.18 21:34:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programme\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^maxdome Download Manager.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Maxl^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\Windows\vsnpstd3.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.18 21:38:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.18 21:38:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.18 21:19:45 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.18 21:19:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.18 21:19:45 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.18 21:19:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.05.18 21:19:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.18 21:19:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.18 21:08:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.18 21:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.05.18 21:08:29 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo
[2011.05.14 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Media Player Classic
[2011.05.09 18:55:18 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\Thunderbird
[2011.05.09 18:54:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2011.05.09 18:53:28 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Profiles
[2011.05.09 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Avira
[2011.05.09 18:46:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.05.09 18:46:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.05.09 18:46:20 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.05.09 18:46:20 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.05.09 18:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.05.08 21:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.08 16:22:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\5xtxf0dx.default
[2011.05.02 21:31:41 | 000,000,000 | ---D | C] -- C:\Programme\Movie Subtitles Searcher
[2011.04.29 18:53:33 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\Square Enix
[2011.04.29 18:46:56 | 000,000,000 | ---D | C] -- C:\Programme\SQUARE ENIX - Eidos Interactive
[2011.04.28 00:28:43 | 000,000,000 | ---D | C] -- C:\dreamloaddata
[2011.04.28 00:28:01 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dreamload
[2011.04.28 00:27:58 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\dreamload
[2011.04.28 00:27:57 | 000,000,000 | ---D | C] -- C:\Programme\Dreamload LLC
[2011.04.27 16:13:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.04.27 15:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.04.27 15:40:12 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\System32\mkl_blueripple.dll
[2011.04.27 15:40:12 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2011.04.27 15:40:11 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2011.04.27 15:40:11 | 000,000,000 | ---D | C] -- C:\Programme\BRS
[2011.04.27 15:40:10 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.27 15:35:56 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011.04.27 15:35:55 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011.04.27 15:35:54 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011.04.27 15:35:54 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011.04.27 15:35:53 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011.04.27 15:35:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011.04.27 15:35:51 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011.04.27 15:35:48 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011.04.27 15:31:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011.04.27 15:31:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011.04.27 15:31:13 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011.04.27 15:29:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.04.27 15:04:28 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters
[2011.04.27 03:18:59 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\Programme\QuickPar
[2011.04.27 03:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2011.04.27 02:03:59 | 000,000,000 | ---D | C] -- C:\Programme\m-r-software
[2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Aerosoft
[2011.04.27 02:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
[2011.04.27 00:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webcam Simulator
[2011.04.27 00:05:44 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\wcs
[2011.04.26 01:37:41 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Local\SKIDROW
[2011.04.26 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.04.26 01:11:08 | 000,000,000 | ---D | C] -- C:\Programme\Valve
[2011.04.25 23:12:23 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2011.04.25 23:08:37 | 000,000,000 | ---D | C] -- C:\Downloads
[2011.04.25 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Xilisoft
[2011.04.25 20:20:44 | 000,000,000 | ---D | C] -- C:\Programme\Xilisoft
[2011.04.23 18:46:42 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2011.04.22 18:37:50 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\PunkBuster
[2011.04.20 10:40:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\Documents\gemeindefest
[2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd.dll
[2011.02.06 16:50:33 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll
[2011.02.06 16:50:33 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll
[2010.06.12 17:00:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.06.12 17:00:43 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.06.12 17:00:43 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2010.06.12 17:00:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.18 21:34:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.05.18 21:18:44 | 004,351,251 | R--- | M] () -- C:\Users\Maxl\Desktop\ComboFix.exe
[2011.05.18 21:17:48 | 003,650,622 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.18 21:17:48 | 001,502,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.18 21:17:48 | 001,090,310 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.18 21:17:48 | 000,983,274 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.18 21:11:32 | 000,089,341 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.05.18 21:11:26 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 21:11:20 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.18 21:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.18 21:11:14 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.18 21:08:30 | 000,000,718 | ---- | M] () -- C:\Users\Maxl\Desktop\ERUNT.lnk
[2011.05.18 20:51:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.18 19:49:45 | 000,000,680 | ---- | M] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat
[2011.05.18 18:51:20 | 000,008,470 | ---- | M] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt
[2011.05.15 16:51:27 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.14 16:29:23 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.05.14 16:18:20 | 000,031,744 | ---- | M] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.12 00:17:20 | 000,023,616 | ---- | M] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg
[2011.05.09 19:15:21 | 020,533,281 | ---- | M] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe
[2011.05.09 18:54:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.05.09 18:46:26 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.01 21:47:16 | 000,260,848 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg
[2011.05.01 21:47:09 | 000,000,100 | -H-- | M] () -- C:\Users\Maxl\Documents\.picasa.ini
[2011.04.30 11:24:47 | 000,706,486 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00090.JPG
[2011.04.30 01:25:24 | 001,302,341 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00047.JPG
[2011.04.29 23:10:33 | 000,026,080 | ---- | M] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg
[2011.04.29 23:02:41 | 001,261,041 | ---- | M] () -- C:\Users\Maxl\Documents\DSC00088.JPG
[2011.04.28 00:28:01 | 000,000,878 | ---- | M] () -- C:\Users\Maxl\Desktop\Dreamload.lnk
[2011.04.27 15:40:11 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2011.04.27 15:40:10 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2011.04.26 17:21:11 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.04.26 01:34:32 | 000,001,779 | ---- | M] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.04.25 21:18:42 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.25 21:18:02 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2011.04.25 20:21:15 | 000,001,882 | ---- | M] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.19 20:12:16 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.18 21:19:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.18 21:19:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.18 21:19:45 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.18 21:19:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.18 21:19:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.18 21:18:37 | 004,351,251 | R--- | C] () -- C:\Users\Maxl\Desktop\ComboFix.exe
[2011.05.18 21:08:30 | 000,000,718 | ---- | C] () -- C:\Users\Maxl\Desktop\ERUNT.lnk
[2011.05.18 20:01:13 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.18 18:49:28 | 000,008,470 | ---- | C] () -- C:\Users\Maxl\Desktop\OpenDocument Text (neu).odt
[2011.05.12 00:17:20 | 000,023,616 | ---- | C] () -- C:\Users\Maxl\Desktop\Neue Bitmap.bmp.jpg
[2011.05.09 19:15:08 | 020,533,281 | ---- | C] () -- C:\Users\Maxl\Documents\vlc-1.1.9-win32.exe
[2011.05.09 18:46:26 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.01 21:47:16 | 000,260,848 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088asd.jpg
[2011.05.01 21:47:09 | 000,000,100 | -H-- | C] () -- C:\Users\Maxl\Documents\.picasa.ini
[2011.04.30 11:24:25 | 000,706,486 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00090.JPG
[2011.04.30 01:24:47 | 001,302,341 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00047.JPG
[2011.04.29 23:10:32 | 000,026,080 | ---- | C] () -- C:\Users\Maxl\Documents\6-81417d9e457c8a09395e72a98980f6ae.jpg
[2011.04.29 23:02:05 | 001,261,041 | ---- | C] () -- C:\Users\Maxl\Documents\DSC00088.JPG
[2011.04.28 00:28:01 | 000,000,878 | ---- | C] () -- C:\Users\Maxl\Desktop\Dreamload.lnk
[2011.04.26 01:34:32 | 000,001,779 | ---- | C] () -- C:\Users\Public\Desktop\Portal 2.lnk
[2011.04.25 23:12:35 | 000,001,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.04.25 23:12:35 | 000,001,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.04.25 23:12:35 | 000,001,713 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.04.25 21:18:42 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.04.25 21:18:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2011.04.25 20:21:15 | 000,001,882 | ---- | C] () -- C:\Users\Maxl\Desktop\Xilisoft MKV Converter 6.lnk
[2011.04.22 18:37:53 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.04.22 18:37:51 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.04.19 20:12:16 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.12 19:45:48 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.08 22:17:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.02.06 16:50:44 | 000,339,968 | ---- | C] () -- C:\Windows\vsnpstd.exe
[2011.02.06 16:50:44 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2011.02.06 16:50:37 | 000,390,784 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys
[2011.02.06 16:50:33 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe
[2010.12.29 14:56:29 | 000,148,811 | ---- | C] () -- C:\Windows\hppins20.dat
[2010.12.29 14:56:21 | 000,016,655 | ---- | C] () -- C:\Windows\hppmdl20.dat
[2010.10.08 15:06:01 | 000,000,680 | ---- | C] () -- C:\Users\Maxl\AppData\Local\d3d9caps.dat
[2010.06.12 17:00:44 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.06.12 17:00:44 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.06.12 17:00:43 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.05.30 13:29:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.30 13:29:33 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.30 13:29:33 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.30 13:29:32 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.24 14:17:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.24 14:17:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.24 13:42:35 | 000,089,341 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.23 17:52:43 | 000,031,744 | ---- | C] () -- C:\Users\Maxl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.08.04 15:16:09 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008.08.04 15:16:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.04 12:08:00 | 000,000,028 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.01.21 09:15:58 | 003,650,622 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 001,090,310 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.01.23 14:11:20 | 000,141,312 | ---- | C] () -- C:\Windows\System32\QFClient2.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,358,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 001,502,722 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,983,274 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.18 21:38:20 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.02.13 17:26:59 | 000,000,000 | ---D | M] -- C:\BDS
[2008.08.04 11:38:08 | 000,000,000 | ---D | M] -- C:\Boot
[2011.04.12 19:52:16 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\ComboFix
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.12 01:28:50 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.04.28 00:28:43 | 000,000,000 | ---D | M] -- C:\dreamloaddata
[2011.04.29 16:28:33 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.07 12:12:16 | 000,000,000 | ---D | M] -- C:\Movies
[2008.08.04 13:59:13 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.04.19 20:32:53 | 000,000,000 | ---D | M] -- C:\Musik
[2010.05.24 13:36:39 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.05.18 21:08:29 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.07.07 01:50:04 | 000,000,000 | ---D | M] -- C:\Programs
[2011.05.18 21:38:19 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.05.18 21:40:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.11.09 23:56:28 | 000,000,000 | ---D | M] -- C:\Temp
[2010.05.23 17:45:16 | 000,000,000 | R--D | M] -- C:\Users
[2011.05.18 21:38:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2011.05.18 20:00:16 | 000,000,000 | ---D | M] -- C:\Programme\7-Zip
[2008.08.04 14:07:43 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites
[2008.08.04 12:58:44 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2011.04.27 02:03:58 | 000,000,000 | ---D | M] -- C:\Programme\Aerosoft
[2011.04.10 11:28:31 | 000,000,000 | ---D | M] -- C:\Programme\AMD
[2010.05.30 13:23:16 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2010.10.04 19:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Avidemux 2.5
[2011.05.09 18:46:20 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2011.03.20 14:34:50 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent
[2011.04.27 15:40:13 | 000,000,000 | ---D | M] -- C:\Programme\BRS
[2008.08.08 15:18:33 | 000,000,000 | ---D | M] -- C:\Programme\Buhl
[2011.04.29 16:53:06 | 000,000,000 | ---D | M] -- C:\Programme\Codemasters
[2010.05.31 00:32:27 | 000,000,000 | ---D | M] -- C:\Programme\ColdCut
[2011.05.18 21:29:39 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2010.09.23 20:13:01 | 000,000,000 | ---D | M] -- C:\Programme\ConvertHelper
[2010.10.04 19:26:05 | 000,000,000 | ---D | M] -- C:\Programme\CutAssistant
[2010.09.30 17:41:16 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Lite
[2008.08.08 15:17:49 | 000,000,000 | ---D | M] -- C:\Programme\DataDesign
[2010.09.13 01:08:59 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2010.12.11 02:47:51 | 000,000,000 | ---D | M] -- C:\Programme\DRAGON
[2010.12.25 16:28:02 | 000,000,000 | ---D | M] -- C:\Programme\Dream MKV Converter
[2011.04.28 00:30:05 | 000,000,000 | ---D | M] -- C:\Programme\Dreamload LLC
[2011.04.12 19:45:39 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes
[2010.11.21 15:38:36 | 000,000,000 | ---D | M] -- C:\Programme\Emsisoft Anti-Malware
[2010.11.13 12:20:37 | 000,000,000 | ---D | M] -- C:\Programme\Emulator
[2011.05.18 21:08:33 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT
[2010.05.23 17:41:01 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.09.26 01:42:40 | 000,000,000 | ---D | M] -- C:\Programme\Google
[2011.01.10 19:07:38 | 000,000,000 | ---D | M] -- C:\Programme\GoogleEULA
[2011.04.16 13:48:24 | 000,000,000 | ---D | M] -- C:\Programme\GrabIt
[2010.12.25 16:20:10 | 000,000,000 | ---D | M] -- C:\Programme\HamsterSoft
[2010.12.29 15:08:38 | 000,000,000 | ---D | M] -- C:\Programme\HP
[2011.03.29 13:18:36 | 000,000,000 | ---D | M] -- C:\Programme\ICQ7.1
[2011.04.05 19:14:42 | 000,000,000 | ---D | M] -- C:\Programme\IDM
[2011.04.27 02:03:58 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2008.08.04 12:21:48 | 000,000,000 | ---D | M] -- C:\Programme\Intel
[2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2011.05.08 19:53:40 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.04.25 23:14:34 | 000,000,000 | ---D | M] -- C:\Programme\JDownloader
[2011.02.03 13:01:49 | 000,000,000 | ---D | M] -- C:\Programme\JEdit
[2010.05.30 13:29:59 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack
[2011.03.24 16:19:52 | 000,000,000 | ---D | M] -- C:\Programme\Left 4 Dead 2
[2008.08.08 15:17:50 | 000,000,000 | ---D | M] -- C:\Programme\LetsTrade
[2010.11.17 17:48:53 | 000,000,000 | ---D | M] -- C:\Programme\Logitech
[2011.03.29 13:17:07 | 000,000,000 | ---D | M] -- C:\Programme\LogMeIn Hamachi
[2011.04.05 19:11:18 | 000,000,000 | ---D | M] -- C:\Programme\Longman
[2011.04.25 23:57:40 | 000,000,000 | ---D | M] -- C:\Programme\LucasArts
[2011.04.27 03:01:54 | 000,000,000 | ---D | M] -- C:\Programme\m-r-software
[2011.05.18 20:37:28 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.24 14:16:58 | 000,000,000 | ---D | M] -- C:\Programme\MarkAny
[2010.05.24 04:31:05 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2011.04.27 15:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games for Windows - LIVE
[2008.08.04 14:00:28 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2011.04.29 21:40:11 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight
[2008.08.04 14:00:31 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2008.08.04 14:00:23 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2010.10.09 12:13:11 | 000,000,000 | ---D | M] -- C:\Programme\MixVibesHOME7DEMO
[2010.11.01 12:35:18 | 000,000,000 | ---D | M] -- C:\Programme\MobMapUpdater
[2008.01.21 04:35:17 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker
[2011.05.09 18:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Movie Subtitles Searcher
[2011.05.18 20:38:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2011.05.09 18:54:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Thunderbird
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2008.08.04 14:08:38 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0
[2008.08.04 13:30:45 | 000,000,000 | ---D | M] -- C:\Programme\Nero
[2011.04.17 10:52:33 | 000,000,000 | ---D | M] -- C:\Programme\NewsLeecher
[2010.09.30 17:54:20 | 000,000,000 | ---D | M] -- C:\Programme\NVIDIA Corporation
[2011.04.27 15:40:11 | 000,000,000 | ---D | M] -- C:\Programme\OpenAL
[2010.07.11 14:18:34 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3
[2011.02.13 20:30:31 | 000,000,000 | ---D | M] -- C:\Programme\Orbitdownloader
[2011.05.09 18:42:00 | 000,000,000 | ---D | M] -- C:\Programme\Pando Networks
[2010.07.09 13:37:55 | 000,000,000 | ---D | M] -- C:\Programme\PokerStars.NET
[2010.12.10 15:16:46 | 000,000,000 | ---D | M] -- C:\Programme\PopCap Games
[2011.04.27 03:17:46 | 000,000,000 | ---D | M] -- C:\Programme\QuickPar
[2010.05.30 13:24:44 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2010.10.12 17:35:29 | 000,000,000 | ---D | M] -- C:\Programme\Real
[2008.08.04 12:07:59 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.05.24 14:17:58 | 000,000,000 | ---D | M] -- C:\Programme\Samsung
[2011.02.08 22:11:11 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.04.12 19:47:31 | 000,000,000 | ---D | M] -- C:\Programme\SlySoft
[2010.10.09 11:41:40 | 000,000,000 | ---D | M] -- C:\Programme\SpacialAudio
[2011.04.29 18:46:56 | 000,000,000 | ---D | M] -- C:\Programme\SQUARE ENIX - Eidos Interactive
[2011.05.18 21:11:28 | 000,000,000 | ---D | M] -- C:\Programme\Steam
[2011.04.23 18:46:42 | 000,000,000 | ---D | M] -- C:\Programme\SystemRequirementsLab
[2010.06.13 15:52:08 | 000,000,000 | ---D | M] -- C:\Programme\Teamspeak2_RC2
[2011.02.27 15:56:01 | 000,000,000 | ---D | M] -- C:\Programme\TmNationsForever
[2010.12.29 21:47:51 | 000,000,000 | ---D | M] -- C:\Programme\TrueCrypt
[2011.04.22 18:22:11 | 000,000,000 | ---D | M] -- C:\Programme\Ubisoft
[2008.08.04 13:07:14 | 000,000,000 | ---D | M] -- C:\Programme\Ulead Systems
[2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2011.04.26 01:11:08 | 000,000,000 | ---D | M] -- C:\Programme\Valve
[2010.05.24 15:28:17 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN
[2010.10.09 12:05:50 | 000,000,000 | ---D | M] -- C:\Programme\VirtualDJ
[2011.05.11 16:34:34 | 000,000,000 | ---D | M] -- C:\Programme\Webcam Simulator
[2010.09.06 14:47:50 | 000,000,000 | ---D | M] -- C:\Programme\Winamp
[2010.05.23 17:51:13 | 000,000,000 | ---D | M] -- C:\Programme\Winamp Detect
[2008.01.21 04:35:18 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar
[2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration
[2008.01.21 04:35:09 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2010.05.24 04:31:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2010.05.24 04:30:52 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive
[2008.08.13 09:16:30 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2008.01.21 04:35:15 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.05.23 17:41:01 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2008.01.21 04:35:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery
[2008.08.08 15:07:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2010.05.23 20:56:40 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR
[2011.04.18 12:01:25 | 000,000,000 | ---D | M] -- C:\Programme\World of Warcraft
[2011.04.25 20:20:44 | 000,000,000 | ---D | M] -- C:\Programme\Xilisoft
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\ERDNT\cache\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\ERDNT\cache\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\ERDNT\cache\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
--- --- ---

Extras.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.05.2011 21:39:54 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Maxl\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 66,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 113,71 Gb Free Space | 19,74% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 12,37 Gb Free Space | 61,86% Space Free | Partition Type: FAT32
 
Computer Name: MAXL-PC | User Name: Maxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DE6B45E-7DDC-48E7-94B8-E9C34F9A60EC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{101BEBE4-2A43-46BB-B463-F4D283DE8A24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{104D84CD-2773-4BA9-98DC-2C1D6450822F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{21E2512F-C410-4907-A4B0-B07C1260214E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4509C0EB-DC9C-4B30-9289-4F022EB14CF7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{47DB870B-E94B-4211-9BDE-D109AABD9079}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5B1CF9FD-ED14-4BC7-9E13-050D7B6647AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{940621E8-8B83-4413-908D-C023781FC37E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BDDB8D7F-A2FF-4F17-B8D7-46D6A1F7DD57}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D8AFBC90-30D7-47D4-8156-934CC76E84B4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DA61B32B-05D8-43BE-946B-12A6081F3EFD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DA8AF75A-5863-4593-92A9-97A13FB7A87E}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D43123-1818-4C4B-9636-E33C36215B90}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{08643B90-8AF3-4834-8F39-60D91FA64F1C}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{09C692A0-5307-4342-A41E-6662B28ABA72}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{09CF51DB-FE23-4B18-A2B5-89BDA2518B53}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{0E1C3024-0A4A-4F13-B65F-1ED50A58534C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{111A9C40-7FD0-4CDD-AFED-FCDD2BCCEAA0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{17334BE1-AE53-4142-80C0-3FA9953AD34A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{1A303F31-98A8-406C-A0AA-89F96E264BE5}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1B62B478-7279-446E-B5D6-2C6613C12698}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{200EC952-0D5C-44C5-B71F-3F2FFA17FCAB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{26A063FB-677C-4EB6-91A3-C31A815A47A5}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{2C5E63D2-1352-475B-ADD5-EBDF83BA49BC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{356A25FF-DDD5-4872-85E7-94555F4D4616}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{364A8C24-CFD9-44D2-A2B2-8DDD842D5509}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{39FC97D9-4501-4E17-A7B7-8A386C52EF2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AB13818-02E9-490C-A72D-28BF1C5FD172}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{40B80213-691C-4969-B5EA-238A40A747CE}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{44DA55D9-B665-4EEE-9ECD-86B427C135CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4A83CDD1-101A-41D1-B240-4DD3D0B897FF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{4CE9825C-CF4C-407C-9AAE-BFBB0650413F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{54048270-A1EC-4143-9F7E-CD388336E0EE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{574C31CB-872A-4F91-8410-C1B6DFD2AE2B}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{591A1128-6102-4EF2-8542-C7B0AE2F4570}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe | 
"{5CFFF6BA-E5CC-4702-B356-BFF8DC49B3AE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{5DBA3131-B6CC-4289-9563-F650719C24F8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{5DCD091E-D6E4-4BA6-A83F-D1AFACC4CCBF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5ECA4AB6-ECD2-4E5C-816A-A6071C2A4B98}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{5F6BAB31-FF46-4743-AE13-1A6F3C6D3483}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{602DAFFF-6AF0-49EE-AB2D-80A0D95320DC}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{603A6028-6C32-458B-8D57-7AB8D045BF77}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6605790D-E94C-4409-A7C1-C249FDB3599A}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{6D63AFDA-7A7F-471D-BAE2-EC76E63B1E16}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{711A7C45-297E-46BC-BE83-7198B4B576F3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{71E069A4-9A1A-42E2-87F8-E96BEA84EBEB}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{737BD13A-83D1-42BE-86E8-E28212122D79}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{7895AB0F-97EF-408D-8D35-8D4ED35EBAB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7AC2BA9C-87D1-4982-BF35-8883B8327BD4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{7C9C1FE0-16C2-4A21-9D58-ED48D870502E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{82DE6601-2ACE-478E-890E-5422208460D7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hit_pitt\counter-strike source\hl2.exe | 
"{856F21C8-D0C2-447B-B99A-D0103EB1AB31}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{8861954B-9757-41C8-881C-252170A65FE7}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{88B22B08-4B9B-4283-A4F1-4B7274E0CA21}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{925E0FEB-B584-4A1E-A31B-CF92013D7ECC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hit_pitt\counter-strike source\hl2.exe | 
"{9793F8AC-0647-4BBA-AB25-E1D93341673A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{9996C112-02AD-44D8-9FC5-E7F8D2AC8216}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{99DF733C-32CC-4B7D-92FF-763DB036253A}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{9FA8C3A2-F5E4-40F3-9BDF-D64D5D385565}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{A46A0FA4-8177-4DC9-8E2F-672B24CBDFF6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{A6469983-F1E6-4C4F-BF4D-3B58B4EEDCEE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{AA906F69-81EA-4883-AE8D-6FF173918895}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{ACEC8EC1-67C8-4BDE-9712-7B5C3B5F17BF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{B86AA195-1FB1-4FBD-B2FD-0F903444BB2F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BB334B48-8727-4DC4-92ED-6D95F5502986}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{BD6406FD-C145-4C91-B0B1-4621B77994F9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C033B7FA-9F88-40E4-9B28-097B9F4BBAEC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C30AC916-6EE7-4EB4-8DEC-5E05311D26A3}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{C8188B0D-717B-4189-88CD-5C7736057A00}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{DC20797D-ED5F-4D94-9A84-81F2EEFB13F2}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{DE95DADF-5EE7-4435-AA3D-257A365081D0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{E22821C8-1237-4181-B9F7-CC733D435333}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{EBD4DC13-6F6B-4D68-9568-03F015ED9493}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{F231C38E-F13C-453B-A585-36DA86A909B1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{F753E5C2-00D8-4087-9429-7A8B8672EAB8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{FA922452-08D9-4A8A-9FF6-A199150813C7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{FB1EED06-C8A4-4242-AF1E-7477079C0ED7}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{FBEE7F72-E3D1-414A-9B2A-C0CEB72F3EC3}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbsp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel(R) Network Connections 13.0.42.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{360022A4-9339-426B-8F36-1465CBAEABC0}" = D7300
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{491DFBAA-77EF-4B06-8676-2FC66EEE049A}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57383270-6F61-4DC8-A9B8-C1745FC29F38}" = Trust Webcam 15082
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66712EEE-ECBC-4CA6-A474-dream-mkv-converter}_is1" = Dream MKV Converter 3.0.3.2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE850A4-B89D-4875-A159-B1B64D717EFB}" = OMSI - Der Omnibussimulator
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C5A8DF48-580B-44D3-B2B2-E965A9368F28}" = LEGO® Harry Potter™: Die Jahre 1-4
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AnyDVD" = AnyDVD
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"CloneDVD2" = CloneDVD2
"DRAGON" = DRAGON 1.6
"Dreamload" = Dreamload
"ERUNT_is1" = ERUNT 1.1j
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Google Chrome" = Google Chrome
"GrabIt_is1" = GrabIt 1.7.1 Beta (build 960)
"Hamster Free Video Converter_is1" = HamsterFreeVideoConverter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jeopardy!®_Editor_1.0.21.0" = Classroom Jeopardy! Editor 1.05
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Full)
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 Version 2.0.4.8
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"LetsTrade" = LetsTrade Komponenten
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixVibesHomedemo.exe" = MixVibes HOME DEMO uninstall
"MobMap_is1" = MobMap 4.01
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NewsLeecher_is1" = NewsLeecher v4.0 Final
"NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Plants vs. Zombies" = Plants vs. Zombies
"PokerStars.net" = PokerStars.net
"Postal 2_is1" = Portal 2
"PROSetDX" = Intel(R) Network Connections 13.0.42.0
"PunkBusterSvc" = PunkBuster Services
"QUICKfind" = QUICKfind server v1.1
"QuickPar" = QuickPar 0.9
"RealPlayer 12.0" = RealPlayer
"SAMPDJ" = SAM Party DJ v4
"SP6" = Logitech SetPoint 6.15
"Steam App 17510" = Age of Chivalry
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"TrueCrypt" = TrueCrypt
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Detector Plug-in
"Xilisoft MKV Converter 6" = Xilisoft MKV Converter 6
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


Habe nun auch ca 20 Links geöffnet über Google und keine Werbeseite wurde mehr angezeigt! Scheint geholfen zu haben.

Vielen vielen Dank !!!

Alt 18.05.2011, 21:16   #5
M-K-D-B
/// TB-Ausbilder
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten



Hallo


Zitat:
Habe nun auch ca 20 Links geöffnet über Google und keine Werbeseite wurde mehr angezeigt! Scheint geholfen zu haben.
Freut mich zu hören.
Aber das heißt nicht, dass wir schon fertig sind.






Schritt # 1: Peer to Peer oder Filesharing Programme
Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall BitTorent.

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst.





Schritt # 2: Fix mit OTL
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ost
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011.05.18 19:51:55 | 000,000,000 | ---D | C] -- C:\Users\Maxl\AppData\Roaming\Owazo

:Commands
[emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Suchlauf durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.




Schritt # 4: Java deinstallieren/neu installieren
  • Schließe alle Internet Browser.
  • Folge dem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
  • Deinstalliere bitte Java(TM) 6 Update 20 und Java(TM) 6 Update 7
  • Lade dir anschließend Java(TM) 6 Update 25 von hier auf deinen Desktop.
  • Installiere anschließend die neue Version mit Rechtsklick -> Als Administrator ausführen




Schritt # 5: Wichtige Updates
  • Deinstalliere bitte deine aktuelle Version von Adobe Reader:
    Start --> Systemsteuerung --> Programme deinstallieren --> Adobe Reader
    und lade dir die neue Version von Hier herunter.
  • Entferne den Hacken für den McAfee SecurityScan.
  • Lade dir bitte zudem von hier den Internet Explorer 9 (32 Bit Version) auf deinen Desktop und installiere die neue Version.




Schritt # 6: ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threads kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%ProgramFiles%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.





Schritt # 7: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 8: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
  • Poste den Inhalt bitte hier.




Schritt # 9: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • Das Logfile des OTL-Fix,
  • das neue Logfile von MBAM,
  • das Logfile des ESET Online Scanners,
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
  • das Logfile von SecurityCheck.


Alt 23.05.2011, 18:53   #6
M-K-D-B
/// TB-Ausbilder
 
Firefox öffnet Werbeseiten - Standard

Firefox öffnet Werbeseiten



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Antwort

Themen zu Firefox öffnet Werbeseiten
anhang, firefox, funktionier, funktioniert, google, heute, hijack, hijack log, hoffe, log, nervig, problem, seite, suchergebnisse, werbeseite, werbeseiten, wirklich, öffnet




Ähnliche Themen: Firefox öffnet Werbeseiten


  1. Firefox öffnet eigenständig Werbeseiten in Tabs, auch wenn Firefox grad nicht verwendet wird
    Plagegeister aller Art und deren Bekämpfung - 20.07.2014 (20)
  2. Firefox öffnet von selbst Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 19.04.2014 (5)
  3. Firefox öffnet automatisch Tabs und Werbeseiten.
    Plagegeister aller Art und deren Bekämpfung - 07.04.2014 (7)
  4. IE öffnet Werbeseiten
    Log-Analyse und Auswertung - 06.01.2011 (16)
  5. Internet Explorer öffnet sich automatisch und öffnet Werbeseiten
    Log-Analyse und Auswertung - 18.06.2010 (1)
  6. Firefox öffnet Werbeseiten.Vorheriger Befall durch Antimalware Doctor.Still Infected?
    Log-Analyse und Auswertung - 08.06.2010 (5)
  7. Firefox Öffnet in Google falsche Links + Spotan Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (28)
  8. Firefox öffnet dubiose "Antismalwar" und "Werbeseiten"
    Log-Analyse und Auswertung - 06.05.2010 (4)
  9. IE öffnet Werbeseiten
    Log-Analyse und Auswertung - 05.05.2010 (3)
  10. Virusbefall?: problembericht senden, firefox öffnet werbeseiten
    Log-Analyse und Auswertung - 04.04.2010 (5)
  11. Firefox öffnet ständig Werbeseiten
    Log-Analyse und Auswertung - 15.01.2010 (1)
  12. Firefox öffnet selbstständig Werbeseiten
    Log-Analyse und Auswertung - 08.01.2010 (6)
  13. Firefox öffnet ständig Werbeseiten
    Log-Analyse und Auswertung - 28.12.2008 (14)
  14. Firefox öffnet unerwünschte Werbeseiten
    Log-Analyse und Auswertung - 27.12.2008 (7)
  15. firefox öffnet selbstständig werbeseiten
    Log-Analyse und Auswertung - 08.12.2008 (8)
  16. Firefox öffnet selbstständig werbeseiten
    Log-Analyse und Auswertung - 02.02.2006 (12)
  17. Mozilla öffnet werbeseiten oder öffnet sich komplett von alleine
    Log-Analyse und Auswertung - 25.10.2005 (2)

Zum Thema Firefox öffnet Werbeseiten - Huhu. Mein Firefox öffnet seit heute wenn ich z.B bei Google auf Suchergebnisse gehe statt der gewünschten Seite iwelche Werbeseiten. mein hijack log findet ihr hoffentlich im anhang wenn das - Firefox öffnet Werbeseiten...
Archiv
Du betrachtest: Firefox öffnet Werbeseiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.