3 Trojaner auf meinem Rechner. :-(

#0
19.03.2010, 18:07
Member

Themenstarter

Beiträge: 67
#16 hi,
also, ich habe den dr.web gestern nacht noch gestartet. oh my god, der läuft ja ewig. und dann waren heute nachmittag ca. 75% gescannt, als sich der pc runtergefahren hat. :-)
jetzt habe ich ihn halt wieder gestartet. ich hoffe, dass er jetzt durchhält.
bis dato hatte er 15 infizierte dateien entdeckt, wobei ich sagen muss, dass das überwiegend programme waren, die ich seit 10 jahrern auf dem rechner hatte (aber meistens auch gar nicht benutzt habe). ich weiss, dass das nichts zu sagen hat, aber mir geht es ja in erster linie um diese drei trojaner.
ich melde mich, wenn es was neues gibt.
vielen herzlichen dank mal wieder. :-)
dir ein schönes frühlingshaftes wochenende.
lg,
Seitenanfang Seitenende
19.03.2010, 23:44
Moderator

Beiträge: 5694
#17 Na dann hoffen wir dass er nicht wieder abstürzt ;)
Seitenanfang Seitenende
20.03.2010, 02:44
Member

Themenstarter

Beiträge: 67
#18 oh nee, komme grad heim und dr.web war zwar fertig mit dem scannen aber als ich den bericht speichern wollte, stürzt der pc ab! das kann doch nicht wahr sein! :-(
puh, nun starte ich ihn erneut. hoffe, dass es über nacht besser klappt.
gute nacht!
Seitenanfang Seitenende
20.03.2010, 11:16
Moderator

Beiträge: 5694
#19 Hmmm.... wenns nicht gent dann machen wir ma folgendes:

Partition mit chkdsk überprüfen und reparieren (Vista)

Doppelklick auf "Computer" auf dem Desktop => Rechtsklick auf das Laufwerk C: => Eigenschaften => Tools => Fehlerüberprüfung => Jetzt prüfen => Fortsetzen => beide Option anhaken => Starten => Datenträgerüberprüfung planen. Rechner neu starten und anschließend am Rechner nichts machen, bis er fertig mit dem Scan ist. Das windowsintere Tool chkdsk überprüft die Festplatte und behebt etwaige Fehler.
Seitenanfang Seitenende
20.03.2010, 11:18
Member

Themenstarter

Beiträge: 67
#20 guten morgen,
nee, er hat sich über nacht schon wieder neu hochgefahren. ich mache jetzt gerade mal den quick scan. bringt das überhaupt was? bisher hat er nichts gefunden und hat so ca. 70%.
nach dem quick scan mache ich deinen neuen vorschlag. :-)
vielen dank,
lg
Seitenanfang Seitenende
20.03.2010, 11:32
Member

Themenstarter

Beiträge: 67
#21 ok, der quick scan hat nichts ergeben. jetzt mache ich die fehlerüberprüfung.
lg
Seitenanfang Seitenende
20.03.2010, 13:39
Member

Themenstarter

Beiträge: 67
#22 so die überprüfung ist abgeschloosen mit keinem fehler. das ist ja schon mal erfreulich. ich denke, ich probiere dann mal wieder den scan. vielleicht klappt es ja doch noch.
lg
Seitenanfang Seitenende
20.03.2010, 21:57
Member

Themenstarter

Beiträge: 67
#23 hallo,
ich verzweifel langsam. es lief den ganzen tag und jetzt kam grad wieder die meldung, dass sich windows in einer minute runterfahren wird.....tja, das wars dann wieder mit dem scannen....was soll ich denn jetzt machen? :-(
vielen dank,
lg
Seitenanfang Seitenende
20.03.2010, 23:52
Moderator

Beiträge: 5694
#24 Also dann:

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in Code-Tags hier in den Thread.
Seitenanfang Seitenende
21.03.2010, 03:42
Member

Themenstarter

Beiträge: 67
#25 alles klar. das mach ich dann morgen.
gute nacht. :-)
lg
Seitenanfang Seitenende
21.03.2010, 11:21
Member

Themenstarter

Beiträge: 67
#26 guten morgen :-)

hier die ergebnisse des otl scans:

Code


OTL logfile created on: 21.03.2010 11:14:11 - Run 2
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 49,84 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298,09 Gb Total Space | 141,86 Gb Free Space | 47,59% Space Free | Partition Type: NTFS

Computer Name: ALEX
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Office Live\OfficeLiveSignIn.exe (Microsoft Corp.)
PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
PRC - C:\Windows\vVX3000.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\ACD Systems\DE\DevDetect.exe (ACD Systems, Ltd.)
PRC - C:\ProgramData\U3\U3Launcher\LaunchU3.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Alexander\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (vpnagent) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (vpnva) -- C:\Windows\System32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys (Padus, Inc.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (Spyder2) -- C:\Windows\System32\drivers\Spyder2.sys ()
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (VX3000) -- C:\Windows\System32\drivers\VX3000.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (xfilt) -- C:\Windows\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (LVPrcMon) -- C:\Windows\System32\drivers\LVPrcMon.sys ()
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mirostart.com/?cfg=2-73-0-cFDH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8
FF - prefs.js..extensions.enabledItems: {89506680-e3f4-484c-a2c0-ed711d481eda}:0.9.5.5
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.0
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.74


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.17 23:49:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.17 18:08:42 | 000,000,000 | ---D | M]

[2008.06.17 19:29:26 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Extensions
[2010.03.20 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions
[2007.10.19 17:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{1de0de3c-0b5c-4f67-90c6-689623894991}
[2009.07.22 16:36:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.10.28 18:29:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.11 19:35:41 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2010.02.03 08:49:58 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2010.02.11 19:35:38 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.02.03 08:49:53 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.02.03 08:49:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.03 08:49:58 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009.11.03 20:04:14 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2009.04.14 19:52:27 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\firefox@tvunetworks(63).com
[2009.10.24 16:24:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\moveplayer@movenetworks.com
[2007.10.19 17:48:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander\AppData\Roaming\mozilla\Firefox\Profiles\kwezadbm.default\extensions\piraton@enchufados.net
[2010.01.27 17:05:36 | 000,001,743 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\kwezadbm.default\searchplugins\ask.uk.xml
[2010.03.14 23:33:36 | 000,000,950 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\kwezadbm.default\searchplugins\icqplugin-1.xml
[2008.02.19 17:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Mozilla\FireFox\Profiles\kwezadbm.default\searchplugins\icqplugin.xml
[2010.03.17 23:49:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.08.02 21:01:17 | 000,000,000 | ---D | M] (Amazon-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7}
[2007.08.02 21:01:18 | 000,000,000 | ---D | M] (Home Extension) -- C:\Programme\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259}
[2007.08.02 21:01:18 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Programme\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}
[2007.08.02 21:01:17 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285}
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CamWizard] C:\Programme\Common Files\Logitech\QCDRV\BIN\CamWizard.exe (Logitech Inc.)
O4 - HKLM..\Run: [Device Detector]  File not found
O4 - HKLM..\Run: [InstantOn] C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe ()
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TVBroadcast] C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Home Cinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk = C:\Users\Alexander\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe ()
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bw+0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw+0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw00s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw-0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw10s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw20s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw30s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw40s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw50s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw60s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw70s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw80s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bw90s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwa0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwb0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwc0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwd0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwe0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwf0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwg0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwh0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwi0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwj0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwk0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwl0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwm0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwn0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwo0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwp0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwq0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwr0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bws0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwt0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwu0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwv0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bww0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwx0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwy0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0 {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\bwz0s {57b1fdc6-7a41-49eb-a6ca-f092f1098e60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {57B1FDC6-7A41-49EB-A6CA-F092F1098E60} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alexander\Bilder\Bilder 2009\2009.05.31 Karneval der Kulturen\DSC_9987b2desktop.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alexander\Bilder\Bilder 2009\2009.05.31 Karneval der Kulturen\DSC_9987b2desktop.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.18 19:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.03.18 18:18:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.03.18 18:14:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.03.18 11:53:58 | 000,000,000 | ---D | C] -- C:\Users\Alexander\DoctorWeb
[2010.03.18 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Alexander\Desktop\Neuer Download
[2010.03.18 11:05:42 | 000,472,064 | ---- | C] ( ) -- C:\Users\Alexander\Desktop\RootRepeal.exe
[2010.03.18 10:51:49 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010.03.18 10:49:07 | 000,000,000 | ---D | C] -- C:\SDFix
[2010.03.17 23:16:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.17 23:16:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.03.17 23:15:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.17 23:15:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.17 23:15:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.17 20:26:23 | 000,000,000 | ---D | C] -- C:\Programme\XXXX
[2010.03.17 18:50:39 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Malwarebytes
[2010.03.17 18:50:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.17 18:50:33 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.17 18:50:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.17 18:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.15 13:59:15 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Local\Cisco
[2010.03.15 13:58:28 | 000,000,000 | ---D | C] -- C:\Programme\Cisco
[2010.03.10 11:30:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.10 11:29:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.02 21:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2010.03.02 21:40:01 | 000,000,000 | ---D | C] -- C:\Users\Alexander\AppData\Roaming\Nero
[2010.03.02 21:04:41 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nero
[2010.02.24 10:55:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.21 11:14:40 | 004,456,448 | -HS- | M] () -- C:\Users\Alexander\ntuser.dat
[2010.03.21 11:12:37 | 001,541,530 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.21 11:12:37 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.21 11:12:37 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.21 11:12:37 | 000,142,222 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.21 11:12:37 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.21 11:09:54 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.03.21 11:07:53 | 000,002,441 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchU3.exe.lnk
[2010.03.21 11:07:23 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.21 11:07:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.21 11:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.21 11:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.21 11:06:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.21 11:06:43 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.21 03:44:51 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.03.21 03:44:51 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.21 03:44:47 | 001,737,431 | -H-- | M] () -- C:\Users\Alexander\AppData\Local\IconCache.db
[2010.03.21 03:32:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.20 16:05:06 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A3B30619-79C0-4B35-A35F-3B5B488D554F}.job
[2010.03.20 09:01:12 | 000,000,680 | ---- | M] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2010.03.20 02:32:37 | 422,008,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.19 02:11:51 | 034,350,720 | ---- | M] () -- C:\Users\Alexander\Desktop\9s3sy7h3.exe
[2010.03.18 19:17:29 | 000,009,477 | ---- | M] () -- C:\Users\Alexander\Desktop\report_fsols_4_0.html
[2010.03.18 11:06:12 | 000,000,000 | ---- | M] () -- C:\Users\Alexander\Desktop\settings.dat
[2010.03.18 10:51:50 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander\Desktop\OTL.exe
[2010.03.17 23:15:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.03.17 23:15:10 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.17 23:15:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.17 23:15:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.17 20:27:30 | 000,001,648 | ---- | M] () -- C:\Users\Alexander\Desktop\HijackThis.lnk
[2010.03.17 18:50:38 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.17 18:08:44 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.16 16:16:32 | 000,000,052 | ---- | M] () -- C:\Users\Alexander\AppData\Roaming\Default.PLS
[2010.03.16 13:30:47 | 011,821,736 | ---- | M] () -- C:\Users\Alexander\Documents\34073.wmv
[2010.03.16 13:30:30 | 011,733,730 | ---- | M] () -- C:\Users\Alexander\Documents\34074.wmv
[2010.03.16 13:30:05 | 011,797,736 | ---- | M] () -- C:\Users\Alexander\Documents\34075.wmv
[2010.03.16 13:25:43 | 002,045,662 | ---- | M] () -- C:\Users\Alexander\Documents\3-18.wmv
[2010.03.16 13:25:32 | 002,045,662 | ---- | M] () -- C:\Users\Alexander\Documents\3-17.wmv
[2010.03.16 13:22:58 | 003,912,271 | ---- | M] () -- C:\Users\Alexander\Documents\movie4-2.wmv
[2010.03.16 13:21:10 | 003,871,156 | ---- | M] () -- C:\Users\Alexander\Documents\movie3-4.wmv
[2010.03.16 13:21:03 | 003,871,156 | ---- | M] () -- C:\Users\Alexander\Documents\movie3-3.wmv
[2010.03.16 13:20:19 | 004,668,787 | ---- | M] () -- C:\Users\Alexander\Documents\movie2-3.wmv
[2010.03.16 13:19:20 | 003,920,494 | ---- | M] () -- C:\Users\Alexander\Documents\movie1-1.wmv
[2010.03.16 13:17:41 | 011,789,736 | ---- | M] () -- C:\Users\Alexander\Documents\34072.wmv
[2010.03.15 14:40:42 | 023,546,212 | ---- | M] () -- C:\Users\Alexander\Documents\5739GEMaSkm.flv
[2010.03.15 14:29:50 | 023,423,737 | ---- | M] () -- C:\Users\Alexander\Documents\5339GByg2Ze.flv
[2010.03.10 11:33:13 | 000,000,324 | ---- | M] () -- C:\Windows\win.ini
[2010.03.04 12:40:53 | 001,933,656 | ---- | M] () -- C:\Users\Alexander\Documents\3-16.wmv
[2010.03.04 12:38:04 | 001,925,662 | ---- | M] () -- C:\Users\Alexander\Documents\3-15.wmv
[2010.03.04 12:37:19 | 005,320,704 | ---- | M] () -- C:\Users\Alexander\Documents\17703.mpg
[2010.03.04 12:34:58 | 001,449,314 | ---- | M] () -- C:\Users\Alexander\Documents\clip_53.wmv
[2010.03.04 12:34:31 | 001,428,389 | ---- | M] () -- C:\Users\Alexander\Documents\clip_46-2.wmv
[2010.03.04 12:34:07 | 001,428,389 | ---- | M] () -- C:\Users\Alexander\Documents\clip_26.wmv
[2010.03.04 12:32:59 | 000,577,009 | ---- | M] () -- C:\Users\Alexander\Documents\003.wmv
[2010.03.04 12:30:30 | 002,037,662 | ---- | M] () -- C:\Users\Alexander\Documents\4-12.wmv
[2010.03.04 12:30:08 | 002,037,662 | ---- | M] () -- C:\Users\Alexander\Documents\3-14.wmv
[2010.03.04 12:29:44 | 002,069,662 | ---- | M] () -- C:\Users\Alexander\Documents\2-10.wmv
[2010.03.04 12:29:21 | 002,053,662 | ---- | M] () -- C:\Users\Alexander\Documents\1-7.wmv
[2010.03.04 12:10:17 | 007,375,962 | ---- | M] () -- C:\Users\Alexander\Documents\4391.flv
[2010.03.04 12:05:29 | 002,272,893 | ---- | M] () -- C:\Users\Alexander\Documents\4742.flv
[2010.03.03 19:43:58 | 052,149,572 | ---- | M] () -- C:\Users\Alexander\Documents\5839Glyj4yj.flv
[2010.03.02 12:09:39 | 027,350,763 | ---- | M] () -- C:\Users\Alexander\Documents\5438Gxq7Mdy.flv
[2010.03.02 12:07:31 | 028,388,687 | ---- | M] () -- C:\Users\Alexander\Documents\5538CLwcfCO-1.flv
[2010.03.02 12:05:28 | 039,054,871 | ---- | M] () -- C:\Users\Alexander\Documents\5438G1F45Uu.flv
[2010.03.02 12:02:57 | 044,557,615 | ---- | M] () -- C:\Users\Alexander\Documents\5838GY1OKWj.flv
[2010.03.02 11:59:52 | 053,775,100 | ---- | M] () -- C:\Users\Alexander\Documents\5538GJ52w9j.flv
[2010.03.02 11:56:26 | 042,048,465 | ---- | M] () -- C:\Users\Alexander\Documents\5538GrUQxBW.flv
[2010.03.02 11:52:11 | 028,789,046 | ---- | M] () -- C:\Users\Alexander\Documents\5538GTojJxU.flv
[2010.03.02 11:49:41 | 034,272,136 | ---- | M] () -- C:\Users\Alexander\Documents\5638G57lAxN-1.flv
[2010.03.02 11:46:21 | 032,159,136 | ---- | M] () -- C:\Users\Alexander\Documents\5438GwMt2Qn.flv
[2010.03.02 11:36:10 | 057,672,046 | ---- | M] () -- C:\Users\Alexander\Documents\5338GuPRekz.flv
[2010.03.02 11:32:33 | 040,771,145 | ---- | M] () -- C:\Users\Alexander\Documents\5838G9VTzMS.flv
[2010.03.02 11:29:44 | 066,769,895 | ---- | M] () -- C:\Users\Alexander\Documents\5438G55gfKE.flv
[2010.03.02 11:25:26 | 040,254,328 | ---- | M] () -- C:\Users\Alexander\Documents\5538G25h4xK.flv
[2010.03.02 10:31:14 | 033,355,262 | ---- | M] () -- C:\Users\Alexander\Documents\5538GcBSB1j.flv
[2010.03.01 16:13:14 | 034,526,179 | ---- | M] () -- C:\Users\Alexander\Documents\5338GPkO4Rn.flv
[2010.02.25 14:28:09 | 000,039,936 | ---- | M] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.25 12:05:19 | 034,272,136 | ---- | M] () -- C:\Users\Alexander\Documents\5638G57lAxN.flv
[2010.02.24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.02.22 16:15:33 | 028,388,687 | ---- | M] () -- C:\Users\Alexander\Documents\5538CLwcfCO.flv
[2010.02.21 00:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.02.21 00:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.19 02:11:03 | 034,350,720 | ---- | C] () -- C:\Users\Alexander\Desktop\9s3sy7h3.exe
[2010.03.18 19:17:29 | 000,009,477 | ---- | C] () -- C:\Users\Alexander\Desktop\report_fsols_4_0.html
[2010.03.18 11:06:12 | 000,000,000 | ---- | C] () -- C:\Users\Alexander\Desktop\settings.dat
[2010.03.18 10:45:06 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.17 23:58:20 | 000,002,437 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk
[2010.03.17 23:58:20 | 000,002,086 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010.03.17 23:58:20 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ColorVisionStartup.lnk
[2010.03.17 20:23:27 | 000,001,648 | ---- | C] () -- C:\Users\Alexander\Desktop\HijackThis.lnk
[2010.03.17 18:50:38 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.17 18:08:44 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.16 13:30:45 | 011,821,736 | ---- | C] () -- C:\Users\Alexander\Documents\34073.wmv
[2010.03.16 13:30:27 | 011,733,730 | ---- | C] () -- C:\Users\Alexander\Documents\34074.wmv
[2010.03.16 13:30:02 | 011,797,736 | ---- | C] () -- C:\Users\Alexander\Documents\34075.wmv
[2010.03.16 13:25:41 | 002,045,662 | ---- | C] () -- C:\Users\Alexander\Documents\3-18.wmv
[2010.03.16 13:25:24 | 002,045,662 | ---- | C] () -- C:\Users\Alexander\Documents\3-17.wmv
[2010.03.16 13:22:56 | 003,912,271 | ---- | C] () -- C:\Users\Alexander\Documents\movie4-2.wmv
[2010.03.16 13:21:08 | 003,871,156 | ---- | C] () -- C:\Users\Alexander\Documents\movie3-4.wmv
[2010.03.16 13:21:00 | 003,871,156 | ---- | C] () -- C:\Users\Alexander\Documents\movie3-3.wmv
[2010.03.16 13:20:05 | 004,668,787 | ---- | C] () -- C:\Users\Alexander\Documents\movie2-3.wmv
[2010.03.16 13:19:12 | 003,920,494 | ---- | C] () -- C:\Users\Alexander\Documents\movie1-1.wmv
[2010.03.16 13:17:37 | 011,789,736 | ---- | C] () -- C:\Users\Alexander\Documents\34072.wmv
[2010.03.15 14:40:40 | 023,546,212 | ---- | C] () -- C:\Users\Alexander\Documents\5739GEMaSkm.flv
[2010.03.15 14:29:49 | 023,423,737 | ---- | C] () -- C:\Users\Alexander\Documents\5339GByg2Ze.flv
[2010.03.04 12:40:51 | 001,933,656 | ---- | C] () -- C:\Users\Alexander\Documents\3-16.wmv
[2010.03.04 12:38:02 | 001,925,662 | ---- | C] () -- C:\Users\Alexander\Documents\3-15.wmv
[2010.03.04 12:37:17 | 005,320,704 | ---- | C] () -- C:\Users\Alexander\Documents\17703.mpg
[2010.03.04 12:34:55 | 001,449,314 | ---- | C] () -- C:\Users\Alexander\Documents\clip_53.wmv
[2010.03.04 12:34:29 | 001,428,389 | ---- | C] () -- C:\Users\Alexander\Documents\clip_46-2.wmv
[2010.03.04 12:34:06 | 001,428,389 | ---- | C] () -- C:\Users\Alexander\Documents\clip_26.wmv
[2010.03.04 12:32:58 | 000,577,009 | ---- | C] () -- C:\Users\Alexander\Documents\003.wmv
[2010.03.04 12:30:27 | 002,037,662 | ---- | C] () -- C:\Users\Alexander\Documents\4-12.wmv
[2010.03.04 12:30:04 | 002,037,662 | ---- | C] () -- C:\Users\Alexander\Documents\3-14.wmv
[2010.03.04 12:29:42 | 002,069,662 | ---- | C] () -- C:\Users\Alexander\Documents\2-10.wmv
[2010.03.04 12:29:19 | 002,053,662 | ---- | C] () -- C:\Users\Alexander\Documents\1-7.wmv
[2010.03.04 12:10:04 | 007,375,962 | ---- | C] () -- C:\Users\Alexander\Documents\4391.flv
[2010.03.04 12:05:26 | 002,272,893 | ---- | C] () -- C:\Users\Alexander\Documents\4742.flv
[2010.03.03 19:40:29 | 052,149,572 | ---- | C] () -- C:\Users\Alexander\Documents\5839Glyj4yj.flv
[2010.03.02 12:08:50 | 027,350,763 | ---- | C] () -- C:\Users\Alexander\Documents\5438Gxq7Mdy.flv
[2010.03.02 12:06:37 | 028,388,687 | ---- | C] () -- C:\Users\Alexander\Documents\5538CLwcfCO-1.flv
[2010.03.02 12:03:58 | 039,054,871 | ---- | C] () -- C:\Users\Alexander\Documents\5438G1F45Uu.flv
[2010.03.02 12:01:08 | 044,557,615 | ---- | C] () -- C:\Users\Alexander\Documents\5838GY1OKWj.flv
[2010.03.02 11:57:30 | 053,775,100 | ---- | C] () -- C:\Users\Alexander\Documents\5538GJ52w9j.flv
[2010.03.02 11:54:45 | 042,048,465 | ---- | C] () -- C:\Users\Alexander\Documents\5538GrUQxBW.flv
[2010.03.02 11:51:16 | 028,789,046 | ---- | C] () -- C:\Users\Alexander\Documents\5538GTojJxU.flv
[2010.03.02 11:48:27 | 034,272,136 | ---- | C] () -- C:\Users\Alexander\Documents\5638G57lAxN-1.flv
[2010.03.02 11:45:15 | 032,159,136 | ---- | C] () -- C:\Users\Alexander\Documents\5438GwMt2Qn.flv
[2010.03.02 11:33:33 | 057,672,046 | ---- | C] () -- C:\Users\Alexander\Documents\5338GuPRekz.flv
[2010.03.02 11:30:55 | 040,771,145 | ---- | C] () -- C:\Users\Alexander\Documents\5838G9VTzMS.flv
[2010.03.02 11:26:37 | 066,769,895 | ---- | C] () -- C:\Users\Alexander\Documents\5438G55gfKE.flv
[2010.03.02 11:23:52 | 040,254,328 | ---- | C] () -- C:\Users\Alexander\Documents\5538G25h4xK.flv
[2010.03.02 10:30:04 | 033,355,262 | ---- | C] () -- C:\Users\Alexander\Documents\5538GcBSB1j.flv
[2010.03.01 16:11:56 | 034,526,179 | ---- | C] () -- C:\Users\Alexander\Documents\5338GPkO4Rn.flv
[2010.02.25 12:03:45 | 034,272,136 | ---- | C] () -- C:\Users\Alexander\Documents\5638G57lAxN.flv
[2010.02.22 16:14:40 | 028,388,687 | ---- | C] () -- C:\Users\Alexander\Documents\5538CLwcfCO.flv
[2009.11.03 16:51:28 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009.10.20 20:14:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.04 13:24:03 | 000,004,096 | -H-- | C] () -- C:\Users\Alexander\AppData\Local\keyfile3.drm
[2008.10.09 22:11:34 | 000,000,097 | ---- | C] () -- C:\Users\Alexander\AppData\Local\fusioncache.dat
[2008.01.22 18:55:43 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.01.22 18:55:39 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.12.20 18:28:40 | 000,002,048 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007.12.20 18:28:40 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007.12.17 19:48:53 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007.12.17 19:48:53 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007.12.17 19:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2007.12.17 19:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2007.12.17 19:48:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2007.06.10 10:30:46 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.05.01 12:05:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.05.01 12:05:43 | 000,471,552 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007.04.27 17:02:59 | 000,000,719 | R--- | C] () -- C:\Windows\System32\InstExec.ini
[2007.04.26 20:29:33 | 000,000,052 | ---- | C] () -- C:\Users\Alexander\AppData\Roaming\Default.PLS
[2007.04.20 08:15:46 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.04.19 14:02:57 | 000,000,173 | ---- | C] () -- C:\Windows\KPCMS.INI
[2007.04.19 14:02:42 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2007.04.19 00:57:11 | 000,000,680 | ---- | C] () -- C:\Users\Alexander\AppData\Local\d3d9caps.dat
[2007.04.13 11:42:05 | 000,137,232 | ---- | C] () -- C:\Windows\System32\KG162023.DRV
[2007.04.13 11:42:05 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI
[2007.04.13 11:42:05 | 000,000,263 | ---- | C] () -- C:\Windows\System32\KCMV3D.INI
[2007.04.13 09:27:45 | 000,039,936 | ---- | C] () -- C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.04.12 17:39:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.02.13 16:16:04 | 000,012,288 | ---- | C] () -- C:\Windows\System32\drivers\Spyder2.sys
[2007.02.12 10:30:06 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.12 10:30:06 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 16:17:37 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 15:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 14:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2007.02.06 16:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.20 07:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\Buhl.ini
[2005.12.22 10:05:46 | 000,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2005.12.09 14:37:42 | 000,016,768 | ---- | C] () -- C:\Windows\System32\drivers\LVPrcMon.sys
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.06.13 06:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll

< End of report >



Code


OTL Extras logfile created on: 21.03.2010 11:14:11 - Run 2
OTL by OldTimer - Version 3.1.37.2     Folder = C:\Users\Alexander\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 271,72 Gb Total Space | 49,84 Gb Free Space | 18,34% Space Free | Partition Type: NTFS
Drive D: | 26,34 Gb Total Space | 18,12 Gb Free Space | 68,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 298,09 Gb Total Space | 141,86 Gb Free Space | 47,59% Space Free | Partition Type: NTFS

Computer Name: ALEX
Current User Name: Alexander
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1383E6D6-0694-4209-8295-ED6405E3513D}" = lport=28269 | protocol=6 | dir=in | name=emule |
"{1A6A5053-0D48-4714-A295-6CE849327DEC}" = lport=44168 | protocol=17 | dir=in | name=emule |
"{4F68754D-4F0F-4BAC-B765-BA59182D1EF0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{92C0EF84-13D1-483D-8B65-55B35D16667C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000CDDA2-412D-471A-9B4F-22A65D1FE763}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{14AAE102-A15D-4C87-BBB2-774EF9A5D062}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1CCA1D6B-F2D5-48A5-BB41-F9A41B686D1C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{23E40750-3746-45C1-93BE-B455C3FA737B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe |
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe |
"{85B8827A-AFDD-41EB-9269-D8C5794A7C15}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{95476183-D4D4-4F6C-BDFD-A208DCB61901}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{9A27CC66-E98B-4ED8-8823-8B5458381EFC}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{A58C6229-5170-4F5A-AE0B-5A508AA7266F}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{C191A980-F2B6-49D8-9F2C-CA3C835DA658}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C9FCAB7C-2759-4B6D-ADD7-52A4C7ED3896}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CFA8C3E2-E071-4489-A4A1-CCCABA86B173}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D124D7B3-A0A9-487F-816E-F9CB5D962132}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D376DAC2-A6B5-4D63-B3AD-8DB8778F64CA}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EEB8B26A-B426-4401-ACC2-12E390D3B7E0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{F4D4A58B-AC37-42E7-A670-2FD8DFECED95}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"TCP Query User{065F15BD-4E7B-4682-AA1D-842A75FA196D}C:\users\alexander\documents\games\volleyball\winzip\blobby\volley.exe" = protocol=6 | dir=in | app=c:\users\alexander\documents\games\volleyball\winzip\blobby\volley.exe |
"TCP Query User{08E73252-9CBC-4154-A3D4-27BACF6C54F3}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{48B3710B-061C-4A3E-B725-A6C4C3911371}C:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule0.47c-xtreme5.4.2\emule.exe" = protocol=6 | dir=in | app=c:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule0.47c-xtreme5.4.2\emule.exe |
"TCP Query User{5A1ECA4A-2AB3-4CEB-A9D3-53EF8A92F872}C:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule.exe" = protocol=6 | dir=in | app=c:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule.exe |
"TCP Query User{5D723038-6A65-46F5-BE04-9455DF1C50E7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{5F440C76-EE11-456B-87C2-A089E877498B}C:\users\alexander\documents\games\volleyball\volley.exe" = protocol=6 | dir=in | app=c:\users\alexander\documents\games\volleyball\volley.exe |
"TCP Query User{85305FDC-9E65-436D-98D1-79D2D97C7348}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{8BC6E5F2-8168-4259-97C1-AEFA34325A75}C:\program files\bittornado\btdownloadgui.exe" = protocol=6 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"TCP Query User{8BF7E6E7-324B-453F-91F3-5B1A399A644A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{8D70E4C7-AA94-4CA4-A4B4-5F6AC8D07169}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{8DD838FC-4C35-40E0-A624-3B2860092EA4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{A0AD885D-7897-4BE3-9D21-148ED0B4C84A}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{A0F0B5CA-7624-4462-97E2-6456F2B03715}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A281C3C8-610B-41EC-9FBC-0D9E22CCC76E}C:\program files\spiele\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe" = protocol=6 | dir=in | app=c:\program files\spiele\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe |
"TCP Query User{A81AD0A1-3E0C-4C31-9D38-597FEC4236F6}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{AB681533-C22B-4924-8832-7073898A6CCE}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{AE0ADB02-8BE5-4D85-8622-1B1BD081CB9A}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{B6AEA29F-2884-4DB2-A7D4-35CFF08D31B9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{C114B483-C9A1-4918-B827-F5A9CF82756C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{C9468DFD-46FE-4D1F-9262-8AD84B79F9A2}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{E045013F-51F4-451B-A402-2C8AF3C3EF13}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EED2C84E-847F-4F9E-BA01-137004DB2572}C:\users\alexander\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\alexander\appdata\roaming\sopcast\adv\sopadver.exe |
"UDP Query User{22975DDC-7255-405B-BB53-758ED2064FF9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{35190A81-0653-43B6-AA72-C4B675684710}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{46FC4587-DCA0-48C3-803A-9D4481F0C9C0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{526E20E1-FAFE-4F07-8D64-AAA0E4795255}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{62B6D90C-086D-4E11-9CC1-DF40D61E6453}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{665130DD-A0E6-46E8-A8B3-46E0478B68F2}C:\program files\spiele\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe" = protocol=17 | dir=in | app=c:\program files\spiele\[pc game] worms armageddon + all weapons unblocked + cracked + xp patch by lupen[fumai]\wormsarm\wa.exe |
"UDP Query User{707935D3-C323-43A2-B3B0-BC8AB719965F}C:\program files\bittornado\btdownloadgui.exe" = protocol=17 | dir=in | app=c:\program files\bittornado\btdownloadgui.exe |
"UDP Query User{79FD97EB-0609-46A3-8BB9-AD6998C6F147}C:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule.exe" = protocol=17 | dir=in | app=c:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule.exe |
"UDP Query User{7B0499EC-D697-40FC-A7D0-35747A5E7CEC}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{88771CD0-ACE0-42E1-825D-CBC065D1C545}C:\users\alexander\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\alexander\appdata\roaming\sopcast\adv\sopadver.exe |
"UDP Query User{90856665-F3DC-4DB2-872A-D0FE99C5F88C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{9D6E2EA9-B8F0-4164-A2BB-802C1AD0B903}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A0015873-1534-4208-83D1-555F8240D961}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A7731B92-AEDF-45BB-8A0B-CECD6DBF301F}C:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule0.47c-xtreme5.4.2\emule.exe" = protocol=17 | dir=in | app=c:\users\alexander\downloads\emule0.47c-xtreme5.4.2\emule0.47c-xtreme5.4.2\emule.exe |
"UDP Query User{ADAA1397-7F53-49FB-957A-962762E4E06F}C:\users\alexander\documents\games\volleyball\winzip\blobby\volley.exe" = protocol=17 | dir=in | app=c:\users\alexander\documents\games\volleyball\winzip\blobby\volley.exe |
"UDP Query User{AEC3262F-B8F7-4727-9030-0F1C3D42ECDD}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{AF4C068B-5B3A-496B-935A-D1997120FB31}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{BCAD1237-1A6B-4C37-B3BA-CCE5E76E8B3F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{BD1100A7-87B0-4E25-9932-3DD2ABFDD618}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{CCD47767-6C74-4453-A75A-595ED40A4148}C:\users\alexander\documents\games\volleyball\volley.exe" = protocol=17 | dir=in | app=c:\users\alexander\documents\games\volleyball\volley.exe |
"UDP Query User{E032E439-B972-4F3D-9D89-3E4EC54012B1}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{F6738005-B61B-4CE3-ADC0-C8137BB0EF08}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1AFC251D-B1E5-46AA-B07E-DA9D03954C92}" = MSN Webcam Recorder 17.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{63B75E16-F290-4FCD-AF67-A9134CD01031}" = Nero 7 Essentials
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78DB08B0-F440-4BA6-9372-F2C6CC9721B7}" = Microsoft LifeCam
"{7AE25201-3E12-4FA2-9E65-67CD475D9263}" = ACDSee 9 Foto-Manager
"{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}" = Taksi Desktop Video Recorder v0.765
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D3658E-D526-4891-822D-B2A6C3DED9CE}" = SIW 1.68
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0.7 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.7 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CutePDF Writer Installation" = CutePDF Writer 2.8
"FLVPlayer" = FLV Player 1.3.3
"Free Studio_is1" = Free Studio version 4.2
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 2.2
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Drivers" = NVIDIA Drivers
"Premiere Internet TV_is1" = Premiere Internet TV Version 1.2.3
"RealPlayer 6.0" = RealPlayer
"SimpleScreenshot" = SimpleScreenshot 1.20
"Skype_is1" = Skype 3.1
"SopCast" = SopCast 2.0.4
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"X10Hardware" = X10 Hardware(TM)
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 27.11.2008 12:46:28 | Computer Name = Alex | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918c97, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x23101750,  Prozess-ID 0x7c, Anwendungsstartzeit
01c950a12de6c221.

Error - 27.11.2008 12:46:29 | Computer Name = Alex | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6001.18000, Zeitstempel
0x47918c97, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x4d101750,  Prozess-ID 0x49c, Anwendungsstartzeit
01c950afb1f3ce2e.

Error - 27.11.2008 14:20:32 | Computer Name = Alex | Source = RasClient | ID = 20227
Description =

Error - 27.11.2008 14:21:41 | Computer Name = Alex | Source = RasClient | ID = 20227
Description =

Error - 27.11.2008 14:31:30 | Computer Name = Alex | Source = RasClient | ID = 20227
Description =

Error - 27.11.2008 14:31:53 | Computer Name = Alex | Source = RasClient | ID = 20227
Description =

Error - 28.11.2008 03:33:33 | Computer Name = Alex | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung LifeTray.exe, Version 1.30.175.0, Zeitstempel
0x4587138e, fehlerhaftes Modul kernel32.dll, Version 6.0.6001.18000, Zeitstempel
0x4791a76d, Ausnahmecode 0xe06d7363, Fehleroffset 0x000442eb,  Prozess-ID 0xeb4,
Anwendungsstartzeit 01c9512b9df52726.

Error - 28.11.2008 03:57:04 | Computer Name = Alex | Source = RasClient | ID = 20227
Description =

[ Cisco AnyConnect VPN Client Events ]
Error - 16.03.2010 06:03:42 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
Line:
1038 Invoked Function: ITunnelProtocol::initiateTunnel Return Code: -31719410 (0xFE1C000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback

Error - 16.03.2010 06:03:42 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CTlsTunnelMgr::OnTunnelInitiateComplete File: .\TunnelMgr.cpp
Line:
599 Invoked Function: CTunnelStateMgr::initiateTunnel Return Code: -31719410 (0xFE1C000E)
Description:
TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.  

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.  

Error - 16.03.2010 08:48:59 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE

Error - 16.03.2010 08:49:11 | Computer Name = Alex | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.

Error - 16.03.2010 08:49:11 | Computer Name = Alex | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
kann die angegebene Datei nicht finden.  

[ Media Center Events ]
Error - 17.05.2007 03:50:35 | Computer Name = Alex | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/17/2007 09:50:34
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.

Error - 17.05.2007 03:50:35 | Computer Name = Alex | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/17/2007 09:50:35
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.

[ System Events ]
Error - 18.03.2010 13:41:30 | Computer Name = Alex | Source = Service Control Manager | ID = 7031
Description =

Error - 18.03.2010 13:46:05 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 19.03.2010 11:36:35 | Computer Name = Alex | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 19.03.2010 11:38:11 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 19.03.2010 21:32:45 | Computer Name = Alex | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.03.2010 um 02:31:34 unerwartet heruntergefahren.

Error - 19.03.2010 21:34:25 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 20.03.2010 04:02:43 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 20.03.2010 08:38:21 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 20.03.2010 16:56:34 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =

Error - 21.03.2010 06:08:25 | Computer Name = Alex | Source = Service Control Manager | ID = 7011
Description =


< End of report >


Liebe Grüße
Seitenanfang Seitenende
21.03.2010, 12:54
Moderator

Beiträge: 5694
#27 Schritt 1

Partition mit chkdsk überprüfen und reparieren (Vista)

Doppelklick auf "Computer" auf dem Desktop => Rechtsklick auf das Laufwerk D: => Eigenschaften => Tools => Fehlerüberprüfung => Jetzt prüfen => Fortsetzen => beide Option anhaken => Starten => Datenträgerüberprüfung planen. Rechner neu starten und anschließend am Rechner nichts machen, bis er fertig mit dem Scan ist. Das windowsintere Tool chkdsk überprüft die Festplatte und behebt etwaige Fehler.

Schritt 2

Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Vorbereitung und wichtige Hinweise

• Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren. • Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
• Das könnte Dein System einfrieren oder hängen bleiben lassen.
• Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
• Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
• Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole und zur Anwendung
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.



Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
Seitenanfang Seitenende
21.03.2010, 13:11
Member

Themenstarter

Beiträge: 67
#28 also den 1. schritt habe ich doch gestern schon gemacht? warum muss ich den nochmal machen?
und zum 2. schritte habe ich eine frage. ich habe antivir deaktiviert, aber wenn ich combofix starten will, kommt die meldung, dass avira antivir peronal edition immer noch aktiv ist. ich habe versucht bei programmen und in der systemsteuerung das auszuschalten, aber da zeigt er mir an, dass es deaktiviert ist. ist das irgenwie zweimal installiert? sorry, bin da nicht so der freak. soll ich antivir vorher deinstallieren?
vielen dank,
lg,
Seitenanfang Seitenende
21.03.2010, 14:01
Moderator

Beiträge: 5694
#29 Ohhh sorry wegen Punkt 1.. ist mir irgendwie hinein gerutscht.

Also bei Avira kannst du untern rechts auf das Schirmchen mit rechts klicken und dort Antivir Guard deaktivieren anwählen.

Danach sollte es gehen.

Wobei Combofix sollte trotzdem gehen.
Seitenanfang Seitenende
21.03.2010, 14:21
Member

Themenstarter

Beiträge: 67
#30 hallo,
ah, jetzt ist was passiert. ich wollte combofix ja noch nicht starten. dann war ich kurz am klo und mein freund hat versehentlich das combofix-fenster geschlossen, so dass es gestartet hat. aber hoffentlich ist das nicht so schlimm. es ist jetzt durchgelaufen. danach konnte ich erstmal kein programm mehr öffnen. dann habe ich den pc nochmal neu gestartet und jetzt gehts wieder. habe schon einen riesen schock bekommen. :-(

Code


ComboFix 10-03-20.04 - Alexander 21.03.2010  13:45:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2391 [GMT 1:00]
ausgeführt von:: c:\users\Alexander\Desktop\ComboFix.exe
SP: Avira AntiVir PersonalEdition *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ALEXAN~1\AppData\Local\Temp\23631764.nls
c:\users\Alexander\AppData\Local\Temp\23631764.nls
c:\users\Public\Google
c:\users\Public\Google\Google Pinyin\10000.lib
c:\users\Public\Google\Google Pinyin\bihua.bin
c:\users\Public\Google\Google Pinyin\english.bin
c:\users\Public\Google\Google Pinyin\model.bin
c:\users\Public\Google\Google Pinyin\special.lib
c:\windows\system32\Connect.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\setup.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2010-02-21 bis 2010-03-21  ))))))))))))))))))))))))))))))
.

2010-03-18 18:06 . 2010-03-18 18:06    --------    d-----w-    c:\programdata\F-Secure
2010-03-18 17:18 . 2010-03-18 17:18    --------    d-----w-    C:\_OTL
2010-03-18 10:53 . 2010-03-19 09:01    --------    d-----w-    c:\users\Alexander\DoctorWeb
2010-03-18 09:49 . 2008-11-06 01:03    --------    d-----w-    C:\SDFix
2010-03-17 22:49 . 2010-03-17 22:49    --------    d-----w-    c:\users\Administrator\AppData\Roaming\Malwarebytes
2010-03-17 22:49 . 2010-03-17 22:49    --------    d-----w-    c:\users\Administrator\AppData\Local\Apple Computer
2010-03-17 22:49 . 2010-03-17 22:49    --------    d-----w-    c:\users\Administrator\AppData\Local\Mozilla
2010-03-17 22:49 . 2010-03-17 22:49    101832    ----a-w-    c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-17 22:16 . 2010-03-17 22:16    --------    d-----w-    c:\program files\Common Files\Java
2010-03-17 19:26 . 2010-03-17 19:27    --------    d-----w-    c:\program files\XXXX
2010-03-17 17:50 . 2010-03-17 17:50    --------    d-----w-    c:\users\Alexander\AppData\Roaming\Malwarebytes
2010-03-17 17:50 . 2010-01-07 15:07    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-17 17:50 . 2010-03-17 17:50    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-03-17 17:50 . 2010-03-17 17:50    --------    d-----w-    c:\programdata\Malwarebytes
2010-03-17 17:50 . 2010-01-07 15:07    19160    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-03-15 12:59 . 2010-03-15 12:59    --------    d-----w-    c:\users\Alexander\AppData\Local\Cisco
2010-03-15 12:58 . 2010-03-15 12:58    --------    d-----w-    c:\program files\Cisco
2010-03-10 10:30 . 2010-02-20 23:06    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2010-03-10 10:29 . 2010-02-20 23:05    30720    ----a-w-    c:\windows\system32\httpapi.dll
2010-03-10 10:29 . 2010-02-20 20:53    411648    ----a-w-    c:\windows\system32\drivers\http.sys
2010-03-02 20:40 . 2010-03-02 20:40    --------    d-----w-    c:\programdata\LightScribe
2010-03-02 20:40 . 2010-03-02 20:40    --------    d-----w-    c:\users\Alexander\AppData\Roaming\Nero
2010-03-02 20:04 . 2010-03-03 16:13    --------    d-----w-    c:\program files\Common Files\Nero
2010-02-24 09:55 . 2010-01-23 09:26    2048    ----a-w-    c:\windows\system32\tzres.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-21 10:12 . 2006-11-02 15:33    664044    ----a-w-    c:\windows\system32\perfh007.dat
2010-03-21 10:12 . 2006-11-02 15:33    142222    ----a-w-    c:\windows\system32\perfc007.dat
2010-03-20 14:08 . 2009-04-27 17:27    --------    d-----w-    c:\programdata\Google Updater
2010-03-20 08:01 . 2007-04-18 23:57    680    ----a-w-    c:\users\Alexander\AppData\Local\d3d9caps.dat
2010-03-20 01:35 . 2007-05-01 11:05    --------    d-----w-    c:\program files\SUPER
2010-03-17 22:15 . 2008-11-25 13:02    411368    ----a-w-    c:\windows\system32\deploytk.dll
2010-03-17 22:09 . 2007-05-05 16:48    --------    d-----w-    c:\program files\Java
2010-03-17 17:58 . 2008-07-21 16:59    --------    d-----w-    c:\program files\ICQToolbar
2010-03-17 17:38 . 2008-07-15 14:49    --------    d-----w-    c:\program files\Safari
2010-03-17 11:49 . 2007-02-09 13:56    --------    d-----w-    c:\program files\Common Files\LightScribe
2010-03-07 18:36 . 2007-04-13 18:34    --------    d-----w-    c:\users\Alexander\AppData\Roaming\Skype
2010-03-03 16:13 . 2007-02-09 13:53    --------    d-----w-    c:\programdata\Nero
2010-03-03 16:13 . 2007-02-09 13:53    --------    d-----w-    c:\program files\Nero
2010-02-26 12:27 . 2010-02-07 16:53    --------    d-----w-    c:\program files\Red Kawa
2010-02-24 09:16 . 2009-10-03 08:29    181632    ------w-    c:\windows\system32\MpSigStub.exe
2010-02-22 12:45 . 2007-04-14 15:02    --------    d-----w-    c:\users\Alexander\AppData\Roaming\Ahead
2010-02-06 11:53 . 2010-02-06 11:52    --------    d-----w-    c:\program files\iTunes
2010-02-06 11:52 . 2010-02-06 11:52    --------    d-----w-    c:\program files\iPod
2010-02-06 11:52 . 2007-12-01 16:08    --------    d-----w-    c:\program files\Common Files\Apple
2010-02-06 11:50 . 2010-02-06 11:49    --------    d-----w-    c:\program files\QuickTime
2010-02-02 21:40 . 2007-02-16 13:12    --------    d-----w-    c:\program files\Google
2010-01-27 19:16 . 2010-01-27 18:56    --------    d-----w-    c:\users\Alexander\AppData\Roaming\uTorrent
2010-01-27 16:22 . 2010-01-27 16:22    --------    d-----w-    c:\users\Alexander\AppData\Roaming\.BitTornado
2010-01-27 16:05 . 2010-01-27 16:05    --------    d-----w-    c:\users\Alexander\AppData\Roaming\Participatory Culture Foundation
2010-01-21 20:14 . 2007-11-19 21:51    --------    d-----w-    c:\programdata\Messenger Plus!
2010-01-21 20:13 . 2007-11-19 21:12    --------    d-----w-    c:\program files\Messenger Plus! Live
2010-01-20 15:11 . 2008-04-10 17:33    --------    d-----w-    c:\program files\Microsoft Silverlight
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2005-10-24 307200]
"Getdo"="c:\users\Alexander\AppData\Roaming\Adobe\Update\flacor.dat" [2010-03-20 100352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"VX3000"="c:\windows\vVX3000.exe" [2006-12-05 707360]
"TVEService"="c:\program files\Home Cinema\TV Enhance\TVEService.exe" [2007-02-08 155648]
"TVBroadcast"="c:\program files\Sceneo\Bonavista\SERVICES\ODSBC\ODSBCApp.exe" [2006-12-07 820736]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-24 180269]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"RemoteControl"="c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"LanguageShortcut"="c:\program files\Home Cinema\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2007-02-13 94212]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizard.exe" [2005-12-07 126976]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]

c:\users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\users\Alexander\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-4-24 1078]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2007-6-27 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-4-19 110592]
ColorVisionStartup.lnk - c:\program files\ColorVision\Utility\ColorVisionStartup.exe [2007-2-13 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6c,f9,46,66,ca,51,ca,01

R2 gupdate1c9c75d7a01c9c7;Google Update Service (gupdate1c9c75d7a01c9c7);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 133104]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2006-12-15 1459712]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

.
Inhalt des "geplante Tasks" Ordners

2010-03-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 17:27]

2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:27]

2010-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 17:27]

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{A3B30619-79C0-4B35-A35F-3B5B488D554F}.job
- c:\windows\system32\msfeedssync.exe [2008-04-09 21:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.mirostart.com/?cfg=2-73-0-cFDH
IE: &Preispiratensuche nach markiertem Text - c:\\Program Files\\Preispiraten\\Preispiraten4\\preispiraten.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-1/4
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\kwezadbm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\kwezadbm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKLM-Run-LogitechVideo[inspector] - c:\program files\Logitech\Video\InstallHelper.exe
HKU-Default-Run-SSS6_Suite - c:\program files\Steganos Security Suite 6\sss.exe
HKU-Default-Run-SSS6_SAFE - c:\program files\Steganos Security Suite 6\safe.exe
HKU-Default-Run-SSS6_SPM - c:\program files\Steganos Security Suite 6\spm.exe
AddRemove-FLVPlayer - c:\program files\FLVPlayer\uninstall.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-21 13:56
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\windows\TEMP\TMP0000001F843BF1753C3A3E97 524288 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4364)
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\ACD Systems\DE\DevDetect.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\programdata\U3\U3Launcher\LaunchU3.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-03-21  14:06:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-03-21 13:06

Vor Suchlauf: 13 Verzeichnis(se), 53.378.850.816 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 53.874.180.096 Bytes frei

- - End Of File - - 3EAA6E6C6D3DD842437FCC0EEF9477E0
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: