Warning Spyware detected on your computer!....

#1 Mein Problem ist das ne meldung beim start kommt " Warning Spyware detected on your computer! install an antivirus or spyware remover to clean your computer!"

Zitat

ComboFix 08-08-08.07 - Gianni 2008-08-09 13:22:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1066 [GMT 2:00]
ausgeführt von:: C:\Users\Gianni\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhccnqj0e91p
C:\Program Files\RichVideoCodec
C:\Program Files\RichVideoCodec\MultiLoader.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Users\Public\Desktop\Antivirus XP 2008.lnk
C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\Windows\Downloaded Program Files\setup.inf
C:\Windows\system32\lphc9nqj0e91p.exe
C:\Windows\system32\phc9nqj0e91p.bmp

.
((((((((((((((((((((((( Dateien erstellt von 2008-07-09 bis 2008-08-09 ))))))))))))))))))))))))))))))
.

2008-08-09 12:56 . 2008-08-09 12:56 <DIR> d-------- C:\Program Files\CleanUp!
2008-08-09 12:53 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-08-09 12:53 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-08-09 12:53 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-08-09 12:53 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-08-09 12:53 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-08-09 12:53 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-08-09 12:53 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-08-09 12:53 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-08-09 12:53 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-08-09 12:48 . 2008-08-09 12:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-09 12:48 . 2008-08-09 12:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-09 12:48 . 2008-08-09 12:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-09 12:46 . 2008-08-09 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 00:51 . 2008-08-09 00:54 <DIR> d-------- C:\Users\All Users\Make A Voozie
2008-08-09 00:51 . 2008-08-09 00:54 <DIR> d-------- C:\ProgramData\Make A Voozie
2008-08-08 14:41 . 2008-08-08 14:41 <DIR> d-------- C:\PerfLogs
2008-08-05 22:54 . 2008-08-09 11:29 41,344 --a------ C:\Windows\System32\drivers\cimo.ahc
2008-08-03 17:13 . 2008-08-03 17:13 <DIR> d-------- C:\Program Files\PantsOff
2008-08-03 11:49 . 2008-08-03 11:49 <DIR> d-------- C:\Users\All Users\RoboForm
2008-08-03 11:49 . 2008-08-03 11:49 <DIR> d-------- C:\ProgramData\RoboForm
2008-08-03 11:48 . 2008-08-03 11:48 <DIR> d-------- C:\Program Files\Siber Systems
2008-07-29 20:53 . 2008-07-29 20:56 <DIR> d-------- C:\Users\Gianni\AppData\Roaming\Teeworlds
2008-07-29 18:44 . 2002-03-27 14:54 217,088 --a------ C:\Windows\System32\libmySQL.dll
2008-07-29 18:44 . 2002-03-29 10:13 102,400 --a------ C:\Windows\System32\TrackerNET.dll
2008-07-27 18:05 . 2008-08-09 08:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-27 18:04 . 2008-07-27 18:04 <DIR> d-------- C:\Users\All Users\Symantec
2008-07-27 18:04 . 2008-07-27 18:04 <DIR> d-------- C:\ProgramData\Symantec
2008-07-23 20:01 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-07-23 20:01 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-07-23 20:00 . 2008-07-23 20:01 <DIR> d-------- C:\Program Files\Picasa2
2008-07-22 20:25 . 2008-07-22 20:25 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-22 20:25 . 2003-07-21 05:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-07-22 20:25 . 2005-01-04 20:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-07-22 19:43 . 2008-07-22 19:43 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-07-22 17:57 . 2008-08-08 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-07-22 17:56 . 2008-07-29 20:22 <DIR> d-------- C:\Windows\System32\Adobe
2008-07-20 21:51 . 2008-07-20 21:51 <DIR> d-------- C:\Program Files\OpenAL
2008-07-20 21:51 . 2008-07-20 21:51 413,696 --a------ C:\Windows\System32\wrap_oal.dll
2008-07-20 21:51 . 2008-07-20 21:51 110,592 --a------ C:\Windows\System32\OpenAL32.dll
2008-07-19 19:50 . 2008-07-19 19:50 <DIR> d-------- C:\Program Files\EUR
2008-07-19 17:42 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-19 17:42 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-07-19 17:42 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-19 17:42 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,497,408 --a------ C:\Windows\System32\NlsData0019.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0416.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0414.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData001d.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0010.dll
2008-07-19 17:40 . 2008-01-19 09:35 1,523,712 --a------ C:\Windows\System32\NlsData0000.dll
2008-07-16 21:20 . 2008-07-16 21:20 <DIR> d-------- C:\Program Files\Bonjour
2008-07-16 21:08 . 2008-07-16 21:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 10:53 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-08-09 08:24 49,326 ----a-w C:\Users\Gianni\AppData\Roaming\nvModes.dat
2008-08-09 01:34 --------- d-----w C:\Users\Gianni\AppData\Roaming\Skype
2008-08-08 22:05 --------- d-----w C:\Users\Gianni\AppData\Roaming\skypePM
2008-08-08 12:56 --------- d-----w C:\ProgramData\NVIDIA
2008-08-08 12:54 174 --sha-w C:\Program Files\desktop.ini
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Mail
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Journal
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Defender
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Calendar
2008-08-08 12:04 --------- d-----w C:\Users\Gianni\AppData\Roaming\ICQ
2008-08-07 20:39 --------- d-----w C:\Users\Gianni\AppData\Roaming\teamspeak2
2008-08-05 20:31 --------- d-----w C:\Users\Gianni\AppData\Roaming\phonostar-Player
2008-08-01 08:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-28 09:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-16 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-15 11:50 --------- d-----w C:\Program Files\phonostar
2008-07-08 16:37 --------- d-----w C:\Program Files\EA Games
2008-07-07 16:26 --------- d-----w C:\Users\Gianni\AppData\Roaming\ICQLite
2008-07-07 16:26 --------- d-----w C:\Program Files\ICQLite55
2008-07-07 14:48 --------- d-----w C:\Program Files\FlatOut 2 Mod Manager
2008-06-19 10:07 --------- d-----w C:\ProgramData\comodo
2008-06-19 08:04 --------- d-----w C:\Program Files\COMODO
2008-06-19 08:04 --------- d-----w C:\Program Files\AskSBar
2008-06-19 08:01 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-06-19 08:01 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-06-19 08:01 --------- d-----w C:\Users\Gianni\AppData\Roaming\Comodo
2008-06-19 07:49 --------- d-----w C:\ProgramData\Avira
2008-06-19 07:49 --------- d-----w C:\Program Files\Avira
2008-06-14 19:34 --------- d-----w C:\Users\Gianni\AppData\Roaming\gtk-2.0
2008-06-13 21:52 --------- d-----w C:\Users\Gianni\AppData\Roaming\FileZilla
2008-06-13 17:50 --------- d-----w C:\Program Files\WS_FTP
2008-06-09 19:34 --------- d-----w C:\Program Files\ICQLite
2008-06-08 09:44 461 ---ha-w C:\os466477.bin
2008-01-28 16:24 480 ----a-w C:\Users\Gianni\AppData\Roaming\wklnhst.dat
2008-01-25 17:08 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-25 17:08 32 ----a-w C:\ProgramData\ezsid.dat
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\Windows\System32\VistaUltm.dll
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-04-27 18:14 57344]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-06-19 10:04 66912]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-06-19 10:04 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-28 20:15 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 09:33 49664]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-25 19:05 171448]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-03 23:13 160592]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 18:18 827392]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 13:36 266497]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-19 10:04 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-19 10:01 1655552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-24 00:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-24 00:03 8501792]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-24 00:03 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 05:31 4710400 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 12:15 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WeGame.lnk
backup=C:\Windows\pss\WeGame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-07-26 14:48 3305472 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
--------- 2007-10-17 16:42 128296 C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-12-14 10:20 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 12:40 172280 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:15 3144800 C:\Program Files\ICQLite55\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-08 23:17 52256 C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
--a------ 2008-07-14 15:18 126976 C:\Program Files\phonostar\ps_timer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-09 21:51 71216 C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 16:23 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2007-09-13 17:32 222504 C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C61F6DE2-F581-4991-9A2F-97F82474FD12}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8109299-6EDC-4EED-B15B-18AC6542B193}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11A9752B-9DD3-4069-A698-B04E5E186262}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6FCDD6A5-98BD-4351-8129-0574451946B4}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{B0776636-416F-4FD0-9827-77079392A87B}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"UDP Query User{8AEF28CF-D7B6-41F8-A4B1-FBFF6AF64A10}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"TCP Query User{0706FDEA-AF6F-4E5A-9410-B0AF2BF78855}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DEC7A88C-0630-40AF-9C8C-8342D6D7C82E}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F7CC9CED-696D-4138-A601-0DE7DB347B54}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"UDP Query User{DB6D89E0-7404-4725-819A-E071B4E14DE1}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"TCP Query User{95133C48-3F43-487D-A670-2DD0D657A62F}C:\\users\\gianni\\desktop\\revbot\\nuconnector.exe"= UDP:C:\users\gianni\desktop\revbot\nuconnector.exe:nuconnector.exe
"UDP Query User{5FF86810-7B57-4580-A7DB-52707D077C97}C:\\users\\gianni\\desktop\\revbot\\nuconnector.exe"= TCP:C:\users\gianni\desktop\revbot\nuconnector.exe:nuconnector.exe
"TCP Query User{CB960EF0-2915-4E04-9286-E940A8231174}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4EEEA865-6C03-4889-AB12-5F3E81DDDE3D}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{8828C3D8-8717-4739-9C94-F894BE2F7175}C:\\users\\gianni\\desktop\\revbot\\neu\\nuconnector.exe"= UDP:C:\users\gianni\desktop\revbot\neu\nuconnector.exe:nuconnector.exe
"UDP Query User{89D83E27-25C7-4DF4-AF51-5880B3D9CE33}C:\\users\\gianni\\desktop\\revbot\\neu\\nuconnector.exe"= TCP:C:\users\gianni\desktop\revbot\neu\nuconnector.exe:nuconnector.exe
"TCP Query User{4E09D32E-4A0A-414D-8C87-C0A286BFD2E8}C:\\call of duty 2\\cod2mp_s.exe"= UDP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{873A2FE0-F60B-4828-BB5E-129A20186578}C:\\call of duty 2\\cod2mp_s.exe"= TCP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{2A175DDC-D103-46EA-A8A5-C90BA3FA9C62}C:\\warcraft\\war3.exe"= UDP:C:\warcraft\war3.exe:Warcraft III
"UDP Query User{34BFB356-7216-48A4-A843-88A16823BA2A}C:\\warcraft\\war3.exe"= TCP:C:\warcraft\war3.exe:Warcraft III
"TCP Query User{C80C06B1-427E-42B2-8B7F-EE00215E388D}C:\\source lan\\hl2.exe"= UDP:C:\source lan\hl2.exe:hl2
"UDP Query User{0CC7F941-F636-4BEB-BF9F-CE03E2B18504}C:\\source lan\\hl2.exe"= TCP:C:\source lan\hl2.exe:hl2
"TCP Query User{57674B3D-275A-4C53-A978-B242987780CB}C:\\call of duty 2\\cod2mp_s.exe"= UDP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{98FFF341-90D1-4767-9EF7-D35327B32D8A}C:\\call of duty 2\\cod2mp_s.exe"= TCP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{75824373-0B93-47E4-AB31-7EBB4563DCEC}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{0D6FC0AE-FD50-4888-8731-4953E7F82234}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{F084910B-C3D8-4B61-92ED-F1C34C7414FB}C:\\warcraft\\war3.exe"= UDP:C:\warcraft\war3.exe:Warcraft III
"UDP Query User{5140F078-201B-4429-B3FB-27178F4EC338}C:\\warcraft\\war3.exe"= TCP:C:\warcraft\war3.exe:Warcraft III
"TCP Query User{0BFF1B0B-D894-464C-A304-39DE8270F813}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{37B436FD-BE22-493F-A898-811B17CA9373}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{38926F95-49AD-4D1F-A005-AE0CF31DBDA6}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C3AAE532-76ED-44AF-A532-01BBA884983D}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{F5BED2E4-1EC0-44CD-9F4C-91A5C84D44B7}C:\\wolfenstein\\wolfmp.exe"= UDP:C:\wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{10D2E4A1-351A-46F8-9798-94982B7C077E}C:\\wolfenstein\\wolfmp.exe"= TCP:C:\wolfenstein\wolfmp.exe:WolfMP
"TCP Query User{BBBB4951-F695-402E-8B2B-42660283A553}C:\\quake 3 groll\\quake3.exe"= UDP:C:\quake 3 groll\quake3.exe:quake3
"UDP Query User{28AD366C-279A-4905-B864-55454C45EE61}C:\\quake 3 groll\\quake3.exe"= TCP:C:\quake 3 groll\quake3.exe:quake3
"{190B8C74-6581-4C42-A421-D8346D8D126C}"= UDP:C:\Program Files\Medion\MEDIONbox\Program\GCS.exe:Gnab Service
"{A5AFCC33-666C-41BA-BABE-8E6F10520F88}"= TCP:C:\Program Files\Medion\MEDIONbox\Program\GCS.exe:Gnab Service
"{44B40160-7FDC-4F70-8A16-7151E579C53F}"= UDP:8371:Gnab Tcp Port
"{366A1781-453B-4AD1-BFFC-2DC39EBC61FA}"= TCP:8371:Gnab Udp Port
"TCP Query User{52143BB5-4885-483C-82EE-10958224049C}C:\\hl\\half-life\\hl.exe"= UDP:C:\hl\half-life\hl.exe:Half-Life Launcher
"UDP Query User{F1D82CDA-9774-4320-B1D1-5FC50BEC0AD0}C:\\hl\\half-life\\hl.exe"= TCP:C:\hl\half-life\hl.exe:Half-Life Launcher
"TCP Query User{1D7BAAD5-4D45-45C3-B0B2-E74DBC1D4B05}C:\\unreal anthology\\unrealgold\\system\\unreal.exe"= UDP:C:\unreal anthology\unrealgold\system\unreal.exe:Unreal
"UDP Query User{9F100203-5B94-465E-9D17-3172355F399B}C:\\unreal anthology\\unrealgold\\system\\unreal.exe"= TCP:C:\unreal anthology\unrealgold\system\unreal.exe:Unreal
"TCP Query User{7D843DE0-35F9-49AD-8EBD-EA01580A5745}C:\\c&cgernerals\\game.dat"= UDP:C:\c&cgernerals\game.dat:game.dat
"UDP Query User{CA8CB6F9-848C-4E70-8946-F7559202F525}C:\\c&cgernerals\\game.dat"= TCP:C:\c&cgernerals\game.dat:game.dat
"TCP Query User{64A9D91D-F6F6-459A-8B7E-DF3DEB5E76E2}C:\\users\\gianni\\desktop\\agbot\\nuconnector.exe"= UDP:C:\users\gianni\desktop\agbot\nuconnector.exe:nuconnector.exe
"UDP Query User{83E92890-373D-460D-BD9A-A7FC0B63F09F}C:\\users\\gianni\\desktop\\agbot\\nuconnector.exe"= TCP:C:\users\gianni\desktop\agbot\nuconnector.exe:nuconnector.exe
"TCP Query User{4A81AD43-A567-4947-875D-3458FD1891F5}C:\\hl\\half-life\\hl.exe"= UDP:C:\hl\half-life\hl.exe:Half-Life Launcher
"UDP Query User{29E9D46B-0F6C-4EC8-B185-B98EBD8B3692}C:\\hl\\half-life\\hl.exe"= TCP:C:\hl\half-life\hl.exe:Half-Life Launcher
"{20F34EB0-89DC-4E21-BEAF-1973D97287A8}"= UDP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{61762B0E-8CD7-42A7-9F48-6B6E1847CB32}"= TCP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{272D7503-8DC3-45AE-A644-A8E5B2E5B5A6}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{73C6721B-0606-4304-81A3-36E8FE96A0EF}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F97AC033-6046-40CF-920C-37195E3B8F6D}C:\\quake 3 groll\\quake3.exe"= UDP:C:\quake 3 groll\quake3.exe:quake3
"UDP Query User{78FD3805-2C8C-4E89-9D7C-855C5F50B0BB}C:\\quake 3 groll\\quake3.exe"= TCP:C:\quake 3 groll\quake3.exe:quake3
"TCP Query User{0FAA5814-405F-4C29-85AC-E1EB3F541077}C:\\program files\\silkroad\\silkerrsender.exe"= UDP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"UDP Query User{2F0E6CC2-938D-427E-8755-89D24290111F}C:\\program files\\silkroad\\silkerrsender.exe"= TCP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"TCP Query User{6903BD5E-2C18-4D77-97D6-F122F3D76AE0}C:\\program files\\silkroad\\agb\\nuconnector.exe"= UDP:C:\program files\silkroad\agb\nuconnector.exe:nuConnector
"UDP Query User{C11C750E-A944-4219-B30A-AD408761F460}C:\\program files\\silkroad\\agb\\nuconnector.exe"= TCP:C:\program files\silkroad\agb\nuconnector.exe:nuConnector
"TCP Query User{CBCEC1A6-29FA-45DF-87DF-3453611CAFD5}C:\\program files\\silkroad\\nuconnector.exe"= UDP:C:\program files\silkroad\nuconnector.exe:nuConnector
"UDP Query User{64C46A96-B9A8-4AFE-A58A-4405CF9829BB}C:\\program files\\silkroad\\nuconnector.exe"= TCP:C:\program files\silkroad\nuconnector.exe:nuConnector
"TCP Query User{C79A477A-FD5F-43D2-8C0F-F35720FD0FC4}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\source sdk base\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\source sdk base\hl2.exe:hl2
"UDP Query User{C79432EB-2D4C-4540-8425-68873C6A9751}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\source sdk base\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\source sdk base\hl2.exe:hl2
"TCP Query User{1D300CF2-761B-4D3D-95A6-F07DDB59AAF4}C:\\users\\gianni\\desktop\\policeforces\\policeforces0.7.1.14\\policeforces\\bin_w32\\pf_server.exe"= UDP:C:\users\gianni\desktop\policeforces\policeforces0.7.1.14\policeforces\bin_w32\pf_server.exef_server.exe
"UDP Query User{CB596D7E-1724-4381-9559-F8FDBD8E7765}C:\\users\\gianni\\desktop\\policeforces\\policeforces0.7.1.14\\policeforces\\bin_w32\\pf_server.exe"= TCP:C:\users\gianni\desktop\policeforces\policeforces0.7.1.14\policeforces\bin_w32\pf_server.exef_server.exe
"TCP Query User{6ED9FCDF-DFE7-4A5C-8C25-822D15893AB5}C:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:C:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{6621FA52-7DEB-4D91-A3D8-0B64E98A9614}C:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:C:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{2DFA23EC-6F4D-433F-90C8-0DC201E41738}C:\\program files\\valve\\steam\\steamapps\\spasst09\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\spasst09\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2273B24F-E2BD-4A64-AE38-4416CFAB23A1}C:\\program files\\valve\\steam\\steamapps\\spasst09\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\spasst09\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D929D47D-D223-4841-A2E3-278EBAE6DB41}C:\\program files\\valve\\steam\\steamapps\\spasst09\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\spasst09\team fortress 2\hl2.exe:hl2
"UDP Query User{220832E8-4BBD-4CB8-B636-6F323373F07A}C:\\program files\\valve\\steam\\steamapps\\spasst09\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\spasst09\team fortress 2\hl2.exe:hl2
"TCP Query User{79219C37-F495-4E3C-AF12-C31AA7A77C87}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\team fortress 2\hl2.exe:hl2
"UDP Query User{0B684167-60E8-4140-8FB8-10175DD7DB68}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\team fortress 2\hl2.exe:hl2
"TCP Query User{3594BE2E-CAE3-4F6C-A057-F193A1E81A3E}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\garrysmod\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\garrysmod\hl2.exe:hl2
"UDP Query User{D4810889-329D-49EE-A2A7-6B04F564BB1B}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\garrysmod\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\garrysmod\hl2.exe:hl2
"TCP Query User{D483E9E1-CF76-4E75-BA3D-FC9EA1AC9061}C:\\half-life\\hl.exe"= UDP:C:\half-life\hl.exe:Half-Life Launcher
"UDP Query User{B026FA35-935D-49A5-9343-6BB3C356D666}C:\\half-life\\hl.exe"= TCP:C:\half-life\hl.exe:Half-Life Launcher
"TCP Query User{7F202F2B-FA48-4C5A-A557-731120D1D9BB}C:\\half-life\\hlds.exe"= UDP:C:\half-life\hlds.exe:hlds
"UDP Query User{24525E4F-413D-42BB-B080-B692983D057A}C:\\half-life\\hlds.exe"= TCP:C:\half-life\hlds.exe:hlds
"TCP Query User{51442F0D-EE70-4D0C-98AA-8047F411204F}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\day of defeat source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\day of defeat source\hl2.exe:hl2
"UDP Query User{1C8FF75F-78D2-4DCB-B506-E9ABC049719A}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\day of defeat source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\day of defeat source\hl2.exe:hl2
"TCP Query User{D8FFAA3D-1AD4-4A82-A0C5-CFE953DB9E9B}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{4EC36777-2B0F-4D04-B1B3-7CA1F4F9B757}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{A1B54017-D4C6-48F5-88BC-DCC64C4BFE01}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{B04A4B85-39FB-4BF8-B395-FFE9344A543E}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6651C5A9-7B41-4881-8F39-77ED8EBC1654}C:\\program files\\sauerbraten\\bin\\sauerbraten.exe"= UDP:C:\program files\sauerbraten\bin\sauerbraten.exe:sauerbraten
"UDP Query User{B40D6B63-1E38-465F-85E5-A69914F5BE52}C:\\program files\\sauerbraten\\bin\\sauerbraten.exe"= TCP:C:\program files\sauerbraten\bin\sauerbraten.exe:sauerbraten
"TCP Query User{BB4ADA57-B8E1-4544-A134-4CC6568172FE}C:\\program files\\valve\\steam\\steamapps\\123gianni\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\123gianni\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0656588E-F300-46C9-994A-DF0A9CFB8E86}C:\\program files\\valve\\steam\\steamapps\\123gianni\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\123gianni\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{4E9B1C3C-0697-4159-80A4-9EBD3EEFE105}C:\\program files\\silkroad\\silkerrsender.exe"= UDP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"UDP Query User{E3E8735B-588D-459A-836C-18D468D307F0}C:\\program files\\silkroad\\silkerrsender.exe"= TCP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"TCP Query User{92DEA594-094F-4FA2-8068-E2219CE13BD7}C:\\flatout2\\flatout2.exe"= UDP:C:\flatout2\flatout2.exe:FlatOut2
"UDP Query User{793FC671-EFE0-4E30-BD4E-A3D263F9F2CE}C:\\flatout2\\flatout2.exe"= TCP:C:\flatout2\flatout2.exe:FlatOut2
"TCP Query User{9EE51026-D96D-40BE-99EB-AC6EE602DB0A}C:\\users\\public\\warcraft\\war3.exe"= UDP:C:\users\public\warcraft\war3.exe:Warcraft III
"UDP Query User{4E78B451-18C9-4EC8-A158-EED1AAC1CA24}C:\\users\\public\\warcraft\\war3.exe"= TCP:C:\users\public\warcraft\war3.exe:Warcraft III
"TCP Query User{590F5708-E5B3-42B7-AEEC-CA9200BE02DE}C:\\users\\gianni\\desktop\\bf\\bf1942.exe"= UDP:C:\users\gianni\desktop\bf\bf1942.exe:bf1942.exe
"UDP Query User{2DC3DB67-000D-4F82-A967-5EA10FAA2E05}C:\\users\\gianni\\desktop\\bf\\bf1942.exe"= TCP:C:\users\gianni\desktop\bf\bf1942.exe:bf1942.exe
"TCP Query User{9D994AA0-C1E0-4B19-B748-B0136A63A5DA}C:\\users\\gianni\\desktop\\botisro\\srobot.exe"= UDP:C:\users\gianni\desktop\botisro\srobot.exe:srobot.exe
"UDP Query User{47136561-BA53-4D35-BE0A-35E9F28CCBAB}C:\\users\\gianni\\desktop\\botisro\\srobot.exe"= TCP:C:\users\gianni\desktop\botisro\srobot.exe:srobot.exe
"TCP Query User{8572DABB-CE21-4536-B1E4-96156B99E593}C:\\program files\\valve\\steam\\steamapps\\big_moe\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\big_moe\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1F3E72DD-9681-49CB-914C-9081134894A3}C:\\program files\\valve\\steam\\steamapps\\big_moe\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\big_moe\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{3D5342B9-53C2-49E3-9676-D95560F826E6}C:\\users\\gianni\\desktop\\clisro\\?????.exe"= UDP:C:\users\gianni\desktop\clisro\?????.exe????.exe
"UDP Query User{A004E1A7-D750-4C8D-9E21-AD82D932E049}C:\\users\\gianni\\desktop\\clisro\\?????.exe"= TCP:C:\users\gianni\desktop\clisro\?????.exe????.exe
"TCP Query User{A9ADEB27-4DA6-4DA2-AF1D-2EB565D82DEB}C:\\users\\gianni\\desktop\\isrobot\\sroboten1.89\\srobot.exe"= UDP:C:\users\gianni\desktop\isrobot\sroboten1.89\srobot.exe:srobot.exe
"UDP Query User{11307994-4D7E-4A1B-8D99-B83F5F8002F0}C:\\users\\gianni\\desktop\\isrobot\\sroboten1.89\\srobot.exe"= TCP:C:\users\gianni\desktop\isrobot\sroboten1.89\srobot.exe:srobot.exe
"TCP Query User{8597FF27-5E2D-41D1-A0F3-1C53019F743C}C:\\windows\\sremu rev2(de).exe"= UDP:C:\windows\sremu rev2(de).exe:SREmu Rev2(DE)
"UDP Query User{43EBCCBF-5265-4618-B0BC-EE336B396438}C:\\windows\\sremu rev2(de).exe"= TCP:C:\windows\sremu rev2(de).exe:SREmu Rev2(DE)
"TCP Query User{D1951223-96F7-4F1B-851A-60F4130CDFEC}C:\\users\\gianni\\desktop\\silkroad_manual-patch_downloader.exe"= UDP:C:\users\gianni\desktop\silkroad_manual-patch_downloader.exe:silkroad_manual-patch_downloader.exe
"UDP Query User{E599535B-EF23-4C66-A61D-E6ECE18CFA43}C:\\users\\gianni\\desktop\\silkroad_manual-patch_downloader.exe"= TCP:C:\users\gianni\desktop\silkroad_manual-patch_downloader.exe:silkroad_manual-patch_downloader.exe
"{0766113F-B3C2-4555-B34B-7103EEA90F10}"= UDP:C:\Users\Gianni\Desktop\IsroClient\SROBotFullEnChs1.89\?????.exe????
"{E5D6D19B-0152-4761-9861-9D33C7248A8F}"= TCP:C:\Users\Gianni\Desktop\IsroClient\SROBotFullEnChs1.89\?????.exe????
"TCP Query User{41CD5F10-8627-4392-B864-5FEF2467E220}C:\\users\\gianni\\desktop\\dnldownloader.exe"= UDP:C:\users\gianni\desktop\dnldownloader.exe:dnldownloader.exe
"UDP Query User{F72AF21D-9537-4641-9963-9003648B20BD}C:\\users\\gianni\\desktop\\dnldownloader.exe"= TCP:C:\users\gianni\desktop\dnldownloader.exe:dnldownloader.exe
"TCP Query User{3BA63624-31FF-4DC0-99A2-8C48F8560C74}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B833ABA2-18CD-43B9-AD3E-2B43AF35A302}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{4BCC026B-2192-44C1-85C2-8DC6A64F215B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7356E9A7-2D90-4F88-B5CE-140F2F863C89}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{A5A46D3A-2050-46E7-964F-7290C0CCC31F}C:\\users\\gianni\\desktop\\isroclient\\srobotfullenchs1.89\\?????.exe"= UDP:C:\users\gianni\desktop\isroclient\srobotfullenchs1.89\?????.exe????.exe
"UDP Query User{AA7BF723-A534-4A62-9352-A4325FB3C36B}C:\\users\\gianni\\desktop\\isroclient\\srobotfullenchs1.89\\?????.exe"= TCP:C:\users\gianni\desktop\isroclient\srobotfullenchs1.89\?????.exe????.exe
"TCP Query User{2CAE76EE-83BE-479B-9879-B48DC9CA9DEE}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D6394C58-A3BD-47D4-BC76-60556B39929C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{910FA567-8C05-49D5-AA22-0CF8AB84878D}C:\\users\\gianni\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\gianni\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{D921A6E1-4B09-48B0-90B2-558232397999}C:\\users\\gianni\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\gianni\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{0E790476-35F2-400D-A18C-02CDEE45B0B9}C:\\users\\gianni\\desktop\\agbot\\nuconnector6.exe"= UDP:C:\users\gianni\desktop\agbot\nuconnector6.exe:nuconnector6.exe
"UDP Query User{E0C96EB0-37A2-47AD-9ADA-ED5270222922}C:\\users\\gianni\\desktop\\agbot\\nuconnector6.exe"= TCP:C:\users\gianni\desktop\agbot\nuconnector6.exe:nuconnector6.exe
"TCP Query User{7D6C473B-7CB3-43DD-83F2-16A2B79797AC}C:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer renegade(tm)\\renegade\\game.exe"= UDP:C:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer renegade(tm)\renegade\game.exe:Renegade
"UDP Query User{BAC731D8-C19B-49C9-B73F-71C10550A9DB}C:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer renegade(tm)\\renegade\\game.exe"= TCP:C:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer renegade(tm)\renegade\game.exe:Renegade
"{14505AFF-0514-430B-9BFD-D30B80A238B9}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4BD9B05A-B31E-4321-B1F2-00660BD4EEE1}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{071594C3-A431-40C4-9024-052E86CDC2D7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8DE280F3-43E1-413F-8CBA-1DC11F8C2181}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{13E5CCBF-015C-4D67-8016-5742C6BF2BF8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{39FB76A4-08CF-4B9C-B182-91FF5309B7E7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{B1B99E26-3D69-45B4-A5FA-7C49C82D5A6F}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\multisocket.exe"= UDP:C:\users\gianni\desktop\steahlth\lite\nuconnector\multisocket.exe:multisocket.exe
"UDP Query User{16E50D43-69AC-4BDB-80A0-4EFC2545091B}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\multisocket.exe"= TCP:C:\users\gianni\desktop\steahlth\lite\nuconnector\multisocket.exe:multisocket.exe
"TCP Query User{CEAF406C-1EC2-4559-B256-E8544262FE51}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\nuconnector.exe"= UDP:C:\users\gianni\desktop\steahlth\lite\nuconnector\nuconnector.exe:nuconnector.exe
"UDP Query User{6990ED1A-F38D-4A0B-AA87-1F5EB2EE1841}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\nuconnector.exe"= TCP:C:\users\gianni\desktop\steahlth\lite\nuconnector\nuconnector.exe:nuconnector.exe
"TCP Query User{B55BF5F2-33D5-4D89-BC2C-6BEA24C62DF9}C:\\users\\gianni\\desktop\\isroooo\\srobot.exe"= UDP:C:\users\gianni\desktop\isroooo\srobot.exe:srobot.exe
"UDP Query User{6E3817F1-019D-43F7-A47B-1781ECC75160}C:\\users\\gianni\\desktop\\isroooo\\srobot.exe"= TCP:C:\users\gianni\desktop\isroooo\srobot.exe:srobot.exe
"TCP Query User{054515C0-5E0B-4332-8C03-E3347085D1E8}C:\\users\\gianni\\desktop\\agagaga\\nuconnector6.exe"= UDP:C:\users\gianni\desktop\agagaga\nuconnector6.exe:nuconnector6.exe
"UDP Query User{1DA07877-5125-4906-BE9E-D3F372316BBD}C:\\users\\gianni\\desktop\\agagaga\\nuconnector6.exe"= TCP:C:\users\gianni\desktop\agagaga\nuconnector6.exe:nuconnector6.exe
"TCP Query User{BE6C4254-E178-4777-BAC8-352C758FD0D1}C:\\users\\gianni\\desktop\\isroneu\\srobot.exe"= UDP:C:\users\gianni\desktop\isroneu\srobot.exe:srobot.exe
"UDP Query User{9E29D249-6996-4F0E-B79F-E808E1A08A96}C:\\users\\gianni\\desktop\\isroneu\\srobot.exe"= TCP:C:\users\gianni\desktop\isroneu\srobot.exe:srobot.exe
"TCP Query User{4BA7B5D6-16C9-4B30-94A9-67FA86AEA17F}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2
"UDP Query User{D2325545-F0C8-4939-A408-5B016D988A65}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2
"TCP Query User{0B1E11B8-8345-488C-A7F5-A929BD3C370D}C:\\users\\gianni\\desktop\\package1.6.5v5.no_map\\nuconnector66a.exe"= UDP:C:\users\gianni\desktop\package1.6.5v5.no_map\nuconnector66a.exe:nuconnector66a.exe
"UDP Query User{A4358535-6A25-4AF3-BB44-EE1140430CC8}C:\\users\\gianni\\desktop\\package1.6.5v5.no_map\\nuconnector66a.exe"= TCP:C:\users\gianni\desktop\package1.6.5v5.no_map\nuconnector66a.exe:nuconnector66a.exe
"TCP Query User{EC1FB7E4-5B58-4B69-B193-8846F7C25D2F}C:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"UDP Query User{DCFC8ACF-F53E-4CF8-912B-F24016A6F484}C:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"TCP Query User{7516306A-74E0-437B-B972-65A1F77A7DEB}C:\\program files\\ws_ftp\\ws_ftp95.exe"= UDP:C:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{DA7002C7-BC29-43D4-887C-01FC72FB230C}C:\\program files\\ws_ftp\\ws_ftp95.exe"= TCP:C:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"TCP Query User{42A27446-EEA0-421B-8700-E0560C57F420}C:\\users\\public\\quake 4\\quake4.exe"= UDP:C:\users\public\quake 4\quake4.exe:Quake 4
"UDP Query User{F4001EAA-C1CE-4A71-A40E-11E5D8B44BD2}C:\\users\\public\\quake 4\\quake4.exe"= TCP:C:\users\public\quake 4\quake4.exe:Quake 4
"TCP Query User{C9EA4F9B-8D77-47EF-A633-72ADF038F759}C:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:C:\program files\ea games\need for speed most wanted\speed.exe:speed
"UDP Query User{8DCDDEEF-8904-422A-A231-6C6B226E2F8E}C:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:C:\program files\ea games\need for speed most wanted\speed.exe:speed
"TCP Query User{307EE299-9DA4-4E93-8690-C3DF4E66F607}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exes_olect
"UDP Query User{FDC5ACCE-F4F8-4D0F-BF6E-DA1CCBA12357}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exes_olect
"TCP Query User{1B80A451-DF83-4A25-A818-825B9605446B}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{ABF42145-E841-4183-B0B3-ED8DA4899BB6}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{25961EF1-E76E-4090-B3B1-571992732458}C:\\hl\\half-life\\half-life\\hl.exe"= UDP:C:\hl\half-life\half-life\hl.exe:Half-Life Launcher
"UDP Query User{374CCEB7-122C-406A-8109-857D1F8D0000}C:\\hl\\half-life\\half-life\\hl.exe"= TCP:C:\hl\half-life\half-life\hl.exe:Half-Life Launcher
"TCP Query User{2A471A49-2003-4647-A0F9-6FC2870FFADA}C:\\hl\\half-life\\half-life\\hlds.exe"= UDP:C:\hl\half-life\half-life\hlds.exe:hlds
"UDP Query User{2F49D989-DC79-431D-8B67-B3BA097440CE}C:\\hl\\half-life\\half-life\\hlds.exe"= TCP:C:\hl\half-life\half-life\hlds.exe:hlds
"TCP Query User{8E1AFCE3-9517-4895-998F-D33BDB36B502}C:\\hl\\half-life\\half-life\\hltv.exe"= UDP:C:\hl\half-life\half-life\hltv.exe:hltv
"UDP Query User{DCB76596-3C64-463B-A939-B9008166BD4F}C:\\hl\\half-life\\half-life\\hltv.exe"= TCP:C:\hl\half-life\half-life\hltv.exe:hltv
"TCP Query User{A6366FAB-DC44-4D49-99FC-C97166BB87EB}C:\\users\\gianni\\desktop\\silkroad\\silkerrsender.exe"= UDP:C:\users\gianni\desktop\silkroad\silkerrsender.exe:silkerrsender.exe
"UDP Query User{EC43C64D-5CD4-4F8A-86B9-A21634DD5E9E}C:\\users\\gianni\\desktop\\silkroad\\silkerrsender.exe"= TCP:C:\users\gianni\desktop\silkroad\silkerrsender.exe:silkerrsender.exe
"{55C83825-B282-4434-85EC-9A774DD3ADDE}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8FA066C6-8756-45CC-8D89-4172A52937BD}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8BE09C38-1EA7-4E96-AF2D-0C83F05B2E32}"= UDP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{5A62CAC8-30E9-43C4-9C33-F732652F14D8}"= TCP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-06-19 10:01]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-06-19 10:01]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-19 13:11]
R2 srvcPVR;Sceneo PVR Service;C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 11:31]
R2 SVKP;SVKP;C:\Windows\system32\SVKP.sys [2008-04-09 18:39]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 14:44]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 20:05]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]
S3 cimo;cimo;C:\Windows\system32\drivers\cimo.ahc [2008-08-09 11:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 ovt530;Hercules Webcam Deluxe;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 18:04]
S3 PhilCap;NXP service;C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 12:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2008-08-08 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
- - - - Entfernte verwaiste Registrierungseintr„ge - - - -

HKLM-Run-lphc9nqj0e91p - C:\Windows\system32\lphc9nqj0e91p.exe
HKLM-Run-SMrhccnqj0e91p - C:\Program Files\rhccnqj0e91p\rhccnqj0e91p.exe
MSConfigStartUp-BullGuard - C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Zus„tzlicher Scan -------
.
FireFox -: Profile - C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\zh41hjgi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\NPOFFICE.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 13:30:03
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere, laufende Prozesse ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Medion\MEDIONbox\Program\GCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehrecvr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2008-08-09 13:39:44 - PC wurde neu gestartet [Gianni]
ComboFix-quarantined-files.txt 2008-08-09 11:39:26

Pre-Run: Das System hat keinen Meldungstext für die Meldungsnummer 0x2379 in der Meldungsdatei Application gefunden.
Post-Run: 33 Verzeichnis(se), 62,239,711,232 Bytes frei

453 --- E O F --- 2008-08-09 01:03:18

Das is die Combofix dingsda

Und das jezz die hiijack

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 13:45:23, on 09.08.2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Users\Gianni\Desktop\hiijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite55\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite55\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

#2 Entferne erstmal
Askbar entfernen
Start -> Einstellungen -> Systemsteuerung -> Software >
Schau ob AskSBar,SrchAstt oder Ask Search Assistant dazwischen steht,entfernen

CombiFix entfernen
Start > Ausführen>Kopiere rein ComboFix /U OK

Malwarebytes Anti-Malware fuer Windows 2000,XP und Vista
Download MBAM
Doppelklick mbam-setup und waehle Deutsch ,das Program wird jetzt ge-updatet
Waehle bei Reiter “Scanner”> "Quick Scan durchfuehren" .
Waehle alle Laufwerke>Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaacken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)
Poste dessen inhalt hier ins Forum
Note:
Wenn MBAM Schwierigkeiten damit hat Daten zu entfernen wird es gemeldet und klicke OK
Danach wird gefragt den Rechner neu zu starten,lass es zu
Nehme als Update Spiegel >>It-mate.co.uk
Malwarebytes Anti-Malware kann man nachher behalten !

ComboFix
Download ComboFix und speichert es auf den Desktop!
Alle Fenster schließen und combofix.exe starten
Folge den Instruktionen in das Fenster
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen"
Wenn dein Virenscanner meckert, ignorieren !

Entferne Hijack This 1.99.1 und……..

Download: Trend Micro Hijack This™
Doppelklick HJTInstall.exe und installiere das Tool in C:\Programme\Trend Micro\Hijack This
Am Ende steht auf dein Desktop eine verknüpfung

Starte Hijack This und klicke “Do a system scan and safe a logfile”
Save log --> hijackthis.log - Save - es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Argus

#3 Dan mach ich das ma dankeschön ich Editiere es hier dan rein
mfg

Edit:

Dan mach ich das ma dankeschön ich Editiere es hier dan rein
mfg


________________________________________________

[color="red"]Scannbericht[/color]:

Malwarebytes' Anti-Malware 1.24
Datenbank Version: 1035
Windows 6.0.6001 Service Pack 1

14:20:20 09.08.2008
mbam-log-8-9-2008 (14-20-20).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 37107
Laufzeit: 3 minute(s), 59 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccnqj0e91p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhccnqj0e91p (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\Users\Gianni\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.


_________________________________________________________________

ComboFix:

ComboFix 08-08-08.07 - Gianni 2008-08-09 14:24:27.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1031.18.1145 [GMT 2:00]
ausgeführt von:: C:\Users\Gianni\Desktop\ComboFix.exe
.

((((((((((((((((((((((( Dateien erstellt von 2008-07-09 bis 2008-08-09 ))))))))))))))))))))))))))))))
.

2008-08-09 14:21 . 2008-08-09 14:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-09 14:14 . 2008-08-09 14:14 <DIR> d-------- C:\Users\Gianni\AppData\Roaming\Malwarebytes
2008-08-09 14:14 . 2008-08-09 14:14 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-09 14:14 . 2008-08-09 14:14 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-09 14:14 . 2008-08-09 14:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-09 14:14 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-09 14:14 . 2008-07-30 20:07 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-09 14:12 . 2008-06-19 10:04 262,144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll
2008-08-09 12:56 . 2008-08-09 12:56 <DIR> d-------- C:\Program Files\CleanUp!
2008-08-09 12:53 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-08-09 12:53 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-08-09 12:53 . 2008-05-29 09:35 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-08-09 12:53 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe
2008-08-09 12:53 . 2008-07-02 13:33 82,432 --a------ C:\Windows\System32\IEDFix.C.exe
2008-08-09 12:53 . 2008-05-23 18:21 81,920 --a------ C:\Windows\System32\404Fix.exe
2008-08-09 12:53 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-08-09 12:53 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-08-09 12:53 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-08-09 12:48 . 2008-08-09 12:49 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-09 12:48 . 2008-08-09 12:49 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-09 12:48 . 2008-08-09 12:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-09 12:46 . 2008-08-09 12:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-09 00:51 . 2008-08-09 00:54 <DIR> d-------- C:\Users\All Users\Make A Voozie
2008-08-09 00:51 . 2008-08-09 00:54 <DIR> d-------- C:\ProgramData\Make A Voozie
2008-08-08 14:41 . 2008-08-08 14:41 <DIR> d-------- C:\PerfLogs
2008-08-05 22:54 . 2008-08-09 11:29 41,344 --a------ C:\Windows\System32\drivers\cimo.ahc
2008-08-03 17:13 . 2008-08-03 17:13 <DIR> d-------- C:\Program Files\PantsOff
2008-08-03 11:49 . 2008-08-03 11:49 <DIR> d-------- C:\Users\All Users\RoboForm
2008-08-03 11:49 . 2008-08-03 11:49 <DIR> d-------- C:\ProgramData\RoboForm
2008-08-03 11:48 . 2008-08-03 11:48 <DIR> d-------- C:\Program Files\Siber Systems
2008-07-29 20:53 . 2008-07-29 20:56 <DIR> d-------- C:\Users\Gianni\AppData\Roaming\Teeworlds
2008-07-29 18:44 . 2002-03-27 14:54 217,088 --a------ C:\Windows\System32\libmySQL.dll
2008-07-29 18:44 . 2002-03-29 10:13 102,400 --a------ C:\Windows\System32\TrackerNET.dll
2008-07-27 18:05 . 2008-08-09 08:41 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-27 18:04 . 2008-07-27 18:04 <DIR> d-------- C:\Users\All Users\Symantec
2008-07-27 18:04 . 2008-07-27 18:04 <DIR> d-------- C:\ProgramData\Symantec
2008-07-23 20:01 . 2006-10-05 04:42 2,560 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-07-23 20:01 . 2006-10-05 04:42 2,432 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-07-23 20:00 . 2008-07-23 20:01 <DIR> d-------- C:\Program Files\Picasa2
2008-07-22 20:25 . 2008-07-22 20:25 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-07-22 20:25 . 2003-07-21 05:17 5,174 --a------ C:\Windows\System32\nppt9x.vxd
2008-07-22 20:25 . 2005-01-04 20:43 4,682 --a------ C:\Windows\System32\npptNT2.sys
2008-07-22 19:43 . 2008-07-22 19:43 <DIR> d-------- C:\Program Files\Games-Masters.com
2008-07-22 17:57 . 2008-08-08 18:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-07-22 17:56 . 2008-07-29 20:22 <DIR> d-------- C:\Windows\System32\Adobe
2008-07-20 21:51 . 2008-07-20 21:51 <DIR> d-------- C:\Program Files\OpenAL
2008-07-20 21:51 . 2008-07-20 21:51 413,696 --a------ C:\Windows\System32\wrap_oal.dll
2008-07-20 21:51 . 2008-07-20 21:51 110,592 --a------ C:\Windows\System32\OpenAL32.dll
2008-07-19 19:50 . 2008-07-19 19:50 <DIR> d-------- C:\Program Files\EUR
2008-07-19 17:42 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-19 17:42 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll
2008-07-19 17:42 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-19 17:42 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,497,408 --a------ C:\Windows\System32\NlsData0019.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0816.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0416.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0414.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData001d.dll
2008-07-19 17:40 . 2008-01-19 09:35 4,495,360 --a------ C:\Windows\System32\NlsData0010.dll
2008-07-19 17:40 . 2008-01-19 09:35 1,523,712 --a------ C:\Windows\System32\NlsData0000.dll
2008-07-16 21:20 . 2008-07-16 21:20 <DIR> d-------- C:\Program Files\Bonjour
2008-07-16 21:08 . 2008-07-16 21:08 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 12:20 --------- d-----w C:\Program Files\MegauploadToolbar
2008-08-09 11:39 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-08-09 08:24 49,326 ----a-w C:\Users\Gianni\AppData\Roaming\nvModes.dat
2008-08-09 01:34 --------- d-----w C:\Users\Gianni\AppData\Roaming\Skype
2008-08-08 22:05 --------- d-----w C:\Users\Gianni\AppData\Roaming\skypePM
2008-08-08 12:56 --------- d-----w C:\ProgramData\NVIDIA
2008-08-08 12:54 174 --sha-w C:\Program Files\desktop.ini
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Mail
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Journal
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Defender
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-08 12:44 --------- d-----w C:\Program Files\Windows Calendar
2008-08-08 12:04 --------- d-----w C:\Users\Gianni\AppData\Roaming\ICQ
2008-08-08 11:53 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-08 11:53 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-07 20:39 --------- d-----w C:\Users\Gianni\AppData\Roaming\teamspeak2
2008-08-05 20:31 --------- d-----w C:\Users\Gianni\AppData\Roaming\phonostar-Player
2008-08-01 08:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-28 09:04 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-16 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-15 11:50 --------- d-----w C:\Program Files\phonostar
2008-07-08 16:37 --------- d-----w C:\Program Files\EA Games
2008-07-07 16:26 --------- d-----w C:\Users\Gianni\AppData\Roaming\ICQLite
2008-07-07 16:26 --------- d-----w C:\Program Files\ICQLite55
2008-07-07 14:48 --------- d-----w C:\Program Files\FlatOut 2 Mod Manager
2008-06-19 10:07 --------- d-----w C:\ProgramData\comodo
2008-06-19 08:04 249,592 ----a-w C:\Windows\System32\cssdll32.dll
2008-06-19 08:04 --------- d---a-w C:\Program Files\AskSBar
2008-06-19 08:04 --------- d-----w C:\Program Files\COMODO
2008-06-19 08:01 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-06-19 08:01 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-06-19 08:01 143,104 ----a-w C:\Windows\System32\guard32.dll
2008-06-19 08:01 --------- d-----w C:\Users\Gianni\AppData\Roaming\Comodo
2008-06-19 07:49 --------- d-----w C:\ProgramData\Avira
2008-06-19 07:49 --------- d-----w C:\Program Files\Avira
2008-06-14 19:34 --------- d-----w C:\Users\Gianni\AppData\Roaming\gtk-2.0
2008-06-13 21:52 --------- d-----w C:\Users\Gianni\AppData\Roaming\FileZilla
2008-06-13 17:50 --------- d-----w C:\Program Files\WS_FTP
2008-06-09 19:34 --------- d-----w C:\Program Files\ICQLite
2008-06-08 09:44 461 ---ha-w C:\os466477.bin
2008-05-31 13:19 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-01-28 16:24 480 ----a-w C:\Users\Gianni\AppData\Roaming\wklnhst.dat
2008-01-25 17:08 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-25 17:08 32 ----a-w C:\ProgramData\ezsid.dat
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\Windows\System32\VistaUltm.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-09_13.38.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-09 11:29:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-09 11:29:04 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-09 06:49:17 127,056 ----a-w C:\Windows\System32\perfc007.dat
+ 2008-08-09 11:36:25 127,056 ----a-w C:\Windows\System32\perfc007.dat
- 2008-08-09 06:49:17 104,940 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-09 11:36:25 104,940 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-09 06:49:17 628,436 ----a-w C:\Windows\System32\perfh007.dat
+ 2008-08-09 11:36:25 628,436 ----a-w C:\Windows\System32\perfh007.dat
- 2008-08-09 06:49:17 595,506 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-09 11:36:25 595,506 ----a-w C:\Windows\System32\perfh009.dat
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-04-27 18:14 57344]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Steam"="c:\program files\valve\steam\steam.exe" [2008-03-28 20:15 1271032]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2008-01-19 09:33 49664]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-25 19:05 171448]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 12:49 451872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-03 23:13 160592]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 18:18 827392]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-21 13:36 266497]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-19 10:04 278264]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-19 10:01 1655552]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-10-24 00:03 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-10-24 00:03 8501792]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-10-24 00:03 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-05 05:31 4710400 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 12:15 1826816 C:\Windows\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3codecp"= l3codecp.acm
"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WeGame.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WeGame.lnk
backup=C:\Windows\pss\WeGame.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-07-26 14:48 3305472 C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
--------- 2007-10-17 16:42 128296 C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-12-14 10:20 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
--a------ 2008-04-01 12:40 172280 C:\Program Files\ICQ6\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 12:15 3144800 C:\Program Files\ICQLite55\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2007-01-08 23:17 52256 C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 13:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
--a------ 2008-07-14 15:18 126976 C:\Program Files\phonostar\ps_timer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-09 21:51 71216 C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 16:23 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2007-09-13 17:32 222504 C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BCAA4B2C-32C8-4B67-B788-B81EE38AAC8B}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{C61F6DE2-F581-4991-9A2F-97F82474FD12}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8109299-6EDC-4EED-B15B-18AC6542B193}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11A9752B-9DD3-4069-A698-B04E5E186262}"= C:\Program Files\HomeCinema\MakeDisc\MakeDisc.exe:CyberLink MakeDisc
"{C7F5B251-39DD-42F1-8436-347DCCC543A1}"= C:\Program Files\HomeCinema\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{6FCDD6A5-98BD-4351-8129-0574451946B4}"= C:\Program Files\HomeCinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{B0776636-416F-4FD0-9827-77079392A87B}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"UDP Query User{8AEF28CF-D7B6-41F8-A4B1-FBFF6AF64A10}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"TCP Query User{0706FDEA-AF6F-4E5A-9410-B0AF2BF78855}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{DEC7A88C-0630-40AF-9C8C-8342D6D7C82E}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{F7CC9CED-696D-4138-A601-0DE7DB347B54}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"UDP Query User{DB6D89E0-7404-4725-819A-E071B4E14DE1}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike source\hl2.exe:hl2
"TCP Query User{95133C48-3F43-487D-A670-2DD0D657A62F}C:\\users\\gianni\\desktop\\revbot\\nuconnector.exe"= UDP:C:\users\gianni\desktop\revbot\nuconnector.exe:nuconnector.exe
"UDP Query User{5FF86810-7B57-4580-A7DB-52707D077C97}C:\\users\\gianni\\desktop\\revbot\\nuconnector.exe"= TCP:C:\users\gianni\desktop\revbot\nuconnector.exe:nuconnector.exe
"TCP Query User{CB960EF0-2915-4E04-9286-E940A8231174}C:\\program files\\icq6\\icq.exe"= UDP:C:\program files\icq6\icq.exe:ICQ Library
"UDP Query User{4EEEA865-6C03-4889-AB12-5F3E81DDDE3D}C:\\program files\\icq6\\icq.exe"= TCP:C:\program files\icq6\icq.exe:ICQ Library
"TCP Query User{8828C3D8-8717-4739-9C94-F894BE2F7175}C:\\users\\gianni\\desktop\\revbot\\neu\\nuconnector.exe"= UDP:C:\users\gianni\desktop\revbot\neu\nuconnector.exe:nuconnector.exe
"UDP Query User{89D83E27-25C7-4DF4-AF51-5880B3D9CE33}C:\\users\\gianni\\desktop\\revbot\\neu\\nuconnector.exe"= TCP:C:\users\gianni\desktop\revbot\neu\nuconnector.exe:nuconnector.exe
"TCP Query User{4E09D32E-4A0A-414D-8C87-C0A286BFD2E8}C:\\call of duty 2\\cod2mp_s.exe"= UDP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{873A2FE0-F60B-4828-BB5E-129A20186578}C:\\call of duty 2\\cod2mp_s.exe"= TCP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{2A175DDC-D103-46EA-A8A5-C90BA3FA9C62}C:\\warcraft\\war3.exe"= UDP:C:\warcraft\war3.exe:Warcraft III
"UDP Query User{34BFB356-7216-48A4-A843-88A16823BA2A}C:\\warcraft\\war3.exe"= TCP:C:\warcraft\war3.exe:Warcraft III
"TCP Query User{C80C06B1-427E-42B2-8B7F-EE00215E388D}C:\\source lan\\hl2.exe"= UDP:C:\source lan\hl2.exe:hl2
"UDP Query User{0CC7F941-F636-4BEB-BF9F-CE03E2B18504}C:\\source lan\\hl2.exe"= TCP:C:\source lan\hl2.exe:hl2
"TCP Query User{57674B3D-275A-4C53-A978-B242987780CB}C:\\call of duty 2\\cod2mp_s.exe"= UDP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{98FFF341-90D1-4767-9EF7-D35327B32D8A}C:\\call of duty 2\\cod2mp_s.exe"= TCP:C:\call of duty 2\cod2mp_s.exe:CoD2MP_s
"TCP Query User{75824373-0B93-47E4-AB31-7EBB4563DCEC}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"UDP Query User{0D6FC0AE-FD50-4888-8731-4953E7F82234}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
"TCP Query User{F084910B-C3D8-4B61-92ED-F1C34C7414FB}C:\\warcraft\\war3.exe"= UDP:C:\warcraft\war3.exe:Warcraft III
"UDP Query User{5140F078-201B-4429-B3FB-27178F4EC338}C:\\warcraft\\war3.exe"= TCP:C:\warcraft\war3.exe:Warcraft III
"TCP Query User{0BFF1B0B-D894-464C-A304-39DE8270F813}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{37B436FD-BE22-493F-A898-811B17CA9373}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{38926F95-49AD-4D1F-A005-AE0CF31DBDA6}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{C3AAE532-76ED-44AF-A532-01BBA884983D}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{F5BED2E4-1EC0-44CD-9F4C-91A5C84D44B7}C:\\wolfenstein\\wolfmp.exe"= UDP:C:\wolfenstein\wolfmp.exe:WolfMP
"UDP Query User{10D2E4A1-351A-46F8-9798-94982B7C077E}C:\\wolfenstein\\wolfmp.exe"= TCP:C:\wolfenstein\wolfmp.exe:WolfMP
"TCP Query User{BBBB4951-F695-402E-8B2B-42660283A553}C:\\quake 3 groll\\quake3.exe"= UDP:C:\quake 3 groll\quake3.exe:quake3
"UDP Query User{28AD366C-279A-4905-B864-55454C45EE61}C:\\quake 3 groll\\quake3.exe"= TCP:C:\quake 3 groll\quake3.exe:quake3
"{190B8C74-6581-4C42-A421-D8346D8D126C}"= UDP:C:\Program Files\Medion\MEDIONbox\Program\GCS.exe:Gnab Service
"{A5AFCC33-666C-41BA-BABE-8E6F10520F88}"= TCP:C:\Program Files\Medion\MEDIONbox\Program\GCS.exe:Gnab Service
"{44B40160-7FDC-4F70-8A16-7151E579C53F}"= UDP:8371:Gnab Tcp Port
"{366A1781-453B-4AD1-BFFC-2DC39EBC61FA}"= TCP:8371:Gnab Udp Port
"TCP Query User{52143BB5-4885-483C-82EE-10958224049C}C:\\hl\\half-life\\hl.exe"= UDP:C:\hl\half-life\hl.exe:Half-Life Launcher
"UDP Query User{F1D82CDA-9774-4320-B1D1-5FC50BEC0AD0}C:\\hl\\half-life\\hl.exe"= TCP:C:\hl\half-life\hl.exe:Half-Life Launcher
"TCP Query User{1D7BAAD5-4D45-45C3-B0B2-E74DBC1D4B05}C:\\unreal anthology\\unrealgold\\system\\unreal.exe"= UDP:C:\unreal anthology\unrealgold\system\unreal.exe:Unreal
"UDP Query User{9F100203-5B94-465E-9D17-3172355F399B}C:\\unreal anthology\\unrealgold\\system\\unreal.exe"= TCP:C:\unreal anthology\unrealgold\system\unreal.exe:Unreal
"TCP Query User{7D843DE0-35F9-49AD-8EBD-EA01580A5745}C:\\c&cgernerals\\game.dat"= UDP:C:\c&cgernerals\game.dat:game.dat
"UDP Query User{CA8CB6F9-848C-4E70-8946-F7559202F525}C:\\c&cgernerals\\game.dat"= TCP:C:\c&cgernerals\game.dat:game.dat
"TCP Query User{64A9D91D-F6F6-459A-8B7E-DF3DEB5E76E2}C:\\users\\gianni\\desktop\\agbot\\nuconnector.exe"= UDP:C:\users\gianni\desktop\agbot\nuconnector.exe:nuconnector.exe
"UDP Query User{83E92890-373D-460D-BD9A-A7FC0B63F09F}C:\\users\\gianni\\desktop\\agbot\\nuconnector.exe"= TCP:C:\users\gianni\desktop\agbot\nuconnector.exe:nuconnector.exe
"TCP Query User{4A81AD43-A567-4947-875D-3458FD1891F5}C:\\hl\\half-life\\hl.exe"= UDP:C:\hl\half-life\hl.exe:Half-Life Launcher
"UDP Query User{29E9D46B-0F6C-4EC8-B185-B98EBD8B3692}C:\\hl\\half-life\\hl.exe"= TCP:C:\hl\half-life\hl.exe:Half-Life Launcher
"{20F34EB0-89DC-4E21-BEAF-1973D97287A8}"= UDP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{61762B0E-8CD7-42A7-9F48-6B6E1847CB32}"= TCP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{272D7503-8DC3-45AE-A644-A8E5B2E5B5A6}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{73C6721B-0606-4304-81A3-36E8FE96A0EF}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F97AC033-6046-40CF-920C-37195E3B8F6D}C:\\quake 3 groll\\quake3.exe"= UDP:C:\quake 3 groll\quake3.exe:quake3
"UDP Query User{78FD3805-2C8C-4E89-9D7C-855C5F50B0BB}C:\\quake 3 groll\\quake3.exe"= TCP:C:\quake 3 groll\quake3.exe:quake3
"TCP Query User{0FAA5814-405F-4C29-85AC-E1EB3F541077}C:\\program files\\silkroad\\silkerrsender.exe"= UDP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"UDP Query User{2F0E6CC2-938D-427E-8755-89D24290111F}C:\\program files\\silkroad\\silkerrsender.exe"= TCP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"TCP Query User{6903BD5E-2C18-4D77-97D6-F122F3D76AE0}C:\\program files\\silkroad\\agb\\nuconnector.exe"= UDP:C:\program files\silkroad\agb\nuconnector.exe:nuConnector
"UDP Query User{C11C750E-A944-4219-B30A-AD408761F460}C:\\program files\\silkroad\\agb\\nuconnector.exe"= TCP:C:\program files\silkroad\agb\nuconnector.exe:nuConnector
"TCP Query User{CBCEC1A6-29FA-45DF-87DF-3453611CAFD5}C:\\program files\\silkroad\\nuconnector.exe"= UDP:C:\program files\silkroad\nuconnector.exe:nuConnector
"UDP Query User{64C46A96-B9A8-4AFE-A58A-4405CF9829BB}C:\\program files\\silkroad\\nuconnector.exe"= TCP:C:\program files\silkroad\nuconnector.exe:nuConnector
"TCP Query User{C79A477A-FD5F-43D2-8C0F-F35720FD0FC4}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\source sdk base\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\source sdk base\hl2.exe:hl2
"UDP Query User{C79432EB-2D4C-4540-8425-68873C6A9751}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\source sdk base\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\source sdk base\hl2.exe:hl2
"TCP Query User{1D300CF2-761B-4D3D-95A6-F07DDB59AAF4}C:\\users\\gianni\\desktop\\policeforces\\policeforces0.7.1.14\\policeforces\\bin_w32\\pf_server.exe"= UDP:C:\users\gianni\desktop\policeforces\policeforces0.7.1.14\policeforces\bin_w32\pf_server.exef_server.exe
"UDP Query User{CB596D7E-1724-4381-9559-F8FDBD8E7765}C:\\users\\gianni\\desktop\\policeforces\\policeforces0.7.1.14\\policeforces\\bin_w32\\pf_server.exe"= TCP:C:\users\gianni\desktop\policeforces\policeforces0.7.1.14\policeforces\bin_w32\pf_server.exef_server.exe
"TCP Query User{6ED9FCDF-DFE7-4A5C-8C25-822D15893AB5}C:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= UDP:C:\program files\ubisoft\xiii\system\xiii.exe:XIII
"UDP Query User{6621FA52-7DEB-4D91-A3D8-0B64E98A9614}C:\\program files\\ubisoft\\xiii\\system\\xiii.exe"= TCP:C:\program files\ubisoft\xiii\system\xiii.exe:XIII
"TCP Query User{2DFA23EC-6F4D-433F-90C8-0DC201E41738}C:\\program files\\valve\\steam\\steamapps\\spasst09\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\spasst09\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{2273B24F-E2BD-4A64-AE38-4416CFAB23A1}C:\\program files\\valve\\steam\\steamapps\\spasst09\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\spasst09\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{D929D47D-D223-4841-A2E3-278EBAE6DB41}C:\\program files\\valve\\steam\\steamapps\\spasst09\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\spasst09\team fortress 2\hl2.exe:hl2
"UDP Query User{220832E8-4BBD-4CB8-B636-6F323373F07A}C:\\program files\\valve\\steam\\steamapps\\spasst09\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\spasst09\team fortress 2\hl2.exe:hl2
"TCP Query User{79219C37-F495-4E3C-AF12-C31AA7A77C87}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\team fortress 2\hl2.exe:hl2
"UDP Query User{0B684167-60E8-4140-8FB8-10175DD7DB68}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\team fortress 2\hl2.exe:hl2
"TCP Query User{3594BE2E-CAE3-4F6C-A057-F193A1E81A3E}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\garrysmod\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\garrysmod\hl2.exe:hl2
"UDP Query User{D4810889-329D-49EE-A2A7-6B04F564BB1B}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\garrysmod\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\garrysmod\hl2.exe:hl2
"TCP Query User{D483E9E1-CF76-4E75-BA3D-FC9EA1AC9061}C:\\half-life\\hl.exe"= UDP:C:\half-life\hl.exe:Half-Life Launcher
"UDP Query User{B026FA35-935D-49A5-9343-6BB3C356D666}C:\\half-life\\hl.exe"= TCP:C:\half-life\hl.exe:Half-Life Launcher
"TCP Query User{7F202F2B-FA48-4C5A-A557-731120D1D9BB}C:\\half-life\\hlds.exe"= UDP:C:\half-life\hlds.exe:hlds
"UDP Query User{24525E4F-413D-42BB-B080-B692983D057A}C:\\half-life\\hlds.exe"= TCP:C:\half-life\hlds.exe:hlds
"TCP Query User{51442F0D-EE70-4D0C-98AA-8047F411204F}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\day of defeat source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\day of defeat source\hl2.exe:hl2
"UDP Query User{1C8FF75F-78D2-4DCB-B506-E9ABC049719A}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\day of defeat source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\day of defeat source\hl2.exe:hl2
"TCP Query User{D8FFAA3D-1AD4-4A82-A0C5-CFE953DB9E9B}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{4EC36777-2B0F-4D04-B1B3-7CA1F4F9B757}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{A1B54017-D4C6-48F5-88BC-DCC64C4BFE01}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{B04A4B85-39FB-4BF8-B395-FFE9344A543E}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{6651C5A9-7B41-4881-8F39-77ED8EBC1654}C:\\program files\\sauerbraten\\bin\\sauerbraten.exe"= UDP:C:\program files\sauerbraten\bin\sauerbraten.exe:sauerbraten
"UDP Query User{B40D6B63-1E38-465F-85E5-A69914F5BE52}C:\\program files\\sauerbraten\\bin\\sauerbraten.exe"= TCP:C:\program files\sauerbraten\bin\sauerbraten.exe:sauerbraten
"TCP Query User{BB4ADA57-B8E1-4544-A134-4CC6568172FE}C:\\program files\\valve\\steam\\steamapps\\123gianni\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\123gianni\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{0656588E-F300-46C9-994A-DF0A9CFB8E86}C:\\program files\\valve\\steam\\steamapps\\123gianni\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\123gianni\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{4E9B1C3C-0697-4159-80A4-9EBD3EEFE105}C:\\program files\\silkroad\\silkerrsender.exe"= UDP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"UDP Query User{E3E8735B-588D-459A-836C-18D468D307F0}C:\\program files\\silkroad\\silkerrsender.exe"= TCP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????
"TCP Query User{92DEA594-094F-4FA2-8068-E2219CE13BD7}C:\\flatout2\\flatout2.exe"= UDP:C:\flatout2\flatout2.exe:FlatOut2
"UDP Query User{793FC671-EFE0-4E30-BD4E-A3D263F9F2CE}C:\\flatout2\\flatout2.exe"= TCP:C:\flatout2\flatout2.exe:FlatOut2
"TCP Query User{9EE51026-D96D-40BE-99EB-AC6EE602DB0A}C:\\users\\public\\warcraft\\war3.exe"= UDP:C:\users\public\warcraft\war3.exe:Warcraft III
"UDP Query User{4E78B451-18C9-4EC8-A158-EED1AAC1CA24}C:\\users\\public\\warcraft\\war3.exe"= TCP:C:\users\public\warcraft\war3.exe:Warcraft III
"TCP Query User{590F5708-E5B3-42B7-AEEC-CA9200BE02DE}C:\\users\\gianni\\desktop\\bf\\bf1942.exe"= UDP:C:\users\gianni\desktop\bf\bf1942.exe:bf1942.exe
"UDP Query User{2DC3DB67-000D-4F82-A967-5EA10FAA2E05}C:\\users\\gianni\\desktop\\bf\\bf1942.exe"= TCP:C:\users\gianni\desktop\bf\bf1942.exe:bf1942.exe
"TCP Query User{9D994AA0-C1E0-4B19-B748-B0136A63A5DA}C:\\users\\gianni\\desktop\\botisro\\srobot.exe"= UDP:C:\users\gianni\desktop\botisro\srobot.exe:srobot.exe
"UDP Query User{47136561-BA53-4D35-BE0A-35E9F28CCBAB}C:\\users\\gianni\\desktop\\botisro\\srobot.exe"= TCP:C:\users\gianni\desktop\botisro\srobot.exe:srobot.exe
"TCP Query User{8572DABB-CE21-4536-B1E4-96156B99E593}C:\\program files\\valve\\steam\\steamapps\\big_moe\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\big_moe\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1F3E72DD-9681-49CB-914C-9081134894A3}C:\\program files\\valve\\steam\\steamapps\\big_moe\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\big_moe\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{3D5342B9-53C2-49E3-9676-D95560F826E6}C:\\users\\gianni\\desktop\\clisro\\?????.exe"= UDP:C:\users\gianni\desktop\clisro\?????.exe????.exe
"UDP Query User{A004E1A7-D750-4C8D-9E21-AD82D932E049}C:\\users\\gianni\\desktop\\clisro\\?????.exe"= TCP:C:\users\gianni\desktop\clisro\?????.exe????.exe
"TCP Query User{A9ADEB27-4DA6-4DA2-AF1D-2EB565D82DEB}C:\\users\\gianni\\desktop\\isrobot\\sroboten1.89\\srobot.exe"= UDP:C:\users\gianni\desktop\isrobot\sroboten1.89\srobot.exe:srobot.exe
"UDP Query User{11307994-4D7E-4A1B-8D99-B83F5F8002F0}C:\\users\\gianni\\desktop\\isrobot\\sroboten1.89\\srobot.exe"= TCP:C:\users\gianni\desktop\isrobot\sroboten1.89\srobot.exe:srobot.exe
"TCP Query User{8597FF27-5E2D-41D1-A0F3-1C53019F743C}C:\\windows\\sremu rev2(de).exe"= UDP:C:\windows\sremu rev2(de).exe:SREmu Rev2(DE)
"UDP Query User{43EBCCBF-5265-4618-B0BC-EE336B396438}C:\\windows\\sremu rev2(de).exe"= TCP:C:\windows\sremu rev2(de).exe:SREmu Rev2(DE)
"TCP Query User{D1951223-96F7-4F1B-851A-60F4130CDFEC}C:\\users\\gianni\\desktop\\silkroad_manual-patch_downloader.exe"= UDP:C:\users\gianni\desktop\silkroad_manual-patch_downloader.exe:silkroad_manual-patch_downloader.exe
"UDP Query User{E599535B-EF23-4C66-A61D-E6ECE18CFA43}C:\\users\\gianni\\desktop\\silkroad_manual-patch_downloader.exe"= TCP:C:\users\gianni\desktop\silkroad_manual-patch_downloader.exe:silkroad_manual-patch_downloader.exe
"{0766113F-B3C2-4555-B34B-7103EEA90F10}"= UDP:C:\Users\Gianni\Desktop\IsroClient\SROBotFullEnChs1.89\?????.exe????
"{E5D6D19B-0152-4761-9861-9D33C7248A8F}"= TCP:C:\Users\Gianni\Desktop\IsroClient\SROBotFullEnChs1.89\?????.exe????
"TCP Query User{41CD5F10-8627-4392-B864-5FEF2467E220}C:\\users\\gianni\\desktop\\dnldownloader.exe"= UDP:C:\users\gianni\desktop\dnldownloader.exe:dnldownloader.exe
"UDP Query User{F72AF21D-9537-4641-9963-9003648B20BD}C:\\users\\gianni\\desktop\\dnldownloader.exe"= TCP:C:\users\gianni\desktop\dnldownloader.exe:dnldownloader.exe
"TCP Query User{3BA63624-31FF-4DC0-99A2-8C48F8560C74}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\sweetgngsta\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{B833ABA2-18CD-43B9-AD3E-2B43AF35A302}C:\\program files\\valve\\steam\\steamapps\\sweetgngsta\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\sweetgngsta\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{4BCC026B-2192-44C1-85C2-8DC6A64F215B}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7356E9A7-2D90-4F88-B5CE-140F2F863C89}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{A5A46D3A-2050-46E7-964F-7290C0CCC31F}C:\\users\\gianni\\desktop\\isroclient\\srobotfullenchs1.89\\?????.exe"= UDP:C:\users\gianni\desktop\isroclient\srobotfullenchs1.89\?????.exe????.exe
"UDP Query User{AA7BF723-A534-4A62-9352-A4325FB3C36B}C:\\users\\gianni\\desktop\\isroclient\\srobotfullenchs1.89\\?????.exe"= TCP:C:\users\gianni\desktop\isroclient\srobotfullenchs1.89\?????.exe????.exe
"TCP Query User{2CAE76EE-83BE-479B-9879-B48DC9CA9DEE}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{D6394C58-A3BD-47D4-BC76-60556B39929C}C:\\program files\\common files\\ahead\\nero web\\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{910FA567-8C05-49D5-AA22-0CF8AB84878D}C:\\users\\gianni\\appdata\\local\\temp\\nero web\\setupxu.exe"= UDP:C:\users\gianni\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"UDP Query User{D921A6E1-4B09-48B0-90B2-558232397999}C:\\users\\gianni\\appdata\\local\\temp\\nero web\\setupxu.exe"= TCP:C:\users\gianni\appdata\local\temp\nero web\setupxu.exe:setupxu.exe
"TCP Query User{0E790476-35F2-400D-A18C-02CDEE45B0B9}C:\\users\\gianni\\desktop\\agbot\\nuconnector6.exe"= UDP:C:\users\gianni\desktop\agbot\nuconnector6.exe:nuconnector6.exe
"UDP Query User{E0C96EB0-37A2-47AD-9ADA-ED5270222922}C:\\users\\gianni\\desktop\\agbot\\nuconnector6.exe"= TCP:C:\users\gianni\desktop\agbot\nuconnector6.exe:nuconnector6.exe
"TCP Query User{7D6C473B-7CB3-43DD-83F2-16A2B79797AC}C:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer renegade(tm)\\renegade\\game.exe"= UDP:C:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer renegade(tm)\renegade\game.exe:Renegade
"UDP Query User{BAC731D8-C19B-49C9-B73F-71C10550A9DB}C:\\program files\\ea games\\command & conquer die ersten 10 jahre\\command & conquer renegade(tm)\\renegade\\game.exe"= TCP:C:\program files\ea games\command & conquer die ersten 10 jahre\command & conquer renegade(tm)\renegade\game.exe:Renegade
"{14505AFF-0514-430B-9BFD-D30B80A238B9}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{4BD9B05A-B31E-4321-B1F2-00660BD4EEE1}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{071594C3-A431-40C4-9024-052E86CDC2D7}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{8DE280F3-43E1-413F-8CBA-1DC11F8C2181}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{13E5CCBF-015C-4D67-8016-5742C6BF2BF8}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{39FB76A4-08CF-4B9C-B182-91FF5309B7E7}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"TCP Query User{B1B99E26-3D69-45B4-A5FA-7C49C82D5A6F}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\multisocket.exe"= UDP:C:\users\gianni\desktop\steahlth\lite\nuconnector\multisocket.exe:multisocket.exe
"UDP Query User{16E50D43-69AC-4BDB-80A0-4EFC2545091B}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\multisocket.exe"= TCP:C:\users\gianni\desktop\steahlth\lite\nuconnector\multisocket.exe:multisocket.exe
"TCP Query User{CEAF406C-1EC2-4559-B256-E8544262FE51}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\nuconnector.exe"= UDP:C:\users\gianni\desktop\steahlth\lite\nuconnector\nuconnector.exe:nuconnector.exe
"UDP Query User{6990ED1A-F38D-4A0B-AA87-1F5EB2EE1841}C:\\users\\gianni\\desktop\\steahlth\\lite\\nuconnector\\nuconnector.exe"= TCP:C:\users\gianni\desktop\steahlth\lite\nuconnector\nuconnector.exe:nuconnector.exe
"TCP Query User{B55BF5F2-33D5-4D89-BC2C-6BEA24C62DF9}C:\\users\\gianni\\desktop\\isroooo\\srobot.exe"= UDP:C:\users\gianni\desktop\isroooo\srobot.exe:srobot.exe
"UDP Query User{6E3817F1-019D-43F7-A47B-1781ECC75160}C:\\users\\gianni\\desktop\\isroooo\\srobot.exe"= TCP:C:\users\gianni\desktop\isroooo\srobot.exe:srobot.exe
"TCP Query User{054515C0-5E0B-4332-8C03-E3347085D1E8}C:\\users\\gianni\\desktop\\agagaga\\nuconnector6.exe"= UDP:C:\users\gianni\desktop\agagaga\nuconnector6.exe:nuconnector6.exe
"UDP Query User{1DA07877-5125-4906-BE9E-D3F372316BBD}C:\\users\\gianni\\desktop\\agagaga\\nuconnector6.exe"= TCP:C:\users\gianni\desktop\agagaga\nuconnector6.exe:nuconnector6.exe
"TCP Query User{BE6C4254-E178-4777-BAC8-352C758FD0D1}C:\\users\\gianni\\desktop\\isroneu\\srobot.exe"= UDP:C:\users\gianni\desktop\isroneu\srobot.exe:srobot.exe
"UDP Query User{9E29D249-6996-4F0E-B79F-E808E1A08A96}C:\\users\\gianni\\desktop\\isroneu\\srobot.exe"= TCP:C:\users\gianni\desktop\isroneu\srobot.exe:srobot.exe
"TCP Query User{4BA7B5D6-16C9-4B30-94A9-67FA86AEA17F}C:\\program files\\serious sam 2\\bin\\sam2.exe"= UDP:C:\program files\serious sam 2\bin\sam2.exe:Sam2
"UDP Query User{D2325545-F0C8-4939-A408-5B016D988A65}C:\\program files\\serious sam 2\\bin\\sam2.exe"= TCP:C:\program files\serious sam 2\bin\sam2.exe:Sam2
"TCP Query User{0B1E11B8-8345-488C-A7F5-A929BD3C370D}C:\\users\\gianni\\desktop\\package1.6.5v5.no_map\\nuconnector66a.exe"= UDP:C:\users\gianni\desktop\package1.6.5v5.no_map\nuconnector66a.exe:nuconnector66a.exe
"UDP Query User{A4358535-6A25-4AF3-BB44-EE1140430CC8}C:\\users\\gianni\\desktop\\package1.6.5v5.no_map\\nuconnector66a.exe"= TCP:C:\users\gianni\desktop\package1.6.5v5.no_map\nuconnector66a.exe:nuconnector66a.exe
"TCP Query User{EC1FB7E4-5B58-4B69-B193-8846F7C25D2F}C:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"UDP Query User{DCFC8ACF-F53E-4CF8-912B-F24016A6F484}C:\\program files\\mozilla firefox 3 beta 2\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 2\firefox.exe:Firefox
"TCP Query User{7516306A-74E0-437B-B972-65A1F77A7DEB}C:\\program files\\ws_ftp\\ws_ftp95.exe"= UDP:C:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"UDP Query User{DA7002C7-BC29-43D4-887C-01FC72FB230C}C:\\program files\\ws_ftp\\ws_ftp95.exe"= TCP:C:\program files\ws_ftp\ws_ftp95.exe:WS_FTP 95
"TCP Query User{42A27446-EEA0-421B-8700-E0560C57F420}C:\\users\\public\\quake 4\\quake4.exe"= UDP:C:\users\public\quake 4\quake4.exe:Quake 4
"UDP Query User{F4001EAA-C1CE-4A71-A40E-11E5D8B44BD2}C:\\users\\public\\quake 4\\quake4.exe"= TCP:C:\users\public\quake 4\quake4.exe:Quake 4
"TCP Query User{C9EA4F9B-8D77-47EF-A633-72ADF038F759}C:\\program files\\ea games\\need for speed most wanted\\speed.exe"= UDP:C:\program files\ea games\need for speed most wanted\speed.exe:speed
"UDP Query User{8DCDDEEF-8904-422A-A231-6C6B226E2F8E}C:\\program files\\ea games\\need for speed most wanted\\speed.exe"= TCP:C:\program files\ea games\need for speed most wanted\speed.exe:speed
"TCP Query User{307EE299-9DA4-4E93-8690-C3DF4E66F607}C:\\program files\\phonostar\\ps_olect.exe"= UDP:C:\program files\phonostar\ps_olect.exes_olect
"UDP Query User{FDC5ACCE-F4F8-4D0F-BF6E-DA1CCBA12357}C:\\program files\\phonostar\\ps_olect.exe"= TCP:C:\program files\phonostar\ps_olect.exes_olect
"TCP Query User{1B80A451-DF83-4A25-A818-825B9605446B}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= UDP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"UDP Query User{ABF42145-E841-4183-B0B3-ED8DA4899BB6}C:\\program files\\games-masters.com\\cabal online (europe)\\launcher\\update\\estdnheadless.exe"= TCP:C:\program files\games-masters.com\cabal online (europe)\launcher\update\estdnheadless.exe:EST! download engine
"TCP Query User{25961EF1-E76E-4090-B3B1-571992732458}C:\\hl\\half-life\\half-life\\hl.exe"= UDP:C:\hl\half-life\half-life\hl.exe:Half-Life Launcher
"UDP Query User{374CCEB7-122C-406A-8109-857D1F8D0000}C:\\hl\\half-life\\half-life\\hl.exe"= TCP:C:\hl\half-life\half-life\hl.exe:Half-Life Launcher
"TCP Query User{2A471A49-2003-4647-A0F9-6FC2870FFADA}C:\\hl\\half-life\\half-life\\hlds.exe"= UDP:C:\hl\half-life\half-life\hlds.exe:hlds
"UDP Query User{2F49D989-DC79-431D-8B67-B3BA097440CE}C:\\hl\\half-life\\half-life\\hlds.exe"= TCP:C:\hl\half-life\half-life\hlds.exe:hlds
"TCP Query User{8E1AFCE3-9517-4895-998F-D33BDB36B502}C:\\hl\\half-life\\half-life\\hltv.exe"= UDP:C:\hl\half-life\half-life\hltv.exe:hltv
"UDP Query User{DCB76596-3C64-463B-A939-B9008166BD4F}C:\\hl\\half-life\\half-life\\hltv.exe"= TCP:C:\hl\half-life\half-life\hltv.exe:hltv
"TCP Query User{A6366FAB-DC44-4D49-99FC-C97166BB87EB}C:\\users\\gianni\\desktop\\silkroad\\silkerrsender.exe"= UDP:C:\users\gianni\desktop\silkroad\silkerrsender.exe:silkerrsender.exe
"UDP Query User{EC43C64D-5CD4-4F8A-86B9-A21634DD5E9E}C:\\users\\gianni\\desktop\\silkroad\\silkerrsender.exe"= TCP:C:\users\gianni\desktop\silkroad\silkerrsender.exe:silkerrsender.exe
"{55C83825-B282-4434-85EC-9A774DD3ADDE}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8FA066C6-8756-45CC-8D89-4172A52937BD}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{8BE09C38-1EA7-4E96-AF2D-0C83F05B2E32}"= UDP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004
"{5A62CAC8-30E9-43C4-9C33-F732652F14D8}"= TCP:C:\Unreal Anthology\UT2004\System\UT2004.exe:UT2004

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-06-19 10:01]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-06-19 10:01]
R2 GnabService;GnabService;c:\program files\common files\gnab\service\servicecontroller.exe [2007-04-19 13:11]
R2 srvcPVR;Sceneo PVR Service;C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe [2007-08-16 11:31]
R2 SVKP;SVKP;C:\Windows\system32\SVKP.sys [2008-04-09 18:39]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 14:44]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28.sys [2007-11-21 12:17]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-11-09 23:30]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]
S3 cimo;cimo;C:\Windows\system32\drivers\cimo.ahc [2008-08-09 11:29]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 16:18]
S3 ovt530;Hercules Webcam Deluxe;C:\Windows\system32\Drivers\ov530vid.sys [2005-03-15 18:04]
S3 PhilCap;NXP service;C:\Windows\system32\DRIVERS\PhilCap.sys [2007-07-31 12:58]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 20:05]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhalt des "geplante Tasks" Ordners

2008-08-08 C:\Windows\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
.
.
------- Zusätzlicher Scan -------
.
FireFox -: Profile - C:\Users\Gianni\AppData\Roaming\Mozilla\Firefox\Profiles\zh41hjgi.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.de
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\NPAskSBr.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\NPOFFICE.DLL
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 2\plugins\npyaxmpb.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-09 14:27:45
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-08-09 14:29:58
ComboFix-quarantined-files.txt 2008-08-09 12:29:51
ComboFix2.txt 2008-08-09 11:39:45

Pre-Run: 24 Verzeichnis(se), 62,272,815,104 Bytes frei
Post-Run: 33 Verzeichnis(se), 62,236,196,864 Bytes frei

429 --- E O F --- 2008-08-09 01:03:18



__________________________________________________________________________


Hijack:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:04, on 09.08.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RF - Formular ausfüllen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RF - Formular speichern - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: RF - Menü anpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite55\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite55\ICQLite.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196839374280
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\Windows\system32\sfrem01.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\PVRService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 12046 bytes





MFG

#4 HalpMich

>>
Askbar entfernen
Start -> Einstellungen -> Systemsteuerung -> Software >
Entferne AskSBar,SrchAstt oder Ask Search Assistant

>>
Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Wichtig:Rechner neu Starten

>>
Mach einen Onlinescan mit Bitdefender und poste das Log:
http://virus-protect.org/artikel/tools/bitdefender.html

Gruss Swiss

#5 und was ist wenn ich AskBar und SrchAst nich auf dem rechner ist?
Also Unter Programme hab ich kein Askbar .... aber so hab ich es jezz denke komplett wegbekommn oder wars das noch nich?

aber schonmal n danke hab schon beführchtet ich muss mein rechner platt machn

edit. das mit dem bitdefender will iwie nich da kommt nix was der bescheibung ähnelt und wenn ich IE öffne kommt AskToolbar =/?

#6 Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

Zitat

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

klicke: Fix checked
Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Starte Malwarebytes’Anti-Malware wähle Reiter " Weitere Programme "
Klicke "Programm ausführen " unter FileASSASSIN
Suche C:\Program Files\AskTBar und klicke OK

Mach dasselbe mit C:\Program Files\Uninstall Ask Toolbar.dll

Prüfe mal diese Datei(en) bei Virustotal http://www.virustotal.com/flash/index_en.html

C:\Windows\System32\cssdll32.dll

Note: Wenn bei ViruTotal die Meldung kommt ” Die Datei wurde bereits analysiert “wähle „Analysiere die Datei“
Und Berichte

Java
Dein Java software ist veraltet,
Download Java Runtime Environment (JRE) 6u7 zum Desktop

Entferne ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Die aeltere Versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Schliesse alle Programme auch dein Webbrowser
Installiere jetzt vom Desktop aus ---> jre-6u7-windows-i586-p.exe
__________
MfG Argus