Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wow Acount Hack (https://www.trojaner-board.de/86292-wow-acount-hack.html)

basdev 20.05.2010 18:04
Wow Acount Hack
 
Hallo, Experten

Nun hat es mich auch erwischt. Mir wurde der WOW Account gehackt und ich habe definitiv keine Ahnung..wie !!

Ich werde hier wohl irgendwo einen Keylogger oder sonstwas aus der chinesichen Giftküche auf dem Rechner haben. Ich scanne mir hier seit Tagen mit Avira, Hijack, Malware und OTL nen Wolf und ich find nix :mad:

1. Hijack
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:58, on 16.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
D:\Tobit ClipInc\Server\ClipInc-Server.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
D:\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Hagen\AppData\Local\Apps\2.0\ERA78QDD.ZHL\8EA5QHP4.6DV\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Users\Hagen\Downloads\sdsetup-cnet.exe
C:\Users\Hagen\AppData\Local\Temp\is-11SMS.tmp\sdsetup-cnet.tmp
C:\Users\Hagen\AppData\Local\Temp\is-TMKU2.tmp\InnoMonitor.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Plus\Search Bar.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Plus\Search Bar.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL
O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~2\IEBUTT~2.DLL
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~2\IEBUTT~1.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~2\IEBUTT~3.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll
O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file)
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
O4 - HKCU\..\Run: [Wowhead_Client] "C:\Users\Hagen\AppData\Local\Temp\Temp1_Wowhead_Client.zip\Wowhead_Client.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = ?
O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: amazon Suche - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: amazon Suche starten - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm
O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Program Files\Copernic 2001 Plus\Search Extension.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Hagen\AppData\LocalLow\Dealio\kb124\res\DealioSearch.html
O8 - Extra context menu item: eBay - Mein eBay - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaymein.htm
O8 - Extra context menu item: eBay - Powersuche - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaypower.htm
O8 - Extra context menu item: eBay - Startseite - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: eBay Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm
O8 - Extra context menu item: Google Suche - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Google Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm
O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe
O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe
O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Plus\Translate.htm
O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Plus\Translate.htm
O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de (file missing)
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{52D96AEC-7B69-4691-A7BA-DE855A972FDD}: NameServer = 0.0.0.0
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: bw+0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: offline-8876480 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 30632 bytes
2. Avira
Code:


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 19. Mai 2010  18:53

Es wird nach 2136678 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - FREE Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : HAGEN-PC

Versionsinformationen:
BUILD.DAT      : 10.0.0.567    32097 Bytes  19.04.2010 15:50:00
AVSCAN.EXE    : 10.0.3.0      433832 Bytes  01.04.2010 11:37:35
AVSCAN.DLL    : 10.0.3.0      56168 Bytes  30.03.2010 10:42:16
LUKE.DLL      : 10.0.2.3      104296 Bytes  07.03.2010 17:32:59
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 10:59:47
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF  : 7.10.1.0    1372672 Bytes  19.11.2009 18:27:49
VBASE002.VDF  : 7.10.3.1    3143680 Bytes  20.01.2010 16:37:42
VBASE003.VDF  : 7.10.3.75    996864 Bytes  26.01.2010 15:37:42
VBASE004.VDF  : 7.10.4.203  1579008 Bytes  05.03.2010 10:29:03
VBASE005.VDF  : 7.10.6.82    2494464 Bytes  15.04.2010 15:51:28
VBASE006.VDF  : 7.10.6.83      2048 Bytes  15.04.2010 15:51:28
VBASE007.VDF  : 7.10.6.84      2048 Bytes  15.04.2010 15:51:28
VBASE008.VDF  : 7.10.6.85      2048 Bytes  15.04.2010 15:51:28
VBASE009.VDF  : 7.10.6.86      2048 Bytes  15.04.2010 15:51:28
VBASE010.VDF  : 7.10.6.87      2048 Bytes  15.04.2010 15:51:28
VBASE011.VDF  : 7.10.6.88      2048 Bytes  15.04.2010 15:51:28
VBASE012.VDF  : 7.10.6.89      2048 Bytes  15.04.2010 15:51:28
VBASE013.VDF  : 7.10.6.90      2048 Bytes  15.04.2010 15:51:29
VBASE014.VDF  : 7.10.6.123    126464 Bytes  19.04.2010 15:51:30
VBASE015.VDF  : 7.10.6.152    123392 Bytes  21.04.2010 15:51:31
VBASE016.VDF  : 7.10.6.178    122880 Bytes  22.04.2010 15:51:32
VBASE017.VDF  : 7.10.6.206    120320 Bytes  26.04.2010 15:51:33
VBASE018.VDF  : 7.10.6.232    99328 Bytes  28.04.2010 15:51:34
VBASE019.VDF  : 7.10.7.2      155648 Bytes  30.04.2010 15:51:35
VBASE020.VDF  : 7.10.7.26    119808 Bytes  04.05.2010 15:51:36
VBASE021.VDF  : 7.10.7.51    118272 Bytes  06.05.2010 15:51:37
VBASE022.VDF  : 7.10.7.75    404992 Bytes  10.05.2010 15:51:41
VBASE023.VDF  : 7.10.7.100    125440 Bytes  13.05.2010 15:51:42
VBASE024.VDF  : 7.10.7.119    177664 Bytes  17.05.2010 15:51:43
VBASE025.VDF  : 7.10.7.120      2048 Bytes  17.05.2010 15:51:43
VBASE026.VDF  : 7.10.7.121      2048 Bytes  17.05.2010 15:51:43
VBASE027.VDF  : 7.10.7.122      2048 Bytes  17.05.2010 15:51:44
VBASE028.VDF  : 7.10.7.123      2048 Bytes  17.05.2010 15:51:44
VBASE029.VDF  : 7.10.7.124      2048 Bytes  17.05.2010 15:51:44
VBASE030.VDF  : 7.10.7.125      2048 Bytes  17.05.2010 15:51:44
VBASE031.VDF  : 7.10.7.135    123392 Bytes  19.05.2010 16:04:59
Engineversion  : 8.2.1.242
AEVDF.DLL      : 8.1.2.0      106868 Bytes  18.05.2010 15:52:07
AESCRIPT.DLL  : 8.1.3.29    1343866 Bytes  18.05.2010 15:52:07
AESCN.DLL      : 8.1.6.1      127347 Bytes  18.05.2010 15:52:03
AESBX.DLL      : 8.1.3.1      254324 Bytes  18.05.2010 15:52:08
AERDL.DLL      : 8.1.4.6      541043 Bytes  18.05.2010 15:52:03
AEPACK.DLL    : 8.2.1.1      426358 Bytes  19.03.2010 11:34:51
AEOFFICE.DLL  : 8.1.1.0      201081 Bytes  18.05.2010 15:52:00
AEHEUR.DLL    : 8.1.1.27    2670967 Bytes  18.05.2010 15:52:00
AEHELP.DLL    : 8.1.11.3      242039 Bytes  01.04.2010 15:05:25
AEGEN.DLL      : 8.1.3.9      377203 Bytes  18.05.2010 15:51:50
AEEMU.DLL      : 8.1.2.0      393588 Bytes  18.05.2010 15:51:49
AECORE.DLL    : 8.1.15.3      192886 Bytes  18.05.2010 15:51:48
AEBB.DLL      : 8.1.1.0        53618 Bytes  18.05.2010 15:51:47
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL    : 10.0.0.0      44904 Bytes  14.01.2010 10:59:07
AVREP.DLL      : 10.0.0.8      62209 Bytes  18.02.2010 15:47:40
AVREG.DLL      : 10.0.3.0      53096 Bytes  01.04.2010 11:35:44
AVSCPLR.DLL    : 10.0.3.0      83816 Bytes  01.04.2010 11:39:49
AVARKT.DLL    : 10.0.0.14    227176 Bytes  01.04.2010 11:22:11
AVEVTLOG.DLL  : 10.0.0.8      203112 Bytes  26.01.2010 08:53:25
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.26    2550120 Bytes  28.01.2010 12:10:08
RCTEXT.DLL    : 10.0.53.0      98152 Bytes  09.04.2010 13:14:28

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Mittwoch, 19. Mai 2010  18:53

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'NOTEPAD.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'HijackThis.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWTray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avp.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avp.exe' - '188' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWService.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1661' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'


Ende des Suchlaufs: Mittwoch, 19. Mai 2010  20:10
Benötigte Zeit:  1:16:36 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  27734 Verzeichnisse wurden überprüft
 475794 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 475794 Dateien ohne Befall
  6379 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 723258 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
Teil 2 folgt

:dankeschoen:

basdev 20.05.2010 18:37
Wow Acount Hack
 
Code:
OTL logfile created on: 20.05.2010 17:28:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Hagen\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,62 Gb Total Space | 130,29 Gb Free Space | 53,26% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 89,60 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 3,73 Gb Total Space | 0,14 Gb Free Space | 3,80% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: HAGEN-PC
Current User Name: Hagen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hagen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Hagen\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (JLRM) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe (SiSoftware)
SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe (SiSoftware)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (HPNUHUB) -- C:\Windows\System32\drivers\hpnuhub.sys (Hewlett-Packard Development Company)
DRV - (hpnuhst) -- C:\Windows\System32\drivers\hpnuhst.sys (Hewlett-Packard Development Company)
DRV - (RTL8187) -- C:\Windows\System32\drivers\hpl8187.sys (Realtek Semiconductor Corporation )
DRV - (p17xfilt) -- C:\Windows\System32\drivers\p17xfilt.sys (Sensaura)
DRV - (HPNUCMP) -- C:\Windows\System32\drivers\hpnucmp.sys (Hewlett-Packard Development Company)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (P17xfi) -- C:\Windows\System32\drivers\P17xfi.SYS (Creative Technology Ltd.)
DRV - (CTUSFSYN) -- C:\Windows\System32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMOUKE.sys (Logitech, Inc.)
DRV - (cmudau32) -- C:\Windows\System32\drivers\cmudaxu.sys (C-Media Inc)
DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS (Creative Technology Ltd)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKLM\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\p, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\pp2, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispirat, = preispiratensearchurl %s|-A0|
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispiraten, = preispiratensearchurl %s|-A0|
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5
FF - prefs.js..extensions.enabledItems: {144D1513-0819-4538-AD26-D515AF443AE7}:1.1.1.0
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}:1.0.0.9
FF - prefs.js..extensions.enabledItems: {BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.3
FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.6
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3.1
FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {2E6861CA-9A88-4B7B-B935-F810DE84D259}:1.2.1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {D2A8BC29-8CA3-4C0A-A206-631C44E9620F}:1.0.0.5
FF - prefs.js..extensions.enabledItems: {A86278FF-6B63-446C-B109-DD4E1BAAC868}:1.0.5.0
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {a27007d0-bec0-4df7-abf8-54ae0b833ce8}:1.1
FF - prefs.js..extensions.enabledItems: {BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}:1.3.2.10
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.05.26 15:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.12 10:45:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 20:15:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.17 17:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.17 20:09:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.17 17:16:29 | 000,000,000 | ---D | M]
 
[2008.12.14 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Extensions
[2010.05.20 17:29:11 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions
[2010.04.06 15:29:40 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2008.04.02 20:19:10 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2009.07.03 18:29:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.21 12:16:33 | 000,000,000 | ---D | M] (Home Extension) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
[2009.10.28 18:32:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.07.25 15:28:59 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2010.02.21 12:16:33 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2010.04.06 15:29:40 | 000,000,000 | ---D | M] (Buyertools) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2010.02.21 12:16:42 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}
[2009.12.23 16:10:30 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2009.11.29 19:58:44 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2010.02.21 12:16:34 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
[2010.04.25 10:16:15 | 000,000,000 | ---D | M] (Babylon Word Search) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{a27007d0-bec0-4df7-abf8-54ae0b833ce8}
[2010.02.21 12:16:34 | 000,000,000 | ---D | M] (Preispiraten4) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{A86278FF-6B63-446C-B109-DD4E1BAAC868}
[2010.04.06 15:29:40 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
[2010.04.06 15:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.04.25 10:16:15 | 000,000,000 | ---D | M] (Online Translator Toolbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}
[2010.04.06 15:29:40 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
[2010.02.21 12:16:42 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2010.02.21 12:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010.02.21 12:16:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008.04.20 11:08:42 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2010.02.21 12:16:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.05 11:56:18 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.04.17 10:38:44 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2009.12.23 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\brief@mozdev.org
[2009.11.05 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\netvideohunter@netvideohunter.com
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Hagen\AppData\Roaming\Mozilla\FireFox\Profiles\5t3r7cm1.default\searchplugins\askcom.xml
[2010.04.06 15:28:44 | 000,000,873 | ---- | M] () -- C:\Users\Hagen\AppData\Roaming\Mozilla\FireFox\Profiles\5t3r7cm1.default\searchplugins\conduit.xml
[2010.05.18 17:24:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.12.22 18:03:14 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2007.06.03 09:42:12 | 000,000,000 | ---D | M] (Home Extension) -- C:\Programme\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
[2009.12.22 18:03:18 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB}
[2007.11.11 11:08:07 | 000,000,000 | ---D | M] (Buyertools) -- C:\Programme\Mozilla Firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A}
[2009.12.22 18:03:16 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}
[2009.12.22 18:03:11 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}
[2007.06.03 09:42:07 | 000,000,000 | ---D | M] (Preispiraten4) -- C:\Programme\Mozilla Firefox\extensions\{A86278FF-6B63-446C-B109-DD4E1BAAC868}
[2009.12.22 18:03:03 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Programme\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
[2007.06.03 09:42:09 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}
[2009.12.22 18:03:22 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Programme\Mozilla Firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2010.05.17 20:15:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2007.06.03 09:42:08 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2009.12.22 18:03:20 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2010.05.17 17:21:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.05.17 20:15:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.27 19:03:49 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.27 19:03:49 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.27 19:03:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2007.04.20 19:32:00 | 000,004,292 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_ebay_de.xml
[2007.01.08 14:48:12 | 000,009,095 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_preispiraten_de.xml
[2010.03.27 19:03:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.27 19:03:49 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.18 17:33:26 | 000,395,221 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll ()
O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll ()
O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten6\IEButtonEbayInterface.dll ()
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm ()
O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm ()
O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm ()
O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten4\SearchEbaymein.htm ()
O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten4\SearchEbaypower.htm ()
O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm ()
O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm ()
O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm ()
O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe ()
O9 - Extra 'Tools' menuitem : Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe (Copernic Technologies Inc.)
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\Copernic 2001 Plus\Translate.htm ()
O9 - Extra 'Tools' menuitem : Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\Copernic 2001 Plus\Translate.htm ()
O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found
O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bw+0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.20 18:07:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e300385-2acb-11df-bf7f-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found
O33 - MountPoints2\{7555498e-28f8-11df-9083-0016e6dcf58b}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found
O33 - MountPoints2\{7555498e-28f8-11df-9083-0016e6dcf58b}\Shell\verb\command - "" = H:\installer.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 22:05:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.19 22:05:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.19 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\TweakNow RegCleaner
[2010.05.19 17:36:41 | 000,000,000 | ---D | C] -- C:\Programme\TweakNow RegCleaner
[2010.05.18 18:38:01 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.05.18 18:37:55 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.05.18 18:31:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.05.18 18:06:39 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\Avira
[2010.05.18 17:57:34 | 000,000,000 | ---D | C] -- C:\Programme\Recordings
[2010.05.18 17:48:50 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.18 17:48:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.05.18 17:48:50 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.05.18 17:48:50 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.05.18 17:48:49 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.05.18 17:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.18 17:21:16 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.18 17:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.17 20:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.05.17 20:15:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.17 20:15:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.17 20:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.17 20:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.17 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\Hagen\Documents\Downloads
[2010.05.17 20:07:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.05.17 19:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.17 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.05.17 17:15:44 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.17 17:10:00 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010.05.17 17:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.05.16 13:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\Malwarebytes
[2010.05.16 13:43:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.16 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.16 13:42:19 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hagen\Desktop\mbam-setup-1.45.exe
[2010.05.16 12:15:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.05.16 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\Hagen\Documents\ForceField Shared Files
[2010.05.16 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\CheckPoint
[2010.05.16 11:59:09 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2007.05.26 11:22:57 | 000,065,536 | R--- | C] ( ) -- C:\Windows\System32\A3D.DLL
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.20 17:29:55 | 007,864,320 | ---- | M] () -- C:\Users\Hagen\NTUSER.DAT
[2010.05.20 17:28:28 | 000,000,584 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010.05.20 17:28:28 | 000,000,584 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010.05.20 17:14:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.20 17:13:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.20 17:13:31 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 17:13:31 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 17:13:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.20 17:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.20 17:13:16 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.19 22:10:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hagen\NTUSER.DAT{31d99dd7-b0c3-11de-bf36-0016e6dcf58b}.TMContainer00000000000000000001.regtrans-ms
[2010.05.19 22:10:56 | 000,065,536 | -HS- | M] () -- C:\Users\Hagen\NTUSER.DAT{31d99dd7-b0c3-11de-bf36-0016e6dcf58b}.TM.blf
[2010.05.19 22:10:53 | 003,724,042 | -H-- | M] () -- C:\Users\Hagen\AppData\Local\IconCache.db
[2010.05.19 22:05:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 21:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.19 17:56:40 | 000,642,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.19 17:56:40 | 000,120,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.19 17:56:39 | 001,588,244 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.19 17:56:39 | 000,685,944 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.19 17:56:39 | 000,145,912 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.19 17:36:48 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2010.05.18 18:37:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.05.18 18:31:31 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.18 18:08:49 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.05.18 17:49:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.18 17:33:26 | 000,395,221 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.18 17:21:29 | 000,001,055 | ---- | M] () -- C:\Users\Hagen\Desktop\Spybot - Search & Destroy.lnk
[2010.05.17 20:15:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.05.17 20:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.05.17 20:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.05.17 20:15:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.05.17 20:10:09 | 000,001,432 | ---- | M] () -- C:\Users\Hagen\Desktop\DivX Movies.lnk
[2010.05.17 20:09:04 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.17 20:08:15 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.17 20:04:32 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.17 18:19:00 | 007,845,830 | ---- | M] () -- C:\Users\Hagen\Documents\AutoRuns.arn
[2010.05.17 17:34:43 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.17 17:34:39 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.05.17 17:15:44 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.16 13:43:10 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hagen\Desktop\mbam-setup-1.45.exe
[2010.05.16 12:15:35 | 000,001,892 | ---- | M] () -- C:\Users\Hagen\Desktop\HijackThis.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.20 17:14:47 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.05.19 22:05:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.19 17:36:48 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk
[2010.05.18 18:31:31 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.05.18 17:49:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.18 17:21:29 | 000,001,055 | ---- | C] () -- C:\Users\Hagen\Desktop\Spybot - Search & Destroy.lnk
[2010.05.17 20:10:09 | 000,001,432 | ---- | C] () -- C:\Users\Hagen\Desktop\DivX Movies.lnk
[2010.05.17 20:09:04 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.05.17 20:08:15 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2010.05.17 20:04:32 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.05.17 20:00:16 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.17 19:59:27 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.17 18:18:59 | 007,845,830 | ---- | C] () -- C:\Users\Hagen\Documents\AutoRuns.arn
[2010.05.17 17:21:07 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.17 17:21:07 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.05.16 12:53:07 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.05.16 12:15:35 | 000,001,892 | ---- | C] () -- C:\Users\Hagen\Desktop\HijackThis.lnk
[2010.03.08 18:00:52 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.12.08 18:02:40 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI
[2009.12.08 18:02:31 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.08 18:02:31 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.09.11 16:47:51 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009.09.11 16:47:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009.08.22 13:51:05 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2009.08.22 13:40:46 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.08.22 13:40:34 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.07.24 23:16:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.14 16:05:18 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.05.14 16:05:17 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.04.21 03:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2009.04.02 10:37:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2008.10.22 11:31:21 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.08.04 15:06:13 | 000,003,595 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.03.21 12:05:57 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.01.27 13:31:10 | 000,000,038 | ---- | C] () -- C:\Windows\System32\w3url.dll
[2008.01.26 14:01:21 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.01.26 13:59:49 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.29 14:11:01 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2007.12.29 14:11:01 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2007.10.27 10:26:34 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2007.10.07 15:02:46 | 000,001,053 | ---- | C] () -- C:\Windows\PStudio.ini
[2007.10.07 15:02:46 | 000,000,032 | ---- | C] () -- C:\Windows\album.ini
[2007.10.07 13:09:54 | 000,000,067 | ---- | C] () -- C:\Windows\StationRipper.INI
[2007.10.07 13:09:48 | 000,000,205 | ---- | C] () -- C:\Windows\sripper.ini
[2007.10.07 13:09:48 | 000,000,052 | ---- | C] () -- C:\Windows\StreamRipper32.INI
[2007.10.07 13:05:37 | 000,000,022 | ---- | C] () -- C:\Windows\op70.ini
[2007.10.07 11:39:49 | 000,000,352 | ---- | C] () -- C:\Windows\WINCMD.INI
[2007.08.19 15:07:11 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2007.07.25 17:00:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dzcarrara.dll
[2007.07.25 16:33:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll
[2007.07.25 16:33:06 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll
[2007.07.25 16:29:50 | 007,921,664 | ---- | C] () -- C:\Windows\System32\dzcore.dll
[2007.07.25 13:37:26 | 006,131,712 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll
[2007.07.25 13:37:26 | 001,785,856 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll
[2007.07.25 13:27:22 | 002,076,672 | ---- | C] () -- C:\Windows\System32\dz3delight.dll
[2007.06.26 19:14:49 | 000,002,423 | ---- | C] () -- C:\Windows\WININIT.INI
[2007.05.26 11:23:50 | 000,000,054 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini
[2007.05.26 11:22:58 | 000,008,251 | R--- | C] () -- C:\Windows\sfsyn.ini
[2007.05.26 11:22:57 | 000,137,728 | R--- | C] () -- C:\Windows\System32\OemSpi.dll
[2007.05.26 11:22:57 | 000,053,248 | R--- | C] () -- C:\Windows\System32\P17CPI.DLL
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:294A20C2ABB7650B
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1048AE9D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:30FD0CBD
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

basdev 20.05.2010 18:45
OTL-Extras
Code:
OTL Extras logfile created on: 20.05.2010 17:28:52 - Run 1
OTL by OldTimer - Version 3.2.5.0    Folder = C:\Users\Hagen\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,62 Gb Total Space | 130,29 Gb Free Space | 53,26% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 89,60 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 3,73 Gb Total Space | 0,14 Gb Free Space | 3,80% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: HAGEN-PC
Current User Name: Hagen
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MMonk\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MMonk\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MMonk\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27247ADD-FDA7-4493-A158-0639F11C7131}" = lport=25839 | protocol=17 | dir=in | name=bitcomet 25839 udp |
"{5BE20E6C-6C19-4F52-B999-C6275A800270}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{64E5094B-08CF-4BEC-A40C-606324BFE7F0}" = lport=25839 | protocol=6 | dir=in | name=bitcomet 25839 tcp |
"{8D726A82-A095-461D-83C5-353340EF4A0E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{C5D772F5-809E-4570-AE0D-F6D1B8790EF9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E1889971-E551-403B-806B-BD46808855B2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1162B006-3B69-44BA-A7A4-EABE04C3E06E}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{1198A007-EF5A-4E25-9BD1-CF925077B01E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1C65F4C9-C511-4850-B364-48E1C6D07689}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{1EC80E68-037A-48AF-8E7B-2F22EB62F1E3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{2206F623-6C95-4972-BC99-2D8A06EE556F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{23610657-DC5D-451E-BC04-5515183A825F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{236D0299-BE49-4759-9128-DAD0EC36F867}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{24DA379F-D06F-4637-9325-62971BCC36B2}" = protocol=17 | dir=in | app=c:\program files\cyanide\loki\autorun\autorun.exe |
"{263828E3-0938-42CE-A2EE-0CED9C7D2334}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{29765821-CD20-47D6-9B3D-E8F0F3A9543B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2A6F2C03-F5AA-4C63-8785-F502E0515018}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{33548D30-BDB4-4DCE-BB54-5B91C173B7B5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{366656B1-01AC-4643-A9F2-E50576D8E038}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{3804EAAB-1092-4657-A2BA-DA168FF5EE89}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{39C962E5-06E5-460F-BDA6-26ABDA40F6DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{45B1B3BA-D1F3-4A67-968E-522531658A5E}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{47527BC6-367A-4C6B-915B-20F0A575C7D4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{48A83424-9B74-488C-BBD0-FF422F92991F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4B8940C7-A23A-44E4-A716-8C3BFA33FD49}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{4E32935F-0997-467D-BBDE-5868DA4BFADB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{548C9FFE-92D3-42F9-A105-9317DDC41278}" = protocol=17 | dir=in | app=c:\program files\cyanide\loki\loki.exe |
"{58E54953-4838-4B6B-BD8F-2D53B068DE53}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{5F2AD5BA-530F-4264-97AF-C74203E57E80}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{640C57ED-70AC-4272-9FC5-5E6341BF11E3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{6680776A-C9F8-40EC-BFED-25274D546180}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{7388A654-58EE-4E46-9B60-6BAABFDBF92B}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{78161FD6-BA37-446F-BD6E-A45C47CDEFD3}" = protocol=6 | dir=in | app=c:\users\hagen\appdata\local\apps\2.0\era78qdd.zhl\8ea5qhp4.6dv\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{78EE4E97-108E-4DB2-84B3-33A64C86F6A8}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
"{7F7591B2-0746-4F2D-B763-C83276DFC10C}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{81864309-8545-45C2-B1FE-B70226B02075}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
"{8A939E56-30B9-4BCC-AE40-9B00F1106C58}" = protocol=6 | dir=in | app=c:\program files\cyanide\loki\loki.exe |
"{94CC542D-DC46-42B2-AF89-616367CF0D16}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{96682715-1E86-49DB-A4D8-B106273568E7}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{988317C2-94C9-47E9-BD91-241156A856A5}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{9DDB0D19-9A21-45AC-8ACE-ED3FB91A1A1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{AC8623B9-97FC-435A-B89A-059176CC6DE3}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{AD4AED54-6F6B-4FC3-9485-5185CD612E7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B02270FE-78F5-456B-A3D8-9EBF61243B1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{B0B89579-D3EE-485C-A316-DE221580A56C}" = protocol=17 | dir=in | app=c:\users\hagen\appdata\local\apps\2.0\era78qdd.zhl\8ea5qhp4.6dv\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{C4AF87F0-C0B6-4A0E-A474-CC81A91981FB}" = protocol=6 | dir=in | app=c:\program files\cyanide\loki\autorun\autorun.exe |
"{C81FED51-D358-4A7A-84FE-40C8D2C0B08F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{C9326222-54B9-48AC-9779-9A5005658B55}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{D7A7E1CB-30B3-4249-A40E-632B8026E337}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E2CEA6E0-7B70-430B-BF94-A0C36C451159}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{F04E2847-1276-410A-8857-E029BC596499}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F807B5AB-CBC0-4572-A96D-A0D65FF9B197}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"TCP Query User{0A5689A0-9F2C-4030-A9DD-2F6DF6A7EE63}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{48664632-2698-4595-9946-3B8AE7786525}C:\program files\movie torrent\movie torrent.exe" = protocol=6 | dir=in | app=c:\program files\movie torrent\movie torrent.exe |
"TCP Query User{63C5F1EB-7B46-4C78-A1E8-4768AEDF3DAC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{9C7A7F5E-9724-4DE0-AEFE-8666793B58BC}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe |
"UDP Query User{3DD01CEC-32EA-4BAD-A7EF-65E73E89A45F}C:\program files\movie torrent\movie torrent.exe" = protocol=17 | dir=in | app=c:\program files\movie torrent\movie torrent.exe |
"UDP Query User{52BB4759-BA28-45E2-A064-D72FCE6A5409}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{7CD1E17D-83DD-48C0-B531-85416FC61CBA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{D736CD73-FA68-42B8-ACF4-3EF31E09E925}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04C283E4-7FB0-417C-26DD-4AF656A0DECA}" = Catalyst Control Center Graphics Full New
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{091DE262-A5F4-4D6A-97F0-0D6A93D6F4F7}" = RawPacketDriver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{13C24BBC-F194-C886-C993-93CDA31EF5EE}" = CCC Help Turkish
"{18550D66-9E2F-E996-4374-922CE5136D2B}" = CCC Help English
"{1860CF27-32FE-95D7-014F-F4C210988BB7}" = ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2491C25B-5BDF-139A-20BC-C081DCBF653D}" = CCC Help German
"{2585FE80-3666-B768-93B2-A7585C4BB2B1}" = ccc-core-static
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27A07F33-EADC-8971-6D13-6263D4E90809}" = CCC Help Finnish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32ABC0EB-8F69-B431-49F5-5C1150E7B7C7}" = Catalyst Control Center Graphics Previews Common
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{39AF8F9C-FAF2-2012-C5A2-8AD0B6DE3B95}" = CCC Help Hungarian
"{3B2A1453-E69E-5F62-AA11-AB09A4E962AD}" = Catalyst Control Center InstallProxy
"{3BCE3FDF-4A7A-FBAC-65B3-F517DF651076}" = CCC Help Swedish
"{4142E5E1-1415-E7AF-8631-62DF8AFF4F73}" = ATI Catalyst Install Manager
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{452A1FAC-F5A0-471E-B8AA-F2B0990E18D6}" = Auction Studio 2009
"{46157EFF-B576-CA93-0DE0-41B6B5406432}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}" = Preispiraten
"{5592EAD5-22E8-9AEC-0A8F-19D0EDFD88F0}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C62F4FE-E4FB-7193-C1B4-B6A8A557BFDE}" = CCC Help Danish
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E992B43-7F22-59E9-4BCF-FD5157F221F9}" = ATI AVIVO Codecs
"{5EA4D0FB-6988-A40B-BC17-10D5F2D70225}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B3C1C7-CE1A-F2A8-229F-8ED4BE8AF38B}" = Catalyst Control Center Core Implementation
"{6469F22F-63C7-527E-32EE-F8DCB8E711A8}" = CCC Help Spanish
"{73688255-C643-AFBA-C1AA-8849599838C7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80081D11-89C4-F3A5-68D0-024498FBC7BF}" = CCC Help Chinese Traditional
"{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8DD28683-B0FB-3562-8AC1-B3E478E6A3E0}" = CCC Help Polish
"{8F1DA256-8440-A54D-914D-BAE11062F354}" = CCC Help Russian
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{994A45A7-506C-B1A2-C1E4-CE5CA33D3653}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDC9FF8-1BDC-48AA-8E9B-327F984D0E3E}" = Preispiraten
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A176E83C-9514-A97E-7536-9BDEAC180198}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7988138-1065-5B78-3C8A-98A53EE9EF6D}" = CCC Help Chinese Standard
"{B9A7A351-6C55-697A-8919-9BF7EFED05B3}" = Catalyst Control Center Graphics Full Existing
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CA97E53B-2E94-6602-2956-C2D37B91ECE3}" = CCC Help Portuguese
"{CC6E0CC3-0C86-B773-4D82-8188FB91E62E}" = CCC Help Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6421134-78C3-8E9D-1512-5BA1B2088DCF}" = CCC Help Dutch
"{DA9C6CBF-8955-966B-3A87-62AFA677C292}" = CCC Help Czech
"{DB30B278-35EF-2836-B6EC-37639BBBF215}" = Catalyst Control Center HydraVision Full
"{DC19A2BC-9698-430E-AD50-456B837B1BCD}" = GoGear SA018 Device Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E36899ED-7F05-45C0-A417-3B60EB9F7965}_is1" = concept/design Hit-Recorder 2
"{E899BF79-446D-C365-81D7-901D30C58206}" = CCC Help Japanese
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F08C8A50-8061-2B2A-C0F9-F0715740DE4A}" = Catalyst Control Center Graphics Previews Vista
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{FAE94B77-CBC4-AA4D-676B-1588EFA5C1CE}" = Catalyst Control Center Localization All
"1&1 EasyLogin" = 1&1 EasyLogin
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Auction Studio 2009" = Auction Studio 2009
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.3.0" = Biet-O-Matic v2.3.0
"BlindWrite 6_is1" = BlindWrite 6
"CloneDVD2" = CloneDVD2
"CoffeeCup Free Viewer Plus" = CoffeeCup Free Viewer Plus
"Copernic 2001 Plus" = Copernic 2001 Plus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DAZ|Studio" = DAZ|Studio 1.7.1.5
"DC-Bass Source" = DC-Bass Source 1.1.1
"Deep Paint" = Deep Paint
"DirectVobSub" = DirectVobSub (remove only)
"DirectX" = DirectX deinstallieren
"DirectX Buster" = DirectX Buster 2.1 Beta 4
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Dungeon Keeper II" = Dungeon Keeper 2
"DVD-lab PRO 2.51_is1" = DVD-lab PRO 2.51
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.5
"Easy DVD Clone" = Easy DVD Clone
"Easy DVD Shrink" = Easy DVD Shrink
"EditStudio_is1" = EditStudio 6.0.5
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.22
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.2.8.1
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.3
"Harry's Filters 3" = Harry's Filters 3
"HijackThis" = HijackThis 2.0.2
"Incomedia WebSite X5 v8 - Smart" = Incomedia WebSite X5 v8 - Smart
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Jack Keane" = Jack Keane
"Jagged Alliance 2" = Jagged Alliance 2
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Jukebox 12" = Media Jukebox 12
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Picasa 3" = Picasa 3
"PixelSampler_is1" = PixelSampler
"Pixillion" = Pixillion Image Converter
"PreisHai_is1" = PreisHai 4.1
"Prism" = Prism Video Converter
"S2TNG" = Die Siedler II - Die nächste Generation
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SmartToolseBook DAO, ADO Recordsetsv1.00" = SmartTools Publishing • Access eBook DAO, ADO Recordsets
"SShockDeinstallKey" = System Shock2
"StationRipper" = StationRipper 2.87
"TagScanner_is1" = TagScanner 5.0 build 516
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Card Stability Test" = Video Card Stability Test
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.1
"WaveStudio 7" = Creative WaveStudio 7
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinGimp-2.0_is1" = GIMP 2.6.7
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Muziic Player & Encoder" = Muziic Player & Encoder
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"SmartTools Publishing · Access-Fenster skalieren" = SmartTools Publishing · Access-Fenster skalieren
"SmartTools Publishing · Erweiterte MsgBox für Access" = SmartTools Publishing · Erweiterte MsgBox für Access
"SmartTools Publishing · SQL aus Abfragen" = SmartTools Publishing · SQL aus Abfragen
"SmartTools Publishing · SQL für Formulare" = SmartTools Publishing · SQL für Formulare
"StationRipper" = StationRipper 2.93B
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.05.2010 11:09:26 | Computer Name = Hagen-PC | Source = Application Hang | ID = 1002
Description = Programm Wowhead_Client.exe, Version 1.5.0.0 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: e5c  Anfangszeit: 01caf5d2de83252d  Zeitpunkt
 der Beendigung: 16
 
Error - 17.05.2010 11:10:39 | Computer Name = Hagen-PC | Source = Perflib | ID = 1008
Description =
 
Error - 17.05.2010 11:10:39 | Computer Name = Hagen-PC | Source = Perflib | ID = 1010
Description =
 
Error - 17.05.2010 11:10:42 | Computer Name = Hagen-PC | Source = Perflib | ID = 1008
Description =
 
Error - 17.05.2010 14:13:33 | Computer Name = Hagen-PC | Source = MsiInstaller | ID = 11500
Description =
 
Error - 18.05.2010 11:30:24 | Computer Name = Hagen-PC | Source = Application Hang | ID = 1002
Description = Programm setup.exe, Version 9.0.0.782 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: c  Anfangszeit: 01caf69e92d49e11  Zeitpunkt der Beendigung: 4
 
Error - 18.05.2010 12:18:07 | Computer Name = Hagen-PC | Source = VSS | ID = 12289
Description =
 
Error - 18.05.2010 12:19:04 | Computer Name = Hagen-PC | Source = VSS | ID = 12289
Description =
 
Error - 19.05.2010 11:19:52 | Computer Name = Hagen-PC | Source = ESENT | ID = 215
Description = WinMail (3628) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 19.05.2010 12:40:33 | Computer Name = Hagen-PC | Source = MsiInstaller | ID = 10005
Description =
 
[ System Events ]
Error - 17.05.2010 11:40:02 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.05.2010 11:44:08 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 17.05.2010 12:12:23 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 17.05.2010 12:12:54 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 17.05.2010 12:12:54 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.05.2010 11:11:37 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 18.05.2010 11:49:40 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 18.05.2010 12:34:39 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7030
Description =
 
Error - 18.05.2010 12:38:05 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.05.2010 11:16:28 | Computer Name = Hagen-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =
 
 
< End of report >


Malware sagt auch nix:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4118

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

20.05.2010 18:45:12
mbam-log-2010-05-20 (18-45-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 320824
Laufzeit: 1 Stunde(n), 8 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Bin für jede Hilfe dankbar..


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:02 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131