Trojaner-Board
Seite 1 von 10 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Mozilla Firefox lässt sich nicht mehr öffnen! (https://www.trojaner-board.de/104114-mozilla-firefox-laesst-mehr-oeffnen.html)

Sabrina84 13.10.2011 15:00
Mozilla Firefox lässt sich nicht mehr öffnen!
 
Hallo,

Heute früh war ich noch im Internet und schaltete in den Ruhezustand, als ich später wieder einschaltete stürzte der Lapi ab. WIndows musste dann reparieren und ich kam wieder auf meine Desktopseite, alles geht nur Mozilla nicht. Ich schreibe gerade über den Explorer das funktioniert ohne Probleme.

Habe eine Systemwiederherstellung bereitsprobiert aber diese kann nicht fertiggestellt werden. Habe nun Malwarebyte und Hijackthis durchlaufen lassen und würde mich freuen wenn mal jemand draufschauen könnte.


Bei HiJackthis gabs gleich Meldung zu Anfang, das er sollte er was finden es nicht fixen kann, warum auch immer.

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:09:26, on 29.10.2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\a9b2d0f\WSa9b2.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo243] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregGer\ereg.ini"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MBBalloon] C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe
O4 - HKLM\..\Run: [SSP Notifier] C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0\Monitor.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Windows System Defender] "C:\ProgramData\a9b2d0f\WSa9b2.exe" /s /d
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Freenet\Common\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 9083 bytes
--- --- ---



und Malwarebyte:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3059
Windows 6.0.6002 Service Pack 2

13.10.2011 15:31:05
mbam-log-2011-10-13 (15-31-05).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 284620
Laufzeit: 2 hour(s), 20 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


würd mich freuen falls hier mir da helfen könntet, wollte schon einfach Mozilla deinstallieren und neu runterladen, aber dann ist ja vermutlich alles weg.

Danke euch mal im vorraus:)

Liebe Grüße Sabrina

markusg 13.10.2011 16:03
otl:
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Sabrina84 13.10.2011 21:18
Hallo Markus,

krieg Spybot garnicht weg, hatte es damald deinstalliert und dachte es wäre halt weg. Finde es nirgends, könntest Du mir sagen wo ich das finden müsste?

den Scan hab ich jetzt trotzdem mal gemacht:OTL Logfile:
Code:
OTL logfile created on: 13.10.2011 22:02:37 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Tim&Sabrina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,30% Memory free
4,27 Gb Paging File | 2,93 Gb Available in Paging File | 68,63% Paging File free
Paging file location(s): c:\pagefile.sys 2500 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 15,28 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI-PC | User Name: Tim&Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tim&Sabrina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Google\Update\1.3.21.69\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Freenet\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (USB_RNDIS) -- C:\Windows\System32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (PzWDM) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://de.mc257.mail.yahoo.com/mc/welcome?ymv=0"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tim&Sabrina\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Tim&Sabrina\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.12.17 07:31:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.11.08 13:04:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.13 12:35:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 23:15:16 | 000,000,000 | ---D | M]
 
[2010.01.05 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Extensions
[2010.01.05 22:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.02 13:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions
[2009.09.03 15:43:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.09 22:38:14 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.09.27 19:19:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.11 14:47:17 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions\ffxtlbr@babylon.com
[2011.10.02 13:29:04 | 000,000,000 | ---D | M] (Nokia Maps 3D browser plugin) -- C:\Users\Tim&Sabrina\AppData\Roaming\mozilla\Firefox\Profiles\iuc9hr0h.default\extensions\maps@ovi.com
[2011.10.09 18:08:04 | 000,001,056 | ---- | M] () -- C:\Users\Tim&Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\iuc9hr0h.default\searchplugins\icqplugin.xml
[2011.08.03 18:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.07.14 21:43:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.15 20:27:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.13 12:17:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.02 20:24:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.18 08:46:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.07 18:58:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.03 18:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.06 20:57:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 08:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.09 16:26:58 | 000,002,291 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.11 08:54:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.11 08:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 08:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 08:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 08:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.11.05 12:42:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.230 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17FA3737-50F1-4DF2-8D38-B32F05EB7346}: DhcpNameServer = 80.69.100.230 80.69.100.174
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{775D4A15-3222-4BE1-B1EF-27275E089BE4}: DhcpNameServer = 80.69.100.230 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94B8EE1F-CE1E-466B-8267-D478A4E1F009}: DhcpNameServer = 80.69.100.230 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tim&Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tim&Sabrina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.13 11:31:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.13 11:31:20 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.13 11:31:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.13 11:31:20 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.13 11:31:17 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.13 11:31:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.13 11:31:05 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.13 11:30:58 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.10.13 11:30:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.10.13 11:30:58 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.13 11:30:58 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.10.13 11:30:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.10.13 11:30:58 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.10.13 11:30:58 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.13 11:30:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.10.13 11:30:57 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.10.13 11:30:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.10.13 11:30:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.10.13 11:30:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.10.13 11:30:57 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.10.13 11:30:57 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.13 11:30:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.10.13 11:30:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.13 11:30:07 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.13 11:30:07 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011.10.10 12:01:47 | 000,000,000 | ---D | C] -- C:\Windows\TEMP
[2011.09.22 15:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.13 22:03:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.10.13 22:00:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.13 21:46:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.13 20:38:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.13 20:28:56 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 20:28:56 | 000,004,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.13 12:40:43 | 2009,227,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.13 11:58:13 | 000,329,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.10.13 11:35:57 | 000,679,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.13 11:35:57 | 000,640,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.13 11:35:57 | 000,147,924 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.13 11:35:57 | 000,122,298 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.13 10:06:44 | 000,028,160 | ---- | M] () -- C:\Users\Tim&Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.01 01:03:05 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.10.01 01:02:36 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.10.01 01:02:36 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.10.01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.10.01 01:01:57 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.10.01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.10.01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.10.01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.10.01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.10.01 01:01:29 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.10.01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.09.30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.09.30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.09.30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.09.30 23:28:36 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
 
========== Files Created - No Company Name ==========
 
[2011.02.11 22:43:51 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.28 16:56:57 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.04.07 22:24:40 | 000,019,666 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Local\internal.grp
[2010.03.01 21:54:45 | 000,000,680 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Local\d3d9caps.dat
[2009.11.19 22:36:41 | 000,000,032 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.05 07:22:33 | 000,267,264 | ---- | C] () -- C:\Windows\PEV.exe
[2009.11.05 07:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.11.05 07:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.11.05 07:22:33 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009.11.05 07:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.11.02 12:00:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.02 12:00:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.02 11:59:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.11 14:00:06 | 000,033,443 | ---- | C] () -- C:\Windows\fire-un.exe
[2008.12.23 22:56:16 | 000,004,574 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008.12.19 16:03:31 | 000,000,234 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Roaming\Alltag16.ini
[2008.10.22 21:11:26 | 000,000,744 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Roaming\wklnhst.dat
[2008.07.20 12:04:32 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.20 12:03:54 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.06.28 21:07:26 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.06.28 21:07:26 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.06.28 21:07:26 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.06.28 21:07:26 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.05.22 00:08:05 | 000,001,438 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Roaming\NMM-MetaData.db
[2008.03.19 00:31:06 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.03.16 20:27:08 | 000,000,532 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.01.26 23:24:39 | 000,000,019 | ---- | C] () -- C:\Windows\SoundConverter.INI
[2008.01.07 17:32:50 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.05 14:29:12 | 000,028,160 | ---- | C] () -- C:\Users\Tim&Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.18 07:24:20 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.12.18 07:19:05 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.12.18 07:19:05 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.12.18 07:19:05 | 000,128,813 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 17:33:31 | 000,679,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,147,924 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,329,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,640,606 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,122,298 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll

< End of report >
--- --- ---



und:

OTL Logfile:
Code:
OTL Extras logfile created on: 13.10.2011 22:02:37 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\Tim&Sabrina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 44,30% Memory free
4,27 Gb Paging File | 2,93 Gb Available in Paging File | 68,63% Paging File free
Paging file location(s): c:\pagefile.sys 2500 2500 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 15,28 Gb Free Space | 10,32% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 72,98 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: LAPPI-PC | User Name: Tim&Sabrina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063634D9-2806-4012-BD1D-7D76B91A1A25}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{08C323EC-15CD-4048-8772-AE9238BF1C92}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2D415104-0C0D-484A-BB44-C22F2E945EC5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{61D80EBC-CC83-4EC3-B9CE-15260AFA5771}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85A36EA7-4C65-409E-A5AE-5E235963EA69}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8EEE1B16-4221-490D-B9B5-0E7DCBAD6525}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A66961D-1A46-4CF4-9A51-A9DFCC74DCD7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{B8469474-706B-41FF-87B4-C3730F94C9F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E2B9EF70-2764-428C-9517-176E7D4AD158}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EB788C08-E2B0-4E5C-953C-24B18009F390}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FED49875-C23D-4532-96D6-7A68373D10EF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A20FB-02CF-47D4-BC32-53EFE11C4F85}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{0562CDD7-ABDE-4D69-87D2-F17674D1D040}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0791E522-2733-4821-84A4-474CB5935B0D}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{0D21FE83-5DCF-4A0D-84D2-BA65C9E8888A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{11FBB95B-3B36-44C3-9883-70069D127A5F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1730987E-C425-4B53-84BC-D4267C080E85}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{181EAA08-B6BD-40DB-A21F-077568F25186}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2771ACFF-4CBA-45E5-ADBA-5435A1435E62}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3441C197-8364-47DD-AEF5-7699D9598F9F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{80B12B19-AFDA-4A6E-ABBB-3A670E2A2A45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D8D5D88-7C4C-43E0-8F43-68BD1383BACF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A58948C0-8876-4BFB-9AB1-63F9AF182185}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{AA034163-7C81-4289-B249-924A5AFDF52B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C8D94C69-DFAE-4903-9411-A5A759714784}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{D9F5FA9A-89E5-4B86-8104-EB2C7600D223}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E70661CA-0A89-4671-A4D3-01E7843D4E19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EDF46B71-8F25-451C-B532-B77A70BE928D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F08EEA63-2716-46ED-B3BA-E1B98C260826}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F598A0EB-CE36-4C1E-96CA-3BD15C840215}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F79E6116-07A6-4C26-B41C-256A297B9338}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F91B2799-C277-4379-8470-9E1F7DDCBAAF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{0FD00B19-2E0E-4B8E-B54C-152F14989ECB}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{151A4F99-D137-4703-AE0B-A16637EB27F9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{23B35516-4A1B-4D0D-B3A2-FB0B897CC011}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{23E1E175-62BB-4362-902B-9984C239D774}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3826DE34-5545-4FDD-962C-95E49BDAA59F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{43915768-1060-4CDC-B43D-1E4E61E07DF9}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{4E45B582-804E-4F40-883F-9519C36FD26B}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{6A8722C3-A314-4255-911C-510A9F7D49CB}C:\program files\wimpomat2\wimpomat2.exe" = protocol=6 | dir=in | app=c:\program files\wimpomat2\wimpomat2.exe |
"TCP Query User{7CE3D3D8-0D1C-4B5B-B58F-BFF3FD3BA392}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{8D1B8D45-B034-4884-A892-A96A28F65617}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A3D9D61E-FD54-4C63-861D-6719E482E5F3}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{B8C96F9A-813D-4771-8B72-4E8CB3DA36EC}C:\kav\kav7.0\german\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7.0\german\setup.exe |
"TCP Query User{BDADB61F-B158-4580-A863-CEE132AEE3A8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C1458634-D643-4576-B398-432C86D46410}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"TCP Query User{C655C9CA-B945-4D6A-921F-4C9D2BC9DC6C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{DEF62D0A-095A-48A1-9C90-C30AF74E8A9E}C:\programdata\a9b2d0f\wsa9b2.exe" = protocol=6 | dir=in | app=c:\programdata\a9b2d0f\wsa9b2.exe |
"TCP Query User{E31B28BB-2CCE-4E5D-BD7D-BA97CBACF05A}C:\programdata\a9b2d0f\wsa9b2.exe" = protocol=6 | dir=in | app=c:\programdata\a9b2d0f\wsa9b2.exe |
"TCP Query User{FDA08554-9D6B-4E66-B149-918BAEA6B197}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"UDP Query User{0465C879-C7E4-43B6-939F-7938D55A93CF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{0D822D47-313A-45D7-B0F5-08F147561892}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2068D777-583A-4316-9BA1-8E197B51B08B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{25A8944F-97C8-4007-ACDE-CC3ACC91602A}C:\programdata\a9b2d0f\wsa9b2.exe" = protocol=17 | dir=in | app=c:\programdata\a9b2d0f\wsa9b2.exe |
"UDP Query User{393086CB-B468-4BC0-B10D-3F69863E0C58}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{3AD7243C-D6AB-458F-AD7C-6876572D2BD9}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{624296F2-0440-46A1-8F54-58CB63E61F72}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6B37C5B2-88F5-4B0F-807D-A6A44B270F57}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6F0E79F4-4D16-42BB-80F9-056A36337929}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{72AC4A99-2C23-4AC4-9371-99950B2B0DF4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{74705732-E8EB-461D-9A95-D0EB91424F28}C:\kav\kav7.0\german\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7.0\german\setup.exe |
"UDP Query User{772CBAB8-5E97-4521-A729-ADA08449BB8D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{77D4C52F-E417-4097-BC6E-7A04375E34F3}C:\program files\wimpomat2\wimpomat2.exe" = protocol=17 | dir=in | app=c:\program files\wimpomat2\wimpomat2.exe |
"UDP Query User{9A72D221-EC56-4831-BEC6-D6A45F64B466}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe |
"UDP Query User{BC22A735-4A74-449C-A0ED-5FE0E7901417}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{C3070092-B47E-47F7-B0A6-B6A3E063A35A}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"UDP Query User{CFC7BA72-B9E5-430D-BB7C-BA0E30A5AA67}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{FB0A6BC7-4394-4B6B-9B7D-24B6C6204A9E}C:\programdata\a9b2d0f\wsa9b2.exe" = protocol=17 | dir=in | app=c:\programdata\a9b2d0f\wsa9b2.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028741EB-70F5-BF63-EB23-480A7C48F096}" = CCC Help German
"{0343FEB6-43EA-0608-CF1F-6B4D20784AA8}" = Catalyst Control Center Localization Italian
"{03B5882D-D9DB-B950-CBE1-D03DDBFFF458}" = CCC Help Chinese Traditional
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06029DFB-9E17-410D-A1FE-7EB5F1A1E3FD}" = HOT ALBUM MYBOX
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DDDE141-9696-4E33-AB82-EF398169D7E5}" = Ulead PhotoImpact XL
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B3A67B0-F54D-2F98-763C-B8E309135C38}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F9B00FC-AD74-A45C-3E73-83CF895E9CD0}" = Catalyst Control Center Localization Spanish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{29F482A1-9828-5830-1F96-798E75CB90EB}" = CCC Help French
"{2B541619-4920-A88A-AEB6-C4E76672B726}" = ccc-utility
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{32AFDE70-6890-478B-BC92-8F3C76B8A77B}" = Branding
"{37AF3415-B43F-FB0B-124B-4B207657DF66}" = Catalyst Control Center Localization Japanese
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3E5D1BD1-3451-15A7-D5EB-FB4C1C713C33}" = Catalyst Control Center Localization Chinese Standard
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB83D9B-35B3-44E2-639B-6839332BBB29}" = Catalyst Control Center Localization Portuguese
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{48FD4CEC-7ED7-5220-2032-E780075764E4}" = CCC Help Japanese
"{49B7369A-A5EF-4F12-991B-1810AD0DA75A}" = ImageShack Uploader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587601F9-A917-AE27-263A-0854BE106BE9}" = Catalyst Control Center Localization German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{625309B9-9853-B259-CA17-DA4838E2D7C6}" = Catalyst Control Center Localization Dutch
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E98E51-BFF9-5922-1316-7AF58170CA54}" = Catalyst Control Center Graphics Light
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EB6C056-02BB-453E-8448-EC90B9794180}" = Nokia Multimedia Common Components 2.4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C97813-ADFC-AA48-D24F-17E6CD41B413}" = Skins
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74EF2D1D-D3A6-3A56-1DD7-56A338BADD29}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787AD427-7FEB-A87C-4C2E-C95610EF345B}" = Catalyst Control Center Core Implementation
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8535028B-D4EE-B929-97A0-354013AE5D94}" = Catalyst Control Center Localization Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9279B0F3-C831-7C50-9F07-73B1219322B6}" = Catalyst Control Center Localization Chinese Traditional
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{94E89EFD-5841-17EA-4F69-37A5DA58A735}" = CCC Help Spanish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A983135-BB9F-6E62-F282-AD76BB9551FE}" = CCC Help English
"{9AE73DF3-2349-A626-AE42-7959D7583E2B}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A603BB91-F08F-025F-4158-E897DC29D037}" = Catalyst Control Center Localization French
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA27D595-32F0-97EB-BC94-1ED22E7444A8}" = CCC Help Portuguese
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BEB79508-7D67-4A2F-9FB3-54C2B68E9532}" = PC Connectivity Solution
"{C61E8F12-31F1-C2E6-DC0C-505CBF2BEE57}" = ccc-core-static
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{CCC67B82-CD80-9C07-4C4A-D5B9C7137399}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0
"{D2B49278-3321-FFBA-0F7C-127878A9CB5D}" = CCC Help Dutch
"{D723FE60-F9EC-D688-0274-7BF2FF96E80A}" = Catalyst Control Center Graphics Full New
"{DC432844-6914-4421-910C-F1B05B3A761C}" = Nokia Music
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E1FA2D24-5633-83B3-3C72-FB3749DAF724}" = CCC Help Swedish
"{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}" = IKEA Home Planner
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFD0BFEB-980E-491B-833B-A8848E5E0F0F}" = Hyplay
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E23357-CDCE-0246-677C-8097DAA6F8C5}" = CCC Help Korean
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA2B72B1-B29E-57FB-5AFB-74734AC3442E}" = Catalyst Control Center Graphics Previews Vista
"{FB187C4A-DC7F-495E-9531-0418DAD4CF7E}" = FP3 Player
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.0
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Windows-Treiberpaket - Nokia Modem  (10/12/2007 3.6)
"819D45A9F73817F5B6D7C71A33ADAB88C5DA1765" = Windows-Treiberpaket - Nokia Modem  (08/03/2007 6.84.0.2)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Fireflies" = Fireflies Screensaver (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{FB187C4A-DC7F-495E-9531-0418DAD4CF7E}" = FP3 Player
"Lantern 3D Screensaver_is1" = Lantern 3D Screensaver 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"MP Navigator 2.0" = Canon MP Navigator 2.0
"Nokia PC Suite" = Nokia PC Suite
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TomTom HOME" = TomTom HOME 2.8.1.2218
"Two Worlds Pinball" = Two Worlds Pinball
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual Garden" = Virtual Garden
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.02.2010 05:45:23 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.02.2010 13:46:23 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10.02.2010 13:46:23 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.02.2010 04:54:27 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.02.2010 04:54:27 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.02.2010 09:30:29 | Computer Name = Lappi-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 11.02.2010 10:28:46 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.02.2010 10:28:46 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12.02.2010 08:18:49 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 12.02.2010 08:18:49 | Computer Name = Lappi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ System Events ]
Error - 11.10.2011 16:27:26 | Computer Name = Lappi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 12.10.2011 15:18:28 | Computer Name = Lappi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.10.2011 04:00:15 | Computer Name = Lappi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 13.10.2011 04:00:15 | Computer Name = Lappi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 13.10.2011 04:00:15 | Computer Name = Lappi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 13.10.2011 04:00:15 | Computer Name = Lappi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 13.10.2011 04:00:15 | Computer Name = Lappi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
 
Error - 13.10.2011 04:57:41 | Computer Name = Lappi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.10.2011 05:54:42 | Computer Name = Lappi-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.10.2011 15:46:18 | Computer Name = Lappi-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

markusg 14.10.2011 10:51
hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Sabrina84 14.10.2011 13:15
:dummguck:Hallo,

hab folgendes Promblem,ich habe mir Combofix runtergeladen, alles nach anleitung gemacht, als Combofix fertig war, bekam ich den log, allerdings konnte ich dann nicht mehr in den Explorer, bekam überall eine Meldung das die Exe. Datei (sorry ich war leider so blöd und hab es mir nicht aufgeschrieben) gelöscht wurde (ging um den Registrierungsschlüssel).

Meine Internetverbindung funktionierte Einwandfrei aber ich konnte eben Explorer nicht öffnen, genau wie bei Firefox. Ich kenne jetzt niemanden der mir sonst helfen könnte, da kam mir die Idee die Systemsteuerung zu probieren, glücklicherweise konnte ich jetzt so wieder zum letzten Punkt zurückkehren, allerdings ist somit der Log und auch Combofix weg.


Hast Du ne Idee wie man das problem am besten angeht?

ich hätte die alte Version von Firefox gelöscht, die neue Version runtergladen und auf Cd gebrannt als sicherung.

Dann nochmal Combofix + Log gepostet.

Was meinst Du dazu? und sorry das es so kompliziert ist, sind unsere ganzen Browser verseucht?

markusg 14.10.2011 14:47
mach das mit combofix noch mal und wenn das problem wieder auftritt, starte den pc neu, dann gehts wieder.
poste dann den inhalt der combofix.txt

Sabrina84 14.10.2011 16:26
Hallo, Danke :dankeschoen:diesmal hats geklappt, leider ist das Log so lang, das ich es hier nicht reinkopiert kriege, auch fürs Datei anhängen ist es mit 1,2Mb zu groß.

soll ich stückweise hier reinkopieren?

markusg 14.10.2011 16:33
nö, hänge die txt an, oder wenn die zu groß ist, mit winrar oder zip packen, dann hochladen :-)

Sabrina84 14.10.2011 18:54
Oh gerade erst gelesen, also hoffe das klappt jetzt:


hxxp://www.file-upload.net/download-3803891/log.txt.html

markusg 14.10.2011 19:00
ja ist gleich viel angenemer.
was sagt der firefox, läuft er wieder?

Sabrina84 14.10.2011 19:31
das freut mich:-) war mir schon etwas unangenehm:pfeiff:


Firefox geht nach wie vor nicht:daumenrunter:


konntest Du im Log was feststellen?

markusg 14.10.2011 19:32
nein bisher nichts.
gibts denn auch keine fehlermeldung?
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Sabrina84 14.10.2011 19:44
nein leider garkeine Fehlermeldung nichts! :(

Malwarebytes hab ich bereits auf dem PC den Scan hab ich gestern gemacht und hier gepostet, soll ich noch einen trotzdem machen? ansonsten hier ist der alte von gestern:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3059
Windows 6.0.6002 Service Pack 2

13.10.2011 15:31:05
mbam-log-2011-10-13 (15-31-05).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 284620
Laufzeit: 2 hour(s), 20 minute(s), 56 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

markusg 14.10.2011 19:54
update hast du nicht gemacht.

Sabrina84 14.10.2011 22:11
Okay hier kommt der neue Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7948

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

14.10.2011 23:09:15
mbam-log-2011-10-14 (23-09-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 319679
Laufzeit: 1 Stunde(n), 47 Minute(n), 0 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:05 Uhr.
Seite 1 von 10 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131