Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   winsvc.exe (https://www.trojaner-board.de/104117-winsvc-exe.html)

Marci96 13.10.2011 16:44
winsvc.exe
 
Hallo mein computer sagt dass ich einen Malware Virus habe es steht:
Objekt:winsvc.exe Fund:TR/Crypt.XPACK.Gen
Bitte helfen sie mir weiter!
Mit freundlichen Grüßen Marcel

markusg 13.10.2011 16:54
hi poste die gesammte meldung mit datei pfad.
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die
    OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal
    Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan
    links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Marci96 18.10.2011 11:40
Hier die Extra.txt:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.10.2011 12:23:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Marcel\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free
8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 90 05 40 80 78 90 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4518FFBB-6865-4C32-9623-6845CDA05990}" = rport=139 | protocol=6 | dir=out | app=system |
"{45BD829E-0E98-4D00-9A43-D46866FE8B61}" = lport=139 | protocol=6 | dir=in | app=system |
"{4FC1A17F-823E-45F6-9E4E-953A8A9643F1}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D09C253-06AC-4279-AE89-1D610D5E3032}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8B72CB3D-4A62-4F74-92A7-92D63A7478E2}" = rport=445 | protocol=6 | dir=out | app=system |
"{9F74368E-29FC-4693-BE40-C5762B6CC2E9}" = rport=138 | protocol=17 | dir=out | app=system |
"{A13893E2-178E-4B65-A48C-5BFE6252A8A2}" = lport=445 | protocol=6 | dir=in | app=system |
"{A2C7A3E3-1CE3-44F8-94D6-BD7A70E38F35}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E588C3A1-C5A8-4EDC-8452-DD53A73A9CDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{E6EF34C0-6A32-44EC-9F88-9977B6CA335C}" = lport=138 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019648AF-DCC2-40A8-9F85-D5A14741A19D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{039827DC-7D7D-4240-ADAB-670A2136DEB7}" = protocol=17 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{0401D4CD-C3B1-4FC6-BE3D-96E85BD21BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{058BA76D-D38B-49D5-81E7-480F81813309}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{0849B371-4B27-4E41-9632-16D72E80EA69}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{12A826D2-0184-43E7-9203-1D2B64C37F2B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{142CF540-DB64-465E-A8C1-9F78FA381836}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{1487D617-91DB-4E3D-B612-51E5C0F29604}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{20506BDA-24D5-4C19-BDB4-E52698E974E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe |
"{21554A6A-094F-46A4-A21C-7A75D6CDBADD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{23738E23-9A80-4A90-9833-2FEC6ABCD3AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{25BAA5A7-F773-457C-82CA-AD7E70595BA6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{271D3AA4-0330-4261-9A9A-BAB980F4ECE8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{27EB6CB9-ACF0-440F-B118-B6629CE85965}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{28734F18-546E-441E-A108-AFFB99130D94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2BD18D2B-7496-48BB-B48B-EA2C4271194E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe |
"{317DC5D1-D186-4CC6-83EE-3B1C240C2523}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{3EE9366A-7977-444E-BFC8-BAF27004C756}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{40723397-DC8A-4990-96D9-DBE3F34B2FC1}" = protocol=6 | dir=in | app=c:\programdata\sweetim\messenger\update\sweetimsetup.exe |
"{422B03C0-3990-4510-BE76-64C40253E68E}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe |
"{436FDFD0-B932-40F6-91C8-0623AECF031B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{446637F4-146E-4585-A0E7-6CEDD9D179B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{4CA801BA-7559-42D8-AE1E-A9AFC4E71BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{5756EEC8-1690-4E6E-AE7B-45A08E09818D}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{5774DB51-5B2F-4A20-B33B-65853AE944E7}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{5F438DB2-AEF3-41AA-96B0-576B8927FED3}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe |
"{660F0B2C-4C89-4615-BD13-0E9115EC43BA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{682FDC81-1C7F-4450-83CB-9070B8DA73D2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{68ED4FD4-FF99-47CA-813D-3726EB1DEF5A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{692E5D75-7B9B-4CD0-B61D-FABAC8782B96}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{74FE5519-11A9-420A-8CCC-4259072F0EF5}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{7C71BA6F-8EC3-4B20-92FA-B0C6F40F9820}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D24ECB9-E57D-40F3-8EE0-527FC0C9C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{7E49A71C-8A4A-4E07-B3C1-E41483808039}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{82157C68-F9B5-4669-A3F7-B8A16B0C547F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry\hl2.exe |
"{834F6B4A-853F-44C9-AB2C-69C208D1BABD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{8B02F308-1BB9-47D9-B100-2F96B2C18F42}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{8E5C8675-330E-4A6C-8D4D-9082EFAAB4F6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{92EBA246-8957-44E9-96DA-2D10B3FDCE84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{982210A8-8C87-4AAE-87DF-DD44E9286626}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\age of chivalry dedicated server\srcds.exe |
"{9DF83B4A-1CF6-46B1-92F5-62E3A4D1735C}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe |
"{9FF758EE-C81B-4FCE-8A60-D2CCF0AB5E56}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A173CCEF-F1BD-429D-A6B9-BCFF29E85C5F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{A2E7F8AB-59C4-4636-A926-A561385420D9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe |
"{A7E5AD5C-6DB4-4C1C-B43E-0A58AAAE64F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{B1CB62C3-322E-46B6-A04A-0D03E23E66D8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B81A97FD-6D30-4DC3-84B5-A216DBEEF91F}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{BAC1C0D4-F5AD-4F81-9D40-CB11A86C5983}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BB18F5BA-91DD-4D01-8E6A-1FE6C90F7847}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{BB73DD23-29CA-4705-95AF-978025FA5552}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BB7CB006-FC5A-4110-B79C-8894DDD6B13E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BBEECF8D-E835-4A85-A955-24C7C872CDAE}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BEAEF824-70CE-4B74-99A4-A8E42202C766}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\hl2.exe |
"{C22BED7D-8557-494F-BEC8-62ED2994B64D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C616491B-472E-46FE-BBF6-12AE36EFF6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{C6B99E66-3530-4A42-BB16-89B1D30484C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\moon base alpha\binaries\win32\moonbasealphagame.exe |
"{C8881911-BCFB-41FE-AEA8-3BC658E75B13}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\dead rising 2\deadrising2.exe |
"{CAE1A061-F37B-4385-8ED3-9EAF583CA8AA}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{CB1D1AE6-012D-4CED-95BD-29F662F9D2E6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{CDD680F7-F262-4899-81C9-C66C060D2A1D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe |
"{CE2C4E72-C59A-4868-827A-BFBEED6A6C46}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1E5B58C-8A17-4D56-AD6F-A9851B46BC73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxmarcixx96\pirates, vikings, and knights ii\srcds.exe |
"{D801D64F-AE04-4A17-A0E7-E0D2FE034CD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E5FCF3B4-F0B5-4F69-8D7A-D86BD4A1FDFA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E693F32E-DB68-46CF-997D-985D3803EB9D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E82A5C23-7BCA-450D-9A97-46FAC90E224C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E96E393B-1C44-4F46-BFBF-0043E26E10F5}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{ECE1C2A3-D8CE-402B-A7A9-78A323FE94C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{EDD7A457-2C1C-44E8-9C2C-5BE16BED3FA0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{F0556225-BB04-451A-A2E2-9A143CB356CA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{F37F3614-C34A-4281-A7C2-266C276822B0}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{F39BDAE6-AACA-4501-BDD6-3926D0285CA9}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"{F80FAC8D-EEB6-4DAC-B85B-2EF2B884A2DF}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{FAB69813-4C60-4782-A9F3-A232F2F46B56}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{0B13FF2B-C003-4C42-A72A-078D3BA13CEF}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{3073820A-ED41-4A03-87E8-B522B46FF317}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{373CEDAE-1A38-41E0-92DE-ECCBC13B8FA6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{3D8479FC-34C9-4777-88B8-BEE3B7A936AE}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"TCP Query User{65C6B101-2082-428F-8EA2-D3EA183F7A84}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{68362633-5DAB-454E-B173-D8FB00DC065A}C:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe |
"TCP Query User{737C97DC-54FB-468B-AD8E-F0ADAA9F49EF}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{82ADEBB0-9164-4D2A-B1FC-0922CDC0D6FD}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe |
"TCP Query User{BC85B79E-F492-4686-A4BF-A062BCC743DD}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"TCP Query User{C4EC40A1-DD81-499A-AC08-ED01CF35DB3B}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=6 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe |
"TCP Query User{F9F285E6-D8A8-4A31-A5F1-EC1C3A513B3A}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"TCP Query User{FEC0EC52-B246-4846-B601-33FB4E3F8281}C:\users\marcel\desktop\garrys mod\hl2.exe" = protocol=6 | dir=in | app=c:\users\marcel\desktop\garrys mod\hl2.exe |
"UDP Query User{30413286-4EAA-413F-9448-B86931C3EBD2}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin |
"UDP Query User{35047D65-A379-49FC-AED9-3F991C8DAABF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4729A9C7-A666-4175-B125-48ECB94AB937}C:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\marcel\appdata\local\temp\rar$ex01.488\teeworlds\teeworlds_srv.exe |
"UDP Query User{56555358-42C8-4175-9575-493FB96C51AE}C:\games\ngd studios\regnum online\liveserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\liveserver\roclientgameex.exe |
"UDP Query User{5B2CECD1-1122-4824-8D78-6184909502F9}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe |
"UDP Query User{8B401D7F-1775-4363-AB06-86ED58E26940}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{90458397-C4F7-41AA-8A34-DFD6E70E8079}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9075C557-A4DA-4BA8-8003-430EC3841036}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{9510F3F9-D032-4B2E-A092-E6E6273A8036}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{AA8AD445-313F-47B7-A053-EA2E6EF5D61E}C:\users\marcel\desktop\garrys mod\hl2.exe" = protocol=17 | dir=in | app=c:\users\marcel\desktop\garrys mod\hl2.exe |
"UDP Query User{C4C49ED3-7C82-4C00-825C-999D5080C1D9}C:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"UDP Query User{DF7E891F-9C41-49CE-9CAC-855CF4C038A3}C:\games\ngd studios\regnum online\testserver\roclientgameex.exe" = protocol=17 | dir=in | app=c:\games\ngd studios\regnum online\testserver\roclientgameex.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1D95A4AF-B4FE-45E5-1518-2A842BA83081}" = ccc-utility64
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9EA8213A-9080-C41F-2F85-8FF98374AB9F}" = ATI Catalyst Install Manager
"{A9513BBC-73B4-4856-BF83-0166523ABF09}" = 64 Bit HP CIO Components Installer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.00 Beta 5 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0019BCD5-6D1C-6B47-8214-A151D5FCFDDC}" = Catalyst Control Center Localization Thai
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{014A0EB1-C226-1CAF-7B72-49321CB0E9B3}" = CCC Help Hungarian
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0AF5BF1B-FFE1-2C85-FDDC-3A44EFD341EC}" = Catalyst Control Center Localization Italian
"{0BB291F1-BEBA-2530-990B-863B206B1F8A}" = Catalyst Control Center Localization German
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{114C3B4C-CA35-1027-B126-F10DAB0F20B7}" = CCC Help Norwegian
"{11908571-96AB-2B21-EDBE-7852B087E925}" = Catalyst Control Center Localization Portuguese
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C7264E-BAA0-73B7-0B7C-BA1CCA40F438}" = CCC Help Chinese Standard
"{23D2AA7C-FFB2-3271-7568-58D9CE58598F}" = CCC Help German
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25468ED2-C4F8-C7EB-5CDB-20D934D6A1F9}" = CCC Help French
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{277AF855-DF15-BDCA-D570-5B94C5371201}" = CCC Help Polish
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BEC7DA6-3455-5674-4A0E-09A6777A2C25}" = Catalyst Control Center Localization Dutch
"{2CC86F66-6C15-3D00-F05E-830846CF2393}" = CCC Help Turkish
"{2DDB9835-EE7B-FF38-084C-EBB81710A5FB}" = Catalyst Control Center Graphics Previews Vista
"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{35BEB65B-B67C-C104-CE7E-56D71378822D}" = Catalyst Control Center Localization Swedish
"{36D76EB0-F8A6-BD4A-A3C9-B07BE72FF6CD}" = Catalyst Control Center Graphics Full New
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{395AB8C5-F3A8-4380-8718-7A11EC5829F6}" = iCON 210
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B7AD0B6-B25D-EB03-5657-E9B3ECBC3C28}" = Catalyst Control Center Graphics Light
"{3C9DDCA5-D9EF-B431-B7E8-3B2286E92FEE}" = Catalyst Control Center Core Implementation
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{441BA798-953E-1FF2-F9B8-7D1BED5E3278}" = CCC Help Chinese Traditional
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C074190-CE6F-1960-F8BC-B00CF700CAA4}" = Catalyst Control Center Localization Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DDF7B07-6CC5-CEE9-CA52-E95F8547EBC0}" = Catalyst Control Center Localization Greek
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56B74948-05CA-C84D-307C-A578F98DAF33}" = Catalyst Control Center Localization Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{590129B0-8CBD-0C3D-55C6-693C5C910A53}" = Catalyst Control Center Graphics Full Existing
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F87D8F9-A373-11D5-AA2E-0008C760B784}" = Ultimate Ride
"{60706F47-9AD7-59C5-2BFF-A747086FE30B}" = Catalyst Control Center Localization Finnish
"{607576AD-A631-77DE-3D8C-3FBA257962D0}" = Skins
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{61E1C6E3-1793-2F66-B14D-E8899F8F36D7}" = Catalyst Control Center Localization Turkish
"{6365C963-4B72-43F8-8392-2A5441EC2A86}" = DJ_AIO_03_F4220_ProductContext
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F058B03-40A6-3023-ACE4-C031CB5F51E6}" = CCC Help Portuguese
"{6F1D0A3C-3E04-3E6D-2286-1B1900777555}" = Catalyst Control Center Localization Chinese Standard
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795288DC-2652-44A5-99FD-2ECDF3C633BF}" = SweetIM for Messenger 3.3
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7C0B4269-EFF1-FE99-2298-B5752BBCD1CE}" = Catalyst Control Center Graphics Previews Common
"{815E4EFD-6A9C-50F5-3C7B-DD5984BF1CBB}" = Catalyst Control Center Localization Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8D8637C8-BD8F-71AF-1E15-B4104FDFF6A9}" = CCC Help Japanese
"{8F32C384-D237-4516-9F2B-223E8963A2FB}" = Lager
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97ABD26A-3249-46CB-B2E2-F66E64B2E480}" = HP Demo
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9E3A383E-0AF0-97F3-3FFF-E466DFDD302B}" = CCC Help Greek
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A40DD5A8-B549-126F-DEDE-2A0DD11342F0}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B03DF1CE-9964-0BCB-A53E-9ABE88B17F60}" = Catalyst Control Center Localization Spanish
"{B04F82E0-C4F2-58B3-C799-FAC82F6F88C1}" = CCC Help Russian
"{B0516082-BA15-2ACC-A354-0CA22CFE4CF9}" = CCC Help Spanish
"{B3891007-20E0-83BB-93F8-3062A2ED39EB}" = CCC Help Italian
"{B3DA638A-7AC7-4202-C489-898D8A5AE48B}" = CCC Help Dutch
"{B593E002-4F0A-2537-AF4D-59C371FCE60F}" = CCC Help Finnish
"{B61A79BE-E94C-42C0-921D-8B7E5217069C}" = F4200
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9AB88D8-3A09-4A4A-8993-0E2F6F9F294B}" = muvee autoProducer 6.1
"{B9CB4A55-002A-5FC0-DF39-A5D5FF2F036D}" = Catalyst Control Center Localization French
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C485E0AA-2176-835B-8555-C08002E8517B}" = Catalyst Control Center Localization Norwegian
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C948C303-C151-B075-DDD6-F69B963B70EF}" = Catalyst Control Center Localization Russian
"{C9E04998-234A-4ACE-6C91-30F7E8EA735D}" = Catalyst Control Center Localization Polish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CCB5EE8A-8DE8-E4E2-1D3D-31C9CC3519C9}" = Catalyst Control Center Localization Chinese Traditional
"{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager
"{D11016EA-8CFB-4E07-91D4-28606762DF06}" = Der Planer 3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms
"{D2299355-97DE-1DBC-98EB-C5F2357F874C}" = Catalyst Control Center Localization Hungarian
"{D2C6274D-C3C0-0C1B-5E79-B94843622343}" = Catalyst Control Center Localization Czech
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D78C15E3-7648-A466-651C-FB618B3659AD}" = CCC Help Korean
"{DC2A30B7-030B-6842-C5D5-AE3D5E7B8ECC}" = ccc-core-static
"{DF18DFB5-A9CC-1A17-9861-2187C1265CD4}" = CCC Help Swedish
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{E9DA117D-B2B8-9F7D-DBD7-FF2A730FBB8A}" = CCC Help Czech
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{F8A5531E-FEB4-4F7C-AF51-342E40FA7A0D}" = F4210_Help
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FDC5251B-4139-1DAE-8CCC-20AAC4E5422E}" = CCC Help Thai
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF063B2A-19DB-C210-C06D-8BBECD7D45B4}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar" = AOL Toolbar 5.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FileZilla Client" = FileZilla Client 3.2.7.1
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.10.722
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Freibier" = Freibier
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"iLivid" = iLivid
"Indeo® Software" = Indeo® Software
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"NSS" = Norton Security Scan
"o2DE" = Mobile Connection Manager
"OpenAL" = OpenAL
"PC-Doctor for Windows" = Hardware Diagnose Tools
"Quick Memory Editor_is1" = Quick Memory Editor 5.5
"Real Desktop Standard_is1" = Real Desktop 1.61 Standard
"RealDesktop Toolbar" = RealDesktop Toolbar
"Regnum Online" = Regnum Online 1.6.2
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.12.2.4
"Tankwagen-Simulator 2011_is1" = Tankwagen-Simulator 2011
"Tour de Franz" = Tour de Franz
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Engine" = Sony Ericsson Update Engine
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.1.11
"Vodafone WCDMA Composite Device Drive" = Vodafone WCDMA Composite Device Drive Software
"WildTangent hp Master Uninstall" = HP Games
"Woodcutter Simulator" = Woodcutter Simulator
"World of Warcraft" = World of Warcraft
"WTA-d81f286f-9499-43ee-9c03-59e4803c1b65" = Build-a-lot 3
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---

markusg 18.10.2011 13:17
wo ist die fundmeldung??
bitte deinstaliere registry booster, solche programme können dir das system kaputt machen und oben drein bringen sie überhaupt nichts.

Marci96 18.10.2011 18:55
bei meinem avir antivir virenschutz kam diese meldung mit diesem virus ich habe ihn über facebook bekommen.
Darum habe ich gedacht ich frage mal lieber

markusg 18.10.2011 19:08
ich möchte die avira meldung...
und sende mir den link den du über fb bekommen hast als private nachicht.

Marci96 19.10.2011 17:34
winsvc.exe
 
Hier der Link:
hxxp://www.bacolodhouseandlot.com/facebook_img.php?l=IMG37384.JPG

Hier der Bericht:




Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 19. Oktober 2011 15:27

Es wird nach 3411502 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista x64
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : *****-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 03.07.2011 10:51:42
AVSCAN.DLL : 10.0.5.0 57192 Bytes 03.07.2011 10:51:42
LUKE.DLL : 10.3.0.5 45416 Bytes 03.07.2011 10:51:42
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 12:22:40
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 03.07.2011 10:51:42
AVREG.DLL : 10.3.0.9 88833 Bytes 19.07.2011 14:11:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 17:27:44
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:43:14
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 09:25:46
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 16:28:54
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 12:59:19
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 19:14:55
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 14:51:44
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 15:04:42
VBASE008.VDF : 7.11.15.107 2048 Bytes 05.10.2011 15:04:42
VBASE009.VDF : 7.11.15.108 2048 Bytes 05.10.2011 15:04:42
VBASE010.VDF : 7.11.15.109 2048 Bytes 05.10.2011 15:04:42
VBASE011.VDF : 7.11.15.110 2048 Bytes 05.10.2011 15:04:42
VBASE012.VDF : 7.11.15.111 2048 Bytes 05.10.2011 15:04:42
VBASE013.VDF : 7.11.15.144 161792 Bytes 07.10.2011 15:04:43
VBASE014.VDF : 7.11.15.177 130048 Bytes 10.10.2011 15:04:44
VBASE015.VDF : 7.11.15.213 113664 Bytes 11.10.2011 15:04:44
VBASE016.VDF : 7.11.16.1 163328 Bytes 14.10.2011 16:27:27
VBASE017.VDF : 7.11.16.34 187904 Bytes 18.10.2011 10:42:15
VBASE018.VDF : 7.11.16.35 2048 Bytes 18.10.2011 10:42:15
VBASE019.VDF : 7.11.16.36 2048 Bytes 18.10.2011 10:42:15
VBASE020.VDF : 7.11.16.37 2048 Bytes 18.10.2011 10:42:15
VBASE021.VDF : 7.11.16.38 2048 Bytes 18.10.2011 10:42:15
VBASE022.VDF : 7.11.16.39 2048 Bytes 18.10.2011 10:42:15
VBASE023.VDF : 7.11.16.40 2048 Bytes 18.10.2011 10:42:15
VBASE024.VDF : 7.11.16.41 2048 Bytes 18.10.2011 10:42:15
VBASE025.VDF : 7.11.16.42 2048 Bytes 18.10.2011 10:42:15
VBASE026.VDF : 7.11.16.43 2048 Bytes 18.10.2011 10:42:15
VBASE027.VDF : 7.11.16.44 2048 Bytes 18.10.2011 10:42:15
VBASE028.VDF : 7.11.16.45 2048 Bytes 18.10.2011 10:42:15
VBASE029.VDF : 7.11.16.46 2048 Bytes 18.10.2011 10:42:16
VBASE030.VDF : 7.11.16.47 2048 Bytes 18.10.2011 10:42:16
VBASE031.VDF : 7.11.16.62 60416 Bytes 19.10.2011 10:42:16
Engineversion : 8.2.6.84
AEVDF.DLL : 8.1.2.1 106868 Bytes 30.07.2010 13:53:59
AESCRIPT.DLL : 8.1.3.81 467322 Bytes 13.10.2011 15:04:54
AESCN.DLL : 8.1.7.2 127349 Bytes 22.11.2010 13:30:36
AESBX.DLL : 8.2.1.34 323957 Bytes 02.06.2011 12:59:52
AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 16:06:09
AEPACK.DLL : 8.2.10.11 684408 Bytes 25.09.2011 14:54:37
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 19.09.2011 13:56:09
AEHEUR.DLL : 8.1.2.180 3748217 Bytes 13.10.2011 15:04:53
AEHELP.DLL : 8.1.17.7 254327 Bytes 31.07.2011 09:12:19
AEGEN.DLL : 8.1.5.9 401780 Bytes 28.08.2011 10:35:49
AEEMU.DLL : 8.1.3.0 393589 Bytes 22.11.2010 13:29:56
AECORE.DLL : 8.1.23.0 196983 Bytes 28.08.2011 10:35:49
AEBB.DLL : 8.1.1.0 53618 Bytes 28.04.2010 15:53:51
AVWINLL.DLL : 10.0.0.0 19304 Bytes 21.04.2011 05:52:39
AVPREF.DLL : 10.0.3.2 44904 Bytes 03.07.2011 10:51:42
AVREP.DLL : 10.0.0.10 174120 Bytes 03.07.2011 10:51:42
AVARKT.DLL : 10.0.26.1 255336 Bytes 03.07.2011 10:51:41
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 03.07.2011 10:51:41
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:21
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 03.07.2011 10:51:41
RCTEXT.DLL : 10.0.64.0 98664 Bytes 03.07.2011 10:51:41

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50202131\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Mittwoch, 19. Oktober 2011 15:27

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'game.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IELowutil.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ImpWiFiSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RealDesktopSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AccVSSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\*****\Downloads\IMG04506864689.JPG(1).scr'
C:\Users\*****\Downloads\IMG04506864689.JPG(1).scr
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae67999.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 19. Oktober 2011 15:27
Benötigte Zeit: 00:02 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
19 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
18 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise

markusg 19.10.2011 18:14
ok otl.txt fehlt, und hatte ich nicht gesagt als private nachicht den link?

Marci96 20.10.2011 17:32
Oh sorry ich habe gedacht private Nachricht in Facebook sorry.

Hier die otl.txt:OTL Logfile:
Code:
OTL logfile created on: 18.10.2011 12:23:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free
8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (RealDesktop Toolbar Helper) -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (accvssvc) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (gtstusbser_64) -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys (Option N.V.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV - (gtstusbser_64) -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys (Option N.V.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.22 15:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 20:33:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}: C:\Users\*****\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}
 
[2011.06.20 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.10.11 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions
[2010.04.27 18:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.29 18:24:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.20 16:24:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010.08.06 12:08:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.11 18:00:02 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.23 17:31:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\DTToolbar@toolbarnet.com
[2011.04.09 22:15:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\engine@conduit.com
[2011.09.22 14:47:18 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\toolbar@ask.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml
[2011.03.02 18:09:41 | 000,002,059 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\daemon-search.xml
[2011.10.15 18:29:13 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml
[2010.10.24 21:04:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml
[2010.10.30 09:01:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml
[2010.12.21 19:42:26 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml
[2011.03.03 14:33:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-13.xml
[2011.03.08 10:01:56 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-14.xml
[2011.03.26 15:16:19 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-15.xml
[2011.04.10 00:36:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-16.xml
[2011.05.26 13:29:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-17.xml
[2011.06.21 13:23:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-18.xml
[2011.07.20 19:18:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-19.xml
[2010.03.25 13:35:00 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml
[2011.08.16 21:57:52 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-20.xml
[2011.08.21 11:40:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-21.xml
[2011.09.25 16:55:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-22.xml
[2011.09.29 20:34:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-23.xml
[2010.04.04 14:04:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml
[2010.04.15 12:51:07 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml
[2010.07.12 14:13:12 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml
[2010.07.22 20:11:44 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml
[2010.07.27 22:02:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml
[2010.09.09 10:05:34 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml
[2010.09.20 17:25:09 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml
[2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\SearchResults.xml
[2010.10.20 14:04:07 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml
[2011.07.05 17:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.24 01:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.05 10:20:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.26 16:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.07 18:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.05 17:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.07.11 20:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com
[2011.04.08 16:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.04.08 16:31:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.09.22 15:22:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2010.04.25 19:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.09.22 15:22:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.22 15:22:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.22 15:22:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.22 15:22:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 10:24:50 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml
[2011.10.18 10:24:50 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak
[2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.22 15:22:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.22 15:22:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPOP7Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOP7PlugIn.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\1.3.21.57\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.18 12:20:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.13 17:18:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.13 17:18:08 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.13 17:18:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.13 17:18:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.13 17:18:07 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.13 17:18:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.13 17:18:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.13 17:18:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.13 17:18:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.13 17:18:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.13 17:18:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.13 17:18:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.13 17:18:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.13 17:18:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.13 17:18:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.13 17:18:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.10.13 17:18:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.10.13 17:18:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.13 17:18:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.13 17:18:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.13 17:18:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.13 17:18:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.13 17:18:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.13 17:18:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.13 17:18:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.10.13 17:18:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.10.13 17:18:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.13 17:18:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.13 17:18:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.13 17:17:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.13 17:17:00 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.13 17:17:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011.10.13 17:17:00 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011.10.13 17:16:48 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 17:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 17:16:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 17:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 17:16:48 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.10.13 17:16:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.10.13 17:16:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.10.13 17:16:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.10.08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\.minecraft
[2011.10.08 10:31:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner
[2011.10.07 22:39:47 | 000,000,000 | RHSD | C] -- C:\Users\*****\M-1-52-5782-8752-5245
[2011.09.20 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 12:20:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.18 11:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.18 10:25:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.18 10:25:15 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.10.18 10:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.17 22:32:04 | 000,053,248 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.17 22:28:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job
[2011.10.16 10:35:11 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.13 19:21:19 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.13 19:21:19 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.13 19:21:19 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.13 19:21:19 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.13 19:21:19 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.13 18:02:10 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.10.01 01:25:22 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.01 01:23:56 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.01 01:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.01 01:21:49 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.01 01:21:20 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.01 01:21:00 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.01 01:20:40 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.01 01:20:40 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.01 01:20:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.01 01:20:38 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.01 01:20:38 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.01 01:04:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.01 01:02:38 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.01 00:29:23 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.09.30 23:48:19 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.09.30 23:47:58 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.09.30 23:47:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.09.30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.09.30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.09.30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
 
========== Files Created - No Company Name ==========
 
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 17:48:21 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2011.01.20 21:14:51 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Mtano.dat
[2011.01.20 21:14:51 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Rdedokoxaxedako.bin
[2011.01.07 18:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini
[2011.01.07 18:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini
[2010.12.05 15:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.07 13:54:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.01.01 15:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll
[2009.11.20 19:14:15 | 000,078,241 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009.10.15 20:26:15 | 000,053,248 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 14:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.06 14:51:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.10.06 14:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.02 17:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.09.28 18:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009.06.18 16:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2009.06.18 16:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009.03.28 11:09:30 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009.03.28 10:53:37 | 000,187,912 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009.01.20 14:17:53 | 000,000,488 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.12 22:17:35 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2008.09.12 22:06:31 | 000,115,801 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.09.12 21:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.12 21:49:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.09.12 21:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008.09.12 21:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.07.01 06:02:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
--- --- ---

Marci96 20.10.2011 17:33
Oh sorry ich habe gedacht private Nachricht in Facebook sorry.

Hier die otl.txt:

OTL Logfile:
Code:
OTL logfile created on: 18.10.2011 12:23:00 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 57,56% Memory free
8,20 Gb Paging File | 6,35 Gb Available in Paging File | 77,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 582,63 Gb Total Space | 303,86 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
Drive D: | 13,54 Gb Total Space | 1,86 Gb Free Space | 13,75% Space Free | Partition Type: NTFS
Drive E: | 925,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe ()
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko6.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (RealDesktop Toolbar Helper) -- C:\Program Files (x86)\RealDesktop Toolbar\RealDesktopSvc.exe ()
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (accvssvc) -- C:\Program Files (x86)\Common Files\AccSys\AccVSSvc.exe (AccSys GmbH)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (s1018mdm) -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys (MCCI Corporation)
DRV:64bit: - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\SysNative\DRIVERS\s1018unic.sys (MCCI Corporation)
DRV:64bit: - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1018obex) -- C:\Windows\SysNative\DRIVERS\s1018obex.sys (MCCI Corporation)
DRV:64bit: - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s1018bus.sys (MCCI Corporation)
DRV:64bit: - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys (MCCI Corporation)
DRV:64bit: - (s1018mdfl) -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys (MCCI Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (gtstusbser_64) -- C:\Windows\SysNative\DRIVERS\gtstusbser_64.sys (Option N.V.)
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys (MCCI Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV - (gtstusbser_64) -- C:\Windows\SysWOW64\drivers\gtstusbser_64.sys (Option N.V.)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: realdesktop@realdesktop.com:1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.22 15:22:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.21 20:33:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.03.28 10:58:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}: C:\Users\*****\AppData\Local\{7F9CE3EE-80D7-4EEA-BF8E-DFD3A4E95509}
 
[2011.06.20 16:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2011.10.11 18:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions
[2010.04.27 18:48:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.29 18:24:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.20 16:24:29 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2010.08.06 12:08:33 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.11 18:00:02 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.23 17:31:27 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\DTToolbar@toolbarnet.com
[2011.04.09 22:15:30 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\engine@conduit.com
[2011.09.22 14:47:18 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus WebGuard") -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\ss35hogg.default\extensions\toolbar@ask.com
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\conduit.xml
[2011.03.02 18:09:41 | 000,002,059 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\daemon-search.xml
[2011.10.15 18:29:13 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-1.xml
[2010.10.24 21:04:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-10.xml
[2010.10.30 09:01:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-11.xml
[2010.12.21 19:42:26 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-12.xml
[2011.03.03 14:33:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-13.xml
[2011.03.08 10:01:56 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-14.xml
[2011.03.26 15:16:19 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-15.xml
[2011.04.10 00:36:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-16.xml
[2011.05.26 13:29:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-17.xml
[2011.06.21 13:23:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-18.xml
[2011.07.20 19:18:27 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-19.xml
[2010.03.25 13:35:00 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-2.xml
[2011.08.16 21:57:52 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-20.xml
[2011.08.21 11:40:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-21.xml
[2011.09.25 16:55:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-22.xml
[2011.09.29 20:34:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-23.xml
[2010.04.04 14:04:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-3.xml
[2010.04.15 12:51:07 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-4.xml
[2010.07.12 14:13:12 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-5.xml
[2010.07.22 20:11:44 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-6.xml
[2010.07.27 22:02:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-7.xml
[2010.09.09 10:05:34 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-8.xml
[2010.09.20 17:25:09 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\icqplugin.xml
[2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\SearchResults.xml
[2010.10.20 14:04:07 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\ss35hogg.default\searchplugins\sweetim.xml
[2011.07.05 17:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.24 01:12:00 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.06.05 10:20:45 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.01.26 16:03:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.07 18:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.05 17:38:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.07.11 20:42:30 | 000,000,000 | ---D | M] (Real Desktop Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\realdesktop@realdesktop.com
[2011.04.08 16:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.04.08 16:31:16 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
() (No name found) -- C:\USERS\*****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SS35HOGG.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.09.22 15:22:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2010.04.25 19:59:24 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
[2011.09.22 15:22:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.22 15:22:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.22 15:22:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.22 15:22:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 10:24:50 | 000,002,772 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml
[2011.10.18 10:24:50 | 000,002,754 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\RealDesktop.xml.bak
[2011.06.20 16:24:23 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.09.22 15:22:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.22 15:22:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: NPOP7Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOP7PlugIn.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\1.3.21.57\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll File not found
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Real Desktop Toolbar) - {4C350B19-6CA1-4569-B14C-296D8D653009} - C:\Program Files (x86)\RealDesktop Toolbar\realdesktoptb.dll (RealDesktop)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus WebGuard) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A615081A-DB1C-42C8-8B6A-0E4FEC46738B}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll) -C:\PROGRA~2\WI371A~1\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll) -C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\IMG_0173.JPG
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.25 16:17:40 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2010.10.15 09:52:30 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.18 12:20:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.13 17:18:11 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.13 17:18:08 | 000,710,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.13 17:18:08 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.13 17:18:08 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.13 17:18:07 | 001,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.13 17:18:07 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.13 17:18:07 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.13 17:18:07 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.13 17:18:07 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.13 17:18:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.13 17:18:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.13 17:18:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.13 17:18:06 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.13 17:18:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.13 17:18:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.13 17:18:06 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.10.13 17:18:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.10.13 17:18:06 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.13 17:18:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.13 17:18:06 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.13 17:18:06 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.13 17:18:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.13 17:18:06 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.13 17:18:06 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.13 17:18:05 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.10.13 17:18:05 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.10.13 17:18:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.13 17:18:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.13 17:18:05 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.13 17:17:01 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.13 17:17:00 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.13 17:17:00 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAutomationCore.dll
[2011.10.13 17:17:00 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAutomationCore.dll
[2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\oleaccrc.dll
[2011.10.13 17:17:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaccrc.dll
[2011.10.13 17:16:48 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 17:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 17:16:48 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 17:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 17:16:48 | 000,100,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.10.13 17:16:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.10.13 17:16:48 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.10.13 17:16:48 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.10.08 10:31:48 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\.minecraft
[2011.10.08 10:31:08 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Neuer Ordner
[2011.10.07 22:39:47 | 000,000,000 | RHSD | C] -- C:\Users\*****\M-1-52-5782-8752-5245
[2011.09.20 17:34:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 12:24:21 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.18 12:20:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2011.10.18 11:59:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.18 10:25:17 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.18 10:25:15 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.10.18 10:24:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.17 22:32:04 | 000,053,248 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.17 22:28:01 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0F185AB9-B531-44FD-B108-644E5495223C}.job
[2011.10.16 10:35:11 | 000,334,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.13 19:21:19 | 001,460,240 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.13 19:21:19 | 000,632,718 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.13 19:21:19 | 000,599,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.13 19:21:19 | 000,130,244 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.13 19:21:19 | 000,106,884 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.13 18:02:10 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.10.01 01:25:22 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.01 01:23:56 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2011.10.01 01:21:52 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.01 01:21:49 | 000,710,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.01 01:21:20 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.01 01:21:00 | 001,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.10.01 01:20:40 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.01 01:20:40 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2011.10.01 01:20:39 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2011.10.01 01:20:38 | 000,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.01 01:20:38 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2011.10.01 01:06:08 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.01 01:04:42 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2011.10.01 01:02:38 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.01 01:02:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.01 01:01:51 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.10.01 01:01:34 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.01 01:01:34 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2011.10.01 01:01:34 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2011.10.01 01:01:33 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.01 01:01:33 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2011.10.01 00:29:23 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.01 00:07:25 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.09.30 23:48:19 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2011.09.30 23:47:58 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2011.09.30 23:47:24 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.09.30 23:29:54 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2011.09.30 23:29:44 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2011.09.30 23:29:05 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
 
========== Files Created - No Company Name ==========
 
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.01.26 17:48:21 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2011.01.20 21:14:51 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Mtano.dat
[2011.01.20 21:14:51 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Rdedokoxaxedako.bin
[2011.01.07 18:09:40 | 000,001,078 | ---- | C] () -- C:\Windows\disney.ini
[2011.01.07 18:09:38 | 000,000,175 | ---- | C] () -- C:\Windows\disneysy.ini
[2010.12.05 15:48:32 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\localuid.dll
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.07.07 13:54:53 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.01.01 15:11:24 | 002,729,472 | ---- | C] () -- C:\Windows\SysWow64\fun_avcodec.dll
[2009.11.20 19:14:15 | 000,078,241 | ---- | C] () -- C:\Windows\hpqins05.dat
[2009.10.15 20:26:15 | 000,053,248 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.06 14:51:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.10.06 14:51:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.10.06 14:50:31 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.10.02 17:29:33 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.09.28 18:03:53 | 000,001,572 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI
[2009.06.18 16:55:18 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2009.06.18 16:12:13 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009.03.28 11:09:30 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat.temp
[2009.03.28 10:53:37 | 000,187,912 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009.01.20 14:17:53 | 000,000,488 | ---- | C] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.12 22:17:35 | 000,000,428 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2008.09.12 22:06:31 | 000,115,801 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.09.12 21:54:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.09.12 21:49:58 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008.09.12 21:44:13 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll
[2008.09.12 21:44:13 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll
[2008.07.01 06:02:41 | 000,000,796 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
--- --- ---

markusg 20.10.2011 17:46
hiho

achtung!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\..\URLSearchHook:  - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\Update\1.3.21.57\%ProgramW6432%\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O4 - HKLM..\Run: []  File not found
:Files
:Commands
[purity]
[EMPTYFLASH]
[resethosts]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27