Home » Viren, Trojaner & Malware Forum » EXP/Pidief.ajl nach Javascript-Exploit » Themenansicht

EXP/Pidief.ajl nach Javascript-Exploit
#0
24.01.2012, 23:47
spiderfab
Member

Beiträge: 32
#1 Hallo, wie ich grad schon in den Foren gestörbert habe, scheint es in den letzten Tagen verstärkt einen Javascript-Exploit zu geben, der über PDFs reinkommt und sich als EXP/Pidief.ajl breitmacht. Bin auf eine Homepage gegangen (JonLaJoie), wo direkt im Hintergrund Javascript startete. Avira ist durchgedreht, nach 5 Sekunden war aber Bildschirm schwarz und irgendne Aufschriftt "Widows geblockt, hier bezahlen und weiter". Hab natürlich Netzwerkkabel gezogen und Computer weg.

Avira im abgesicherten Modus mit 2 Funden in Quaratäne, aber ich hab grad schon bei OTL reingeschaut, das sieht böse aus.

So, OTL und Gmer kommen gleich vom infizierten Rechner rein.

Schon einmal besten Dank für jegliche Unterstützung!

Na dann wollen wir mal: OTL

Code

OTL logfile created on: 24.01.2012 23:30:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Farkas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,06% Memory free
6,18 Gb Paging File | 5,16 Gb Available in Paging File | 83,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217,75 Gb Total Space | 109,09 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,73 Gb Free Space | 58,17% Space Free | Partition Type: NTFS
 
Computer Name: FARKAS-PC | User Name: Farkas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.01.24 23:22:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
PRC - [2011.06.30 21:49:27 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 11:32:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.03 23:37:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.25 20:29:49 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.25 20:29:49 | 000,060,928 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.27 14:10:16 | 001,316,192 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DellDock.exe
PRC - [2009.01.29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 10:26:46 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.12.22 10:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
PRC - [2008.12.22 10:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
PRC - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.12.04 15:03:00 | 000,226,640 | ---- | M] (Microsoft Corp.) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.07.17 13:00:36 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.07.17 13:00:18 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.07.17 13:00:18 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2008.07.17 13:00:16 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.07.09 13:31:46 | 001,616,976 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.06.05 14:26:36 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.06.05 14:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011.05.26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.09.16 21:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 21:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.04.29 20:54:51 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3c53819adc884383adc9491000222041\MenuSkinning.ni.dll
MOD - [2009.04.29 20:54:30 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\aa80d4ef088bfa278a0449e759f892bd\VistaBridgeLibrary.ni.dll
MOD - [2009.04.29 20:54:29 | 002,557,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\acd273c86383373188eb7d688433ce7f\DellDock.ni.exe
MOD - [2009.04.29 20:54:27 | 000,286,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\c19617ab7bbed33639e15a590a14a9b2\MyDock.Util.ni.dll
MOD - [2009.04.29 20:54:06 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\31729b33207d1093721f9e943302b900\System.Management.ni.dll
MOD - [2009.04.29 18:28:24 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2009.04.29 18:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2009.04.28 23:25:23 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e66c5af83e8fb89b4dc5547ef663f4c8\Accessibility.ni.dll
MOD - [2009.04.28 23:25:21 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2009.04.28 23:25:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2009.04.28 23:25:04 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2009.04.28 23:24:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2009.04.28 23:24:15 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2009.04.28 23:23:44 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2009.04.25 11:01:35 | 001,687,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3106.38542__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:35 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3106.38494__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:35 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3106.38558__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:35 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3106.38756__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:35 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3106.38714__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:35 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3106.38533__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:35 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3106.38664__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:35 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3106.38517__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:34 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3106.38798__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:24 | 000,806,912 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3106.38668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3106.38519__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3106.38746__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:24 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3106.38724__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3106.38565__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3106.38805__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3106.38689__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3106.38731__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:24 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:24 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3106.38510__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:24 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3106.38723__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:24 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3106.38795__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:24 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3106.38687__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:23 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3106.38573__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:23 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3106.38657__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:23 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3106.38706__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:23 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3106.38666__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009.04.25 11:01:23 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3106.38579__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009.04.25 11:01:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3106.38665__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:23 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009.04.25 11:01:23 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009.04.25 11:01:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3106.38578__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:23 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3106.38667__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009.04.25 11:01:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3106.38704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009.04.25 11:01:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009.04.25 11:01:23 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009.04.25 11:01:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009.04.25 11:01:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009.04.25 11:01:23 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009.04.25 11:01:22 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3091.17988__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3091.17991__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009.04.25 11:01:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009.04.25 11:01:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009.04.25 11:01:19 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3106.38785__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009.04.25 11:01:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3106.38782__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009.04.25 11:01:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3106.38822__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009.04.25 11:01:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009.04.25 11:01:19 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009.04.25 11:01:19 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009.04.25 11:01:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009.04.25 11:01:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2009.04.25 11:01:19 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009.04.25 11:01:19 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009.04.25 11:01:19 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3106.38837__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2009.04.25 11:01:19 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009.04.25 11:01:19 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3106.38488_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll
MOD - [2009.04.25 11:01:18 | 000,995,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3106.38503__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009.04.25 11:01:18 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3106.38526__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009.04.25 11:01:18 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3106.38486__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009.04.25 11:01:18 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3106.38482__90ba9c70f846762e\APM.Server.dll
MOD - [2009.04.25 11:01:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3106.38488__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009.04.25 11:01:18 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3106.38485__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009.04.25 11:01:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009.04.25 11:01:18 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3106.38484__90ba9c70f846762e\AEM.Server.dll
MOD - [2009.04.25 11:01:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009.04.25 11:01:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009.04.25 11:01:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3106.38784__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009.04.25 11:01:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009.04.25 11:01:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008.11.24 10:16:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.07.27 19:03:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2008.07.27 18:58:25 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.06.05 14:19:56 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011.06.30 21:49:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 11:32:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.12 23:13:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.04.25 11:14:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009.01.29 23:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.12.22 10:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008.12.22 10:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008.12.18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.06.30 21:49:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 21:49:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 13:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009.01.19 13:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008.12.22 10:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.12.22 10:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.11.24 10:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008.11.24 10:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.11.05 00:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008.07.28 10:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008.07.17 13:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.07.03 09:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008.07.03 09:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.07.03 09:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008.05.29 12:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2004.02.13 16:26:36 | 000,690,176 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EU3USB.sys -- (EU3_USB)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.blackle.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: hu@dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: fr-moderne@dictionaries.addons.mozilla.org:4.0.3
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.00.20110326
FF - prefs.js..extensions.enabledItems: facebookBlocker@webgraph.com:1.2.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspse,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspse.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspst,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspst.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.12 23:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.07 23:02:24 | 000,000,000 | ---D | M]
 
[2009.04.28 22:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\mozilla\Extensions
[2012.01.09 21:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions
[2011.12.10 11:29:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.01.03 00:38:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011.12.23 14:53:16 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.12.24 16:58:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.03 19:37:24 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\coralietab@mozdev.org
[2010.11.22 20:56:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.10.04 18:08:30 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011.10.10 21:28:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2011.01.17 21:37:55 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\hu@dictionaries.addons.mozilla.org
[2011.05.08 11:45:12 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2009.05.10 11:54:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Farkas\AppData\Roaming\mozilla\Firefox\Profiles\xl95xu3i.default\extensions\moveplayer@movenetworks.com
[2010.08.02 19:12:14 | 000,005,551 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\google-maps.xml
[2009.09.07 23:25:46 | 000,001,512 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\imdb.xml
[2009.04.29 18:08:28 | 000,001,032 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\wikipedia-eng.xml
[2010.08.02 19:11:32 | 000,004,140 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\youtube.xml
[2012.01.23 01:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.23 01:36:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.01.12 23:28:14 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.12 23:28:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 23:28:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.12 23:28:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 23:28:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.12 23:28:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 23:28:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.20 11:15:31 | 000,436,649 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 15029 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Firefox helper] C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Farkas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trolltech = C:\Users\Farkas\AppData\Roaming\6E08D2.exe (Корпорация Майкрософт)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: hts-admin.net ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hts-admin.net ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: hts-eval.net ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hts-eval.net ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: hts-online.net ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: hts-online.net ([www] https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6263C921-9B80-4FE5-8F8E-B845FE4E645D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D396B268-2A7D-4B68-950F-50986FC645E8}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\htap {83EC570E-9FFA-11D2-9559-006008594011} - C:\Programme\Hogrefe\Common\HTSProtHandler.dll (PtahSoft GmbH, ZTD Freiburg)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Farkas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Farkas\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell - "" = AutoRun
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\AutoRun\command - "" = F:\UNUCI/junaci.exe
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\open\command - "" = F:\UNUCI/junaci.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {28960A48-F79B-8050-D3DC-540FD4EE619C} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\WINDOWSUPDATE\AUTO UPDATE\RESULTS\INSTALL|LASTSUCCESSTIME /RSCREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.01.24 23:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012.01.23 01:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.01.12 23:44:19 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2012.01.12 23:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\images
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\hilfe
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\eric
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\dict
[2012.01.12 23:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\bin
[2008.01.21 03:24:27 | 000,034,816 | -HS- | C] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Roaming\6E08D2.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.01.24 23:32:42 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.24 23:32:42 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.24 23:32:42 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.24 23:32:42 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.24 23:26:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 23:26:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 23:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 23:26:28 | 3215,831,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.24 23:24:16 | 000,302,592 | ---- | M] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012.01.24 23:22:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012.01.12 23:43:30 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.01.06 00:26:21 | 000,074,752 | ---- | M] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.01.24 23:26:28 | 3215,831,040 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.24 23:24:12 | 000,302,592 | ---- | C] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012.01.12 23:43:30 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.09.25 14:33:33 | 000,000,162 | ---- | C] () -- C:\Windows\civ.ini
[2009.06.12 23:19:21 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009.05.01 21:44:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.05.01 21:44:50 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009.05.01 21:44:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.05.01 21:41:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.05.01 21:41:52 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.05.01 21:27:52 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.05.01 21:27:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.05.01 21:27:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2009.05.01 21:13:37 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2009.05.01 15:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.04.29 18:49:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.04.28 17:44:59 | 000,074,752 | ---- | C] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.25 20:35:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.04.25 20:35:02 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.04.25 20:35:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.25 20:35:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.04.25 20:31:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.04.25 20:31:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.04.25 12:42:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.04.25 11:07:00 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009.04.25 10:58:50 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.01.21 08:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.04.16 02:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,607,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.04 09:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.28 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Amazon
[2010.08.02 21:36:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\doublecmd
[2012.01.12 23:44:20 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2009.05.17 14:16:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Feedreader
[2010.09.23 10:04:28 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Hogrefe
[2009.09.13 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Miranda
[2009.04.28 23:11:10 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Windows Live Writer
[2011.09.30 07:18:23 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009.04.28 17:35:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.02.06 07:46:24 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.05.01 21:41:53 | 000,000,000 | ---D | M] -- C:\Brother
[2009.04.28 22:37:20 | 000,000,000 | ---D | M] -- C:\DELL
[2009.04.28 17:30:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.01.19 13:53:42 | 000,000,000 | ---D | M] -- C:\Drivers
[2009.04.25 11:03:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.12 23:43:25 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.12 23:43:25 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.04.28 17:30:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.01.24 23:32:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.04.28 17:31:14 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.24 22:16:59 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009.04.25 20:29:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.04.25 20:29:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009.04.25 20:29:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.04.25 20:29:49 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.25 20:29:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

< End of report >
Seitenanfang Seitenende
24.01.2012, 23:52
spiderfab
Member

Themenstarter

Beiträge: 32
#2 Extras:

Code

OTL Extras logfile created on: 24.01.2012 23:30:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Farkas\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,06% Memory free
6,18 Gb Paging File | 5,16 Gb Available in Paging File | 83,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217,75 Gb Total Space | 109,09 Gb Free Space | 50,10% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 8,73 Gb Free Space | 58,17% Space Free | Partition Type: NTFS
 
Computer Name: FARKAS-PC | User Name: Farkas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-548350239-3462870824-570414402-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DisabledInterfaces" = {6263C921-9B80-4FE5-8F8E-B845FE4E645D},{D396B268-2A7D-4B68-950F-50986FC645E8},{51729E75-636E-4C34-B31A-ED4660F3FC9A}
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21116C9C-5C82-4DCA-887C-B2F6E7C9C47B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{278ECEA4-6FC6-4ED6-BF3D-5665BEC55DCA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3380AF40-7FAB-49CC-85B1-6923319E966A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{594FD52D-F773-4491-8936-FE558A212F8B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5CB43ECC-D453-44F7-A5B5-56A0CF9010EE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6E4A4F3B-BC58-40A7-AB5A-3D6EA0FB6145}" = lport=138 | protocol=17 | dir=in | app=system | 
"{78AD29E5-0C86-4D37-A50E-FC660240F454}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD2D1F46-50C3-47CE-BC72-A1E44A06F3F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C769CE53-ECD8-4DAF-A93C-A9FCFC935544}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D24266C2-99A5-4275-AD97-335C701D1CE6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E6FEC443-9E6F-48D4-B2CF-E9B742CD5621}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F05F294E-95CF-491A-9700-DC8FE28492C2}" = lport=139 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A085DB-277E-41A8-A214-F5598C17ED0D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{00E612E5-1FBF-4C1B-A065-44D7CFB036D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01643FCE-85E2-4413-AB75-A5D3559424A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01F19613-D93A-46B6-AA99-6C01205B1C12}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{038E5CD2-8FDE-4F0A-8F9C-4FB9DB272735}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0390B6D7-6B4D-4225-B728-DF5C877A98A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0593D73F-8417-4E60-A22D-C3E266D777A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05BAC11C-2F21-4637-BADD-64858A9D5B16}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06EFD7F7-CA32-40CB-A0CC-40D4F934AC99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{086984ED-6E18-4678-9068-731317C36B6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{095EA3CC-42C9-4300-869D-7C9D8FF69C1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{09D9BCA3-A06F-457D-A674-19F8A540D66D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B775666-CB4B-4640-8F62-4DE51B9E7F76}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BA45349-E47B-450C-AFC6-89262E9CB650}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0C170A7C-934B-4C20-A817-1B5F06AB17D2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0EA8909B-7B37-4BC2-87EF-BD372C200645}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F90244B-78A5-4E25-9434-D6D58AB5284F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FFD1B30-6525-4A4C-842D-EE26856A335E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{10E0B5E5-9676-4606-8557-1AA4B7CC2E21}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{11312630-353C-431D-B542-53BDEF2500D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12ACEE90-C347-4D83-8F4C-426867D5DFD7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14E4AA13-368C-48B9-B62F-906A548364E6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14EB747E-D63B-4C21-B8A5-BCF0A05682D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{168D8A8A-755D-4CF0-9A79-4BD14532652D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{175F3259-03EB-428E-9028-42448B02C39C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B183822-A815-4945-B79F-56446F97FAB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1CA2CCAB-8E60-4859-8795-21A6F32CBC4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1CF89951-D311-4BB7-AA7D-51A37B80461A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1D5F3EF1-21E3-4F11-9643-74B1C8A2EACF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F645752-42B5-4A91-8330-DC69DAA10E38}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{20982E45-4B87-4806-AE48-3DE01D132694}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21459C38-64BF-4F72-B8B1-66BA3BB23371}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{24DA5F20-BB7F-4810-B93F-4920B7BBCAD5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2655307B-99F7-4183-AECB-16B9D7F03CF0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2723E91D-6943-4B43-8CFA-6E8489D44095}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2772D3E4-E5C3-4545-B5EE-52C442E287BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28158B06-7C7A-48E6-995D-F8118B27CF72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{292DBDD0-DDBB-4FC6-91AE-59F10B0A2209}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{2A538692-21F8-469A-ACEE-B820DFE81B19}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2AB4D521-A334-4207-A83D-ABA0A6D04932}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2C58325C-D33E-40EF-A0EF-B4D1720F948C}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{2CEB9E2C-439A-477D-BCA0-B42839D9AE46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E32C7C1-27EB-4CF3-AAF5-9082850DFB46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F4FE002-F940-40B8-ADE4-339A23E23D63}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{327E27DA-13BC-489F-879C-6F38EFDC868F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{32FC9E1A-64DA-4DCE-A0CB-6C6FA5D83E89}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{33E8E5B4-73EE-4F7F-A75B-9F0559F05BC5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{3403D4D9-4838-4437-8426-CFE1C3D22F84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34CB43BF-11B3-4EB2-B07B-5AD4251AAFA5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{34E384B1-1144-4A20-9A3D-A97C27D4B88B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{359BAF0D-655D-409F-BE3E-BAEEF080643A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36847575-E708-4F56-9551-D3A674A3C670}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{36BCD176-F9CC-4608-9DC3-AB34B768E307}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37AE1E0A-3CD7-44E9-A9C4-8FD742C7D18C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38984001-DF7D-4E66-AF57-5D7FAB663D1B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{393B3D71-42B9-45ED-9E1F-45F00EF6ECAF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3A34D6EA-9AE1-45AA-9D0E-3DBE935B7EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{3B558989-5158-441D-90C1-1A6A04BAABDA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C664DBD-04F5-4B3D-A4C2-812213BF7291}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D73731D-3309-4975-B4CB-359DEA76A741}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EF3F938-AE32-4828-A0EA-7AEC6D9210F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3FF96AD8-579C-4E7A-988F-95A9983E0E8D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{401EB2B1-B794-4426-8F5C-929B81F4C5BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4131C8D5-F7F5-49E7-AE33-54822FBC917D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{437F6300-7502-4283-8631-E0BE498495D0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44192CB7-6743-4B13-B7D7-6B9DFD0C5396}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44A2209C-A2A9-4EA9-A41A-2E8889F9F45F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{456239F2-2ADA-40DD-ABBF-24294106B016}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4738C7C4-25B8-4982-AD73-3DCAD38A35F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AEC9C15-E3DD-44DA-A7A5-98C67FDBEAD6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B1E3403-9207-4B3E-8F67-C4799C5E228C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B9DA3A4-5A88-4E02-8228-CF3BBFF9C38C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BDC9AC8-AA34-42E4-9070-83FB2E10FBFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4BE5F0A9-A6AA-4652-B9FB-37A8B665D3FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C673887-2039-4421-B891-2CDEC3745545}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C7E0F85-FA6D-403B-B7AF-6E169FB195AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E5722EE-1BB3-467E-A3F5-CD0AD957E063}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4E831046-16AB-4AAD-B637-9B20BDB9CF11}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{509A37A0-FE22-4778-B8B6-E4D391004B51}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50C847CA-6416-4FF6-9C80-5C4AFF7250F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5367CF53-4DB1-4C18-8388-0151569D793E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5395BC97-8F45-4CDC-8C46-7CD3FC018F87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5503CE87-9D51-4877-8783-034E2AB41F0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56339B30-F27A-468C-A364-7D79D391E7B9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57C92568-3703-4EF0-A012-3DE63FC81CA9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{59DCC4AB-714D-4FA6-B5EF-267C1092B244}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5A27253B-E5F0-4B6E-9A3C-7899305585A8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5A427F5A-CCCD-4BC7-B328-379CD0CA1B7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C1E28D4-3743-4794-987C-29C57ED2F079}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C30B98F-1260-4C22-87E6-F979A5D5C145}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C62D253-00DE-4C58-A78D-6988FB4F11C9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D451241-50C7-4AEA-894B-AEBF551F2536}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61760C99-8245-4F80-BED3-FF9D73A0C220}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61A8CFD3-1E52-4612-ABF3-FB67F751FAFB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{62049165-C8A9-4F32-B74B-3409B4BE6523}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{624314A2-3707-4EDE-951F-9C2AF0069E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{630C8BAA-68D1-42B1-AC29-D22D838BE0E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6385F8E8-4568-4720-8823-4B542F2694E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6389CA9C-86BB-4768-85F8-8F29348DA5AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{65ED7155-954A-47E7-8B12-C734634AD493}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66B10748-B17E-41FB-9049-15EF07559415}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A7770A8-A67D-46A3-AA6A-F9BB33F36361}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6AAD056E-EC27-4C63-97F1-754F4B5CEA54}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B65F10B-78F0-4D5B-B4A7-3DF23C02EA27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B888294-7730-4034-9E9F-A0019800C8C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C07F320-61AF-4E2F-88BE-826F9A1D7AE9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C2B7F6C-F683-4899-ACAB-5A9233D3D955}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E30030E-9ED8-40E4-96D3-7B318F9B13A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6E9E2A29-EFDB-435C-8886-F1BF47428BF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F24FA1B-2990-4470-B7E2-4F4F8ED9CE3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F93FA01-4ED5-4FB0-9A7D-949E5AFDA8A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{70A2E5B3-55E1-4501-B4CA-AB814464D53D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{74F95528-E944-4BBE-A680-93032D53A8BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7578D230-F4D4-4779-9271-CEA285312FDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76478E49-AF67-4494-8504-3E782F2B421E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76736183-E7F2-4DB1-B698-B93FD53EC7D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76B557C5-D507-4789-B901-ACCE2365F72A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{777FECD9-3C24-4049-B0EE-A94458C87991}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7790B924-B3CF-48EC-BFBB-7631E51E7CB4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7807B309-0C42-4C79-8F40-7FB448E0F05A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7849E6C3-BB8A-49CD-A5A6-14BB3F12CDBB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78E1F785-146F-4EC8-9977-561EF4FB9C4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{78F19539-4155-4301-AB02-56620F29D89B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{7956AEB2-8117-4D04-9A75-7A8EDFF67016}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A369531-D3AB-48B6-817E-82738C9F0866}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A682C50-04EB-492B-AFBC-A29ACB31468F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B881293-2310-4FAB-82A7-95FEAEF5911D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C91621C-929C-4E34-9447-2DBB25C17943}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7D50091E-BF8B-4BE8-AD5B-317729BF0B39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E08D043-0AF3-40BE-9138-079D22ACD402}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{7F65E9AC-40D9-47C3-856F-DDBA651BE55D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80214CC7-983B-4D4E-A7F9-B26FF8E41BBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8040904A-8CA2-49F8-BADD-3C50ED08C1D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83BBE0E4-7BC5-4A16-8C5D-64E27CEFDD76}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83F2BA3D-BC09-4A96-8893-05FA9BE45D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{85E32FB1-FC03-49AA-9C07-7F68BCA949DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88631055-A989-4C70-AE64-4D9567C2723B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{89979DCF-C08C-412B-AA4B-05D66B19D4FF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B24AC95-E901-4097-8DD5-3B4F0D26FBC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8B4C9016-4F13-46DE-BE29-CE4791FF887B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BE6E7F8-7FFE-4EE6-AE81-45741FC21A8C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C2C47A3-8C06-47C5-B927-633C400E4350}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8D352CE8-0509-405C-8349-EDC5A2F2F986}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8D8A579C-938F-4F43-9671-DEAD6CBFEB7D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EB39DB7-4066-4242-A8A0-09B97C4F519C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9123002F-EF0A-404D-9A0E-4F439772B665}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{932617B1-90DD-4E4A-AC27-3711552BBEC1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{937D1E66-7FB9-445D-B5D5-E372A3EE44E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94FD53D1-0866-473D-A28F-7E8F9F94AC5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9555B989-00C5-4A76-B7EE-526FFEFA8DBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95B99169-8BD6-4BF9-B40A-956378DB1D6B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95E7BF00-7A4E-48B0-B53C-ED47F3725AF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9623BE36-920B-4B33-9BA8-F768B4F441FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{984FEA69-FDC9-4A8E-876C-01E158EDB31F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{98AA966E-1CC5-4A56-B350-16EEE085BF25}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98F35965-5D36-4625-98C8-057AC538373D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{99B322EC-06DB-4DB7-8860-F7ABFCBB946A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A9DC563-9965-43A4-A57A-1476C22B80FA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A9E5091-09E2-4074-93D6-0D802B399C38}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B444B2D-97C0-4A30-8961-8B1585B8CC2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9CAA3FEB-20F6-4B78-8426-3EB83FDA4CE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D4F40EE-CFAB-49A9-BB1D-A1CD913C8AE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E4854E4-4942-4C5D-A916-69BAAD624DA6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E6F0D2D-9797-4AA0-A995-8E44C7EED06C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E8016F6-5E90-4FF8-9B9E-FD316068860C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EA8B15D-B700-4B59-BFC5-7D26E9D06944}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F2DC12C-C211-4108-B5CF-59E7E2D7CA3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A12AAEA9-AF3A-4C3B-B03B-462F53BAFAF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A192E0C6-5194-4973-B4F8-90DB4A969D41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3880398-2F7B-4277-B3EA-FED41F29262B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A5332660-374B-435C-AEC9-5048400BCE47}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A5338B0D-46F3-4F79-9A14-933F392CF7B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A73F5D82-F0B5-40B0-B1DB-C2E05B861EEA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A7D6A664-4A99-484D-97B5-D0997382257C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8079C49-AF4B-42FA-AB42-0A5CECA9EEC0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9393917-FD24-4E98-B091-599D1AE52C0A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AA183B4F-4301-4C70-92FB-CB082DD55212}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC93E18B-AB98-4A29-BDD6-0B268AEC394D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD31B191-2B44-4826-BEEB-BAE65E41D68C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD8469B9-59B0-4B11-A6E8-007B0B65F08C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD86DD91-BCC3-4930-BDE8-BD8AF36465A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AE3040EB-117D-425C-8810-4A1B9FDDA8EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AEE5A439-C179-4B3F-BDD6-73E9183E0270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AF1CABE6-88F5-4BE6-98E7-AD39D675E09E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B16E767A-4A23-43B3-97AA-569B1C210130}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B218D6F6-82BE-4DDA-8560-D56DF1A17EFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B28A2BD3-B5C9-4E02-8296-E27C97238B16}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{B4010E46-49F7-4881-ABF9-8D655739863F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5422CBC-3F88-4CD7-A229-5804E95A9DDE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B62CB973-DCBC-4896-91BD-526B8AEEC502}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B73F4313-7322-4D09-AFE8-F317AF8A5339}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B82F8611-0A85-4482-823C-7194BB54AC1A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEF16E73-7574-437A-87A5-EAA7A21EF7FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C015C4F9-AAFF-486B-9BA0-336F758EC969}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0CC211B-B150-4EBE-8D67-37AF7F51114B}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | 
"{C1E4BE91-B647-44F8-B8DB-F16573003E2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1F97D95-5D82-4354-9DB1-E4962A1A5745}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3F42196-9357-4B7B-AF7B-FD499C491B18}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C49C2E92-96C5-4CE6-978E-00E92450F72A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{C4D10A50-6A67-45BC-AA60-99F055F4CDEC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5780CE8-A204-4763-855D-53D205482E2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6206D5A-674B-4ADC-B50A-362A7B553D48}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C7FDA552-124A-439D-A21C-866D6CE4DBB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8D64F7E-20D7-49B1-B6EC-AD6656A9DA6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C977CB70-BA5B-4D2C-A81C-30371A7E8D56}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA1BE8A8-85BC-4462-9402-CAC6F2328EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE384AA5-7CD3-4D59-9D7C-A98DF2179757}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF0B17F6-4A84-4B68-8E94-243217BDE80B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CFF31CF9-C511-43C8-B14D-9B76F8D7B853}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0E25891-1A43-4934-99E2-A5D8E704B00C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D24FEBE4-62D2-43EC-8040-D5419267A5A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2AE5D52-5264-4E2C-AE0B-E0ABD898B7A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D2B5F1DC-B0C4-4B12-B918-C005E571387B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D31BEA6B-B5A4-4157-8814-A2AB7DC3B9A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D3B511E7-9128-4EA7-9B3C-2CCD28FEAFA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D4847A16-8BD3-461A-B950-EDE41348B204}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{D48DB31A-DB7E-4B09-A5FA-A2D522BDC48D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D648F90D-A687-4C37-AABD-611710B6C7EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7A89338-FEF4-4A12-9CF7-2C6A7DEC9BD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D81ECF44-14AE-4F55-A23F-63C31A6D151F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D963D67F-3EF7-4990-A22E-225D85171734}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{DCC7FA32-E7DC-4671-A1F3-BEADE550788D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD6F4AEB-6322-4B87-8553-58AF17042E71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD795E9E-6B15-4467-A2AB-3F4D88C45168}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF676E35-DC37-4E6A-8DF4-A105740239ED}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E2F36C60-D49F-4580-BD22-06270C90109D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3293BA6-EA9D-4986-84FF-0B69AA2FC45C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5FBBCD6-475D-43F9-A442-D1FBD26396BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E613D02C-C0BF-41B3-A7F4-5A2C9B50E685}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E77069CB-C26D-4CFD-A938-C42B211CE761}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E7A62486-795C-47FF-AB1B-6EF1177B4D40}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{E8074247-0103-492C-A3CD-990E80467641}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E870388B-8815-450A-9E51-A04FB573004C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E884FB8E-4868-4888-853A-E6017B655639}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9A220BE-A613-4864-9327-8067952E2802}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9F3169B-8F75-4509-B20C-721007BBB222}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA9F992A-FF68-416E-8EBD-66BB1550C480}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EC3DD81F-2C5E-423C-A116-F1B6E854AEA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED34386A-EB65-4DBB-8054-6089951B579A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED64F31E-0755-46C4-A14D-FB6E182184F1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EDF29F56-53DF-4D57-89A1-6AE4CFDC87BB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF5692C6-8269-4690-9FE3-ADBC9FA60743}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFA82CE5-A912-4C4B-B1A6-B96FC7A90387}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EFAB72DC-0BCE-4AB6-A2D2-AD025148D7F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0002770-31C8-4953-8826-5D5DD473DCD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F01FDF4D-068E-4D27-920A-C9868720E3D3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F04E4953-4FFD-4B21-A2E5-27ED9E799093}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{F07CC979-6483-4C39-82BF-A16E20436153}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F09545D3-F210-4ACC-8D69-92DB93FF208F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0F7F313-449E-4F65-887B-1B8903B5C032}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1C24DE1-F249-46FC-8971-7B87AC078FCA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1CC8F14-549E-4345-A7BE-B11ED66EAE90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F604C340-0606-4CA0-A84A-8705A41173A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F6559A5C-BB4E-4CFB-8C5F-8BBDE9431A4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC1F43F2-7E93-4213-ACD4-7B53078C4111}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{04462842-5EAE-4BB1-A358-83D172CE6C6F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{0FB47BC8-D490-443E-9E6B-EB61E45A2F28}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{26028084-E198-46EF-9C98-A5ED7559C52B}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{4E367932-389E-49BD-9B31-E681A0D79E06}C:\program files\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"TCP Query User{52F01840-BDF5-48A4-A725-734C5F7E1963}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{A43DADFA-7E4C-42E8-9D3D-682759E59D24}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{CD6B3FDE-09EA-4EF5-BEEB-5C3FD7F0C08B}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{F20C7685-CA7A-4CF9-A33D-76FB7C82EA0D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{0D46DF2D-A943-48ED-AD31-0DC6E8FFC219}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{3BDD2D62-8D58-412F-AFD1-4E88D6780050}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{6BA1E7BD-9DBA-4320-AC69-C6043CF61D9D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{759A9172-BF64-4D84-8E81-8D8D2F7C427F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{A01A17D3-523D-41F7-BAA6-69FD48A25E03}C:\program files\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files\miranda im\miranda32.exe | 
"UDP Query User{A964FE26-3B83-4CAC-932D-1DDC45576CA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{CE9A6AA4-4F71-46DB-A8EF-DC6EA61FFF1F}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{DCC114AB-B7E9-44D3-857B-D7EF6AB657EF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{323D864C-99A6-4EDB-8D7A-A8640ED1E7A6}" = Hogrefe TestSystem Player   1.14
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM)
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CC3054EF-9FA7-4DC4-87FD-912737604940}" = 250 TEF
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Creative OA001" = Integrated Webcam Driver (1.05.02.1227)  
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX-Setup
"Double Commander_is1" = Double Commander 0.4 beta
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"FeedReader_is1" = FeedReader
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.21
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Practice The GMAT" = Practice The GMAT
"SopCast" = SopCast 3.0.3
"Steam App 8930" = Sid Meier's Civilization V
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 13.04.2011 11:14:08 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.04.2011 17:21:24 | Computer Name = Farkas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung EXCEL.EXE, Version 12.0.4518.1014, Zeitstempel
 0x45428263, fehlerhaftes Modul EXCEL.EXE, Version 12.0.4518.1014, Zeitstempel 0x45428263,
 Ausnahmecode 0xc0000005, Fehleroffset 0x007f6656,  Prozess-ID 0x10a8, Anwendungsstartzeit
 01cbfa1f11087c10.
 
Error - 17.04.2011 15:39:22 | Computer Name = Farkas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Skype.exe, Version 5.3.0.108, Zeitstempel 0x4d95ebf7,
 fehlerhaftes Modul Skype.exe, Version 5.3.0.108, Zeitstempel 0x4d95ebf7, Ausnahmecode
 0xc0000005, Fehleroffset 0x0000bcda,  Prozess-ID 0x1378, Anwendungsstartzeit 01cbfb4618879bb0.
 
Error - 21.04.2011 14:36:23 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.04.2011 14:35:35 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.04.2011 16:38:03 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.05.2011 15:29:15 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.05.2011 15:02:26 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2011 14:51:45 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.05.2011 19:36:38 | Computer Name = Farkas-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 18.06.2010 13:50:42 | Computer Name = Farkas-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 13.04.2011 17:21:24 | Computer Name = Farkas-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 719
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 17:18:11 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 18:22:04 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 18:22:04 | Computer Name = Farkas-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 24.01.2012 18:26:35 | Computer Name = Farkas-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >


sowie Gmer

Code


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-24 23:46:42
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BJKT-75F4T0 rev.11.01A11
Running: 49t9wf9k.exe; Driver: C:\Users\Farkas\AppData\Local\Temp\uwdiipoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                         section is writeable [0x8D40C000, 0x20BE32, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f4e3259                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f4e3259@001fe3276438         0xC0 0x88 0xE2 0x37 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BthPort\Parameters\Keys\00225f4e3259@0022a9c15b19         0x3B 0xDB 0x75 0x4D ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f4e3259 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f4e3259@001fe3276438             0xC0 0x88 0xE2 0x37 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\BthPort\Parameters\Keys\00225f4e3259@0022a9c15b19             0x3B 0xDB 0x75 0x4D ...

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
24.01.2012, 23:56
spiderfab
Member

Themenstarter

Beiträge: 32
#3 Autsch, jetzt wo ich drüberscrolle:
Корпорация Майкрософт
sowie
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15029 more lines...

Na dann gute Nacht ;(
Seitenanfang Seitenende
25.01.2012, 10:02
Swisstreasure
Moderator

Beiträge: 5694
#4

Zitat

O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15029 more lines...
Ist von Spybot und nicht schädlich ;)

Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Teatimer abstellen

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
27.01.2012, 00:00
spiderfab
Member

Themenstarter

Beiträge: 32
#5 N'abend. Hab Teatimer ausgestellt und MBAM heruntergeladen.
Beim Neustart war das Problem mit dem geblockten Bildschirm und "Sie haben nicht gezahlt" wieder da. Neustart erzwungen und MBAM wie beschrieben durchlaufen lassen. Scan ging bis zum Ende durch, 5 gefundene Dateien. Dann wollte ich erst kurz ein Log-File erstellen vor dem Entfernen, und da kam eine Page hoch von wegen Gema hat die seite geblockt wegen Raubkopien etc.

Seitdem kommt nach jedem Neustart der gleiche Bildschirm aus dem Internet (Bzw "Dieses Programm kann die Webseite nicht anzeigen" wenn kein Internet dran. Egal ob abgesicherter Modus oder nicht etc, immer kommt gleich am Start der Bildschirm.

Wie weiter? :-(

Besten Dank und Gruss!
Seitenanfang Seitenende
27.01.2012, 07:50
Swisstreasure
Moderator

Beiträge: 5694
#6 Also Du kannst nichts mehr machen, auch nicht im abgesicherten Modus? Kannst Du das System auch nicht zu einem früheren Zeitpunkt wiederherstellen?¨¨

Windows-Start > Ausführen oder WIN-Taste + R

Zitat

rstrui.exe
eintippen und enter drücken.

In der Systemwiederherstellung “Computer zu einem früheren Zeitpunkt wiederherstellen” auswählen.

Am besten sollte ein Wiederherstellungspunkt, der 7 Tage zurückliegt gewählt werden.

Alle Warnmeldungen ignorieren.

Klick: Weiter.

PC startet automatisch neu.


Nun starte erneut ein Scan mit Malwarebytes.
Seitenanfang Seitenende
27.01.2012, 12:21
spiderfab
Member

Themenstarter

Beiträge: 32
#7 Ich bekomme den Windows-Start gar nicht mehr auf. Booten läuft einwandfrei bis sich mein Desktop zeigt, dann poppt das Fenster schon auf und blockt mir jede weitere Handlung. Kann ich während des Bootens/Startprozesses bereits irgendetwas machen?
Seitenanfang Seitenende
27.01.2012, 19:18
Swisstreasure
Moderator

Beiträge: 5694
#8 Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Instructions.
• Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
• Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
• Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
• Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
• Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD
• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.• OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
Seitenanfang Seitenende
27.01.2012, 19:42
spiderfab
Member

Themenstarter

Beiträge: 32
#9 Kurze Nachfrage (bin noch nicht am Rechner): Der Brennvorgang sollte schon an einem externen Rechner stattfinden, oder? D.h. ich brenne das Prog drauf und lege es dann in den infizierten Rechner ein.

Wenn korrekt: Kann ich das auch mit einem Memory Stick machen?

Wenn inkorrekt (d.h. ich muss auf dem infizierten Rechner brennen): Da kann ich derzeit nichts machen, also weder herunterladen, noch ablegen, noch doppelklicken etc da mein Rechner von dem Popup geblockt wird.
Seitenanfang Seitenende
29.01.2012, 01:48
Swisstreasure
Moderator

Beiträge: 5694
#10 Ja genau. Brenne Dir die CD auf einem anderen Rechner. Am infizierten geht es ja nicht mehr gut ;)

Oder Alternativ mit einem USB Stick:

Erstellen wir einen bootbaren USB Stick für OTLPE

Wichtig:
Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht mehr vorhanden sein.

• Downloade dir OTLPEstd.exe und speichere die Datei auf dem Desktop.
• Solltest Du kein 7-zip oder Winrar auf deinem System haben, lade dir 7-zip herunter und installiere es.
• Nach der Installation von 7-zip, extrahiere OTLPEstd mit einem Rechtsklick auf OTLPE.iso und wähle Entpacken nach "OTLPEstd\".





Nun öffne bitte den Ordner OTLPEStd und mache einen Rechtklick auf die OTLPE_New_Std.iso und wähle in 7zip Dateien entpacken



Entpacke die Dateien in einen Ordner ( OTLPE ) auf dem Desktop. Nehme bitte ebenfalls die Einstellung wie im Bild vor.


Downloade dir eeepcfr.zip und entpacke die Datei nach Systemroot (meistens C:\).

• Leere den USB Stick auf den Du OTLPE erstellen willst.
• Navigiere nach C:\eeecpfr und starte usb_prep8.cmd.
• Drücke im DOS Fenster eine beliebige Taste.
• Gehe nun sicher das der richtige Laufwerksbuchstabe deines USB Sticks ganz oben steht.
Für Drive Label: gib ein OTLPE.
Unter Source Path to built BartPE/WinPE Files klicke ... und wähle den vorher erstellten OTLPE Ordner .
Setze ein Häckchen bei Enable File Copy.
• Klicke Start, akzeptiere die Nutzungsbestimmungen.
Nun kannst Du mit dem USB Stick dein System starten!

Nun boote von mit der OTLPE USB Stick.
Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device auswählen)

• Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
• Mache einen Doppelklick auf das OTLPE Icon.
• Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
• OTLpe sollte nun starten.
• Drücke Run Scan, um den Scan zu starten.
• Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
• Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
• Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
Seitenanfang Seitenende
29.01.2012, 20:56
spiderfab
Member

Themenstarter

Beiträge: 32
#11 Alles geklappt, einzige Sache: Es gab keine Extras.txt nur die andere Datei. Hab den Scan wiederholt, bzw auch einmal die Geschichte mit "Benutzerdefinierte Scans/Fixes", aber weiterhin nur eine Datei. Anbei also das Ergebnis von "Run Scan" ohne weitere Infos.

Code


OTL logfile created on: 1/29/2012 8:48:30 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 109.76 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.73 Gb Free Space | 58.20% Space Free | Partition Type: NTFS
Drive X: | 1.97 Gb Total Space | 1.63 Gb Free Space | 82.78% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/06/30 15:49:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 05:32:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/16 11:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/12 17:13:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/25 05:14:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/29 17:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 06:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/01/27 16:19:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/30 15:49:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 15:49:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/19 07:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 07:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 04:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/22 04:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/07/28 04:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/17 07:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/03 03:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 03:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 03:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/05/29 06:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2004/02/13 10:26:36 | 000,690,176 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EU3USB.sys -- (EU3_USB)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.blackle.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: hu@dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: fr-moderne@dictionaries.addons.mozilla.org:4.0.3
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.00.20110326
FF - prefs.js..extensions.enabledItems: facebookBlocker@webgraph.com:1.2.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspse,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspse.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspst,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspst.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 17:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 17:02:24 | 000,000,000 | ---D | M]
 
[2009/04/28 16:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Extensions
[2012/01/09 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions
[2011/12/10 05:29:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/02 18:38:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/12/23 08:53:16 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/12/24 10:58:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/03 13:37:24 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\coralietab@mozdev.org
[2010/11/22 14:56:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010/10/04 12:08:30 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/10/10 15:28:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2011/01/17 15:37:55 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\hu@dictionaries.addons.mozilla.org
[2011/05/08 05:45:12 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2009/05/10 05:54:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\moveplayer@movenetworks.com
[2010/08/02 13:12:14 | 000,005,551 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\google-maps.xml
[2009/09/07 17:25:46 | 000,001,512 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\imdb.xml
[2009/04/29 12:08:28 | 000,001,032 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\wikipedia-eng.xml
[2010/08/02 13:11:32 | 000,004,140 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\youtube.xml
[2012/01/22 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 19:36:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/01/12 17:28:14 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 17:28:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 17:28:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/12 17:28:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 17:28:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 17:28:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 17:28:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/08/20 05:15:31 | 000,436,649 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 15029 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InetAccelerator] C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [InetAccelerator.] C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Farkas_ON_C..\Run: [Firefox helper] C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
O4 - HKU\Farkas_ON_C..\Run: [InetAccelerator] C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Farkas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Farkas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trolltech = C:\Users\Farkas\AppData\Roaming\6E08D2.exe (Корпорация Майкрософт)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\htap {83EC570E-9FFA-11D2-9559-006008594011} - C:\Program Files\Hogrefe\Common\HTSProtHandler.dll (PtahSoft GmbH, ZTD Freiburg)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\InetAccelerator\InetAccelerator.exe) - C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\InetAccelerator.exe) - C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O20 - HKU\Farkas_ON_C Winlogon: Shell - (C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKU\Farkas_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 12:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell - "" = AutoRun
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\AutoRun\command - "" = F:\UNUCI/junaci.exe
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\open\command - "" = F:\UNUCI/junaci.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/26 17:52:11 | 000,142,848 | ---- | C] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\InetAccelerator
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InetAccelerator
[2012/01/26 17:43:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/26 17:43:46 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\Malwarebytes
[2012/01/26 17:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 17:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 17:43:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/26 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/26 17:38:10 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Farkas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/24 17:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012/01/22 19:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/12 17:44:19 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2012/01/12 17:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\images
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\hilfe
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\eric
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\dict
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\bin
[2008/01/20 21:24:27 | 000,034,816 | -HS- | C] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Roaming\6E08D2.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/27 16:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 16:21:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 16:21:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 16:19:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/26 17:52:11 | 000,142,848 | ---- | M] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/01/26 17:49:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/01/26 17:49:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/26 17:49:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/01/26 17:49:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/26 17:43:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 17:43:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 17:39:13 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/26 17:38:14 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Farkas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/24 17:24:16 | 000,302,592 | ---- | M] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012/01/24 17:22:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012/01/22 19:36:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/12 17:43:30 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/01/12 17:43:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012/01/05 18:26:21 | 000,074,752 | ---- | M] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/26 17:43:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 17:24:12 | 000,302,592 | ---- | C] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012/01/12 17:43:30 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010/09/25 08:33:33 | 000,000,162 | ---- | C] () -- C:\Windows\civ.ini
[2009/06/12 17:19:21 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/05/01 15:44:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/05/01 15:44:50 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009/05/01 15:44:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/05/01 15:41:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/05/01 15:41:52 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/05/01 15:27:52 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/05/01 15:27:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/05/01 15:27:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2009/05/01 15:13:37 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/01 09:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/29 12:49:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/04/28 11:44:59 | 000,074,752 | ---- | C] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 14:35:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/25 14:35:02 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/25 14:35:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/25 14:35:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/25 14:31:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/25 14:31:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/25 06:42:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/25 05:07:00 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/25 04:58:50 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/21 02:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/04/15 20:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,607,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/09/28 03:20:05 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Amazon
[2010/08/02 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\doublecmd
[2012/01/12 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2009/05/17 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Feedreader
[2010/09/23 04:04:28 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Hogrefe
[2012/01/26 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\InetAccelerator
[2009/09/13 04:41:18 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Miranda
[2009/04/28 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Windows Live Writer
[2009/11/11 16:22:10 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/12 17:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/09/23 04:03:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Hogrefe
[2012/01/26 17:52:11 | 000,000,000 | ---D | M] -- C:\ProgramData\InetAccelerator
[2009/04/25 05:20:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/04/25 05:20:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/05/01 15:13:08 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/25 05:20:36 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2009/04/25 05:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/11/03 02:07:37 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/09/07 17:04:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/01 05:41:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/26 17:39:13 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >


Und anbei noch einmal mit den benutzerdefinierten Geschichten ala NEUE BEITRÄGE ERSTELLEN: Mit folgenden Infos Thread im Forum erstellen

Code


OTL logfile created on: 1/29/2012 8:20:55 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 217.75 Gb Total Space | 109.76 Gb Free Space | 50.41% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.73 Gb Free Space | 58.20% Space Free | Partition Type: NTFS
Drive X: | 1.97 Gb Total Space | 1.63 Gb Free Space | 82.79% Space Free | Partition Type: FAT
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2011/06/30 15:49:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/01 05:32:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/07/16 11:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/12 17:13:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/25 05:14:34 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/01/29 17:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/22 04:26:36 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/22 04:26:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/18 06:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/01/27 16:19:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/06/30 15:49:27 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/30 15:49:27 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 05:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/19 07:38:16 | 000,133,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/01/19 07:38:12 | 000,279,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/12/22 04:26:50 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/22 04:12:06 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/11/24 04:16:10 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/04 18:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/07/28 04:46:32 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2008/07/17 07:00:14 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/07/03 03:58:26 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2008/07/03 03:58:24 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/07/03 03:58:22 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/05/29 06:03:34 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008/01/20 21:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2004/02/13 10:26:36 | 000,690,176 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\EU3USB.sys -- (EU3_USB)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Farkas_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.blackle.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: it-IT@dictionaries.addons.mozilla.org:3.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: hu@dictionaries.addons.mozilla.org:1.6.1.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: fr-moderne@dictionaries.addons.mozilla.org:4.0.3
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.00.20110326
FF - prefs.js..extensions.enabledItems: facebookBlocker@webgraph.com:1.2.2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspse,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspse.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@hogrefe.de/nphtspst,version=1.14: C:\Program Files\Hogrefe\Player\4\Bin\nphtspst.dll (Hogrefe Verlag Göttingen)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 17:28:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/07 17:02:24 | 000,000,000 | ---D | M]
 
[2009/04/28 16:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Extensions
[2012/01/09 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions
[2011/12/10 05:29:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011/01/02 18:38:03 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2011/12/23 08:53:16 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011/12/24 10:58:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/08/03 13:37:24 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\coralietab@mozdev.org
[2010/11/22 14:56:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010/10/04 12:08:30 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\en-US@dictionaries.addons.mozilla.org
[2011/10/10 15:28:08 | 000,000,000 | ---D | M] (Dictionnaire français «Moderne») -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2011/01/17 15:37:55 | 000,000,000 | ---D | M] (Hungarian dictionary) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\hu@dictionaries.addons.mozilla.org
[2011/05/08 05:45:12 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2009/05/10 05:54:06 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\extensions\moveplayer@movenetworks.com
[2010/08/02 13:12:14 | 000,005,551 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\google-maps.xml
[2009/09/07 17:25:46 | 000,001,512 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\imdb.xml
[2009/04/29 12:08:28 | 000,001,032 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\wikipedia-eng.xml
[2010/08/02 13:11:32 | 000,004,140 | ---- | M] () -- C:\Users\Farkas\AppData\Roaming\Mozilla\Firefox\Profiles\xl95xu3i.default\searchplugins\youtube.xml
[2012/01/22 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 19:36:24 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- 
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\FARKAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XL95XU3I.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012/01/12 17:28:14 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/12 17:28:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/12 17:28:11 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/12 17:28:11 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/12 17:28:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/12 17:28:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/12 17:28:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011/08/20 05:15:31 | 000,436,649 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 15029 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [InetAccelerator] C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [InetAccelerator.] C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Farkas_ON_C..\Run: [Firefox helper] C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
O4 - HKU\Farkas_ON_C..\Run: [InetAccelerator] C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Farkas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Farkas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trolltech = C:\Users\Farkas\AppData\Roaming\6E08D2.exe (Корпорация Майкрософт)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\htap {83EC570E-9FFA-11D2-9559-006008594011} - C:\Program Files\Hogrefe\Common\HTSProtHandler.dll (PtahSoft GmbH, ZTD Freiburg)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\InetAccelerator\InetAccelerator.exe) - C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\InetAccelerator.exe) - C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O20 - HKU\Farkas_ON_C Winlogon: Shell - (C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKU\Farkas_ON_C Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 12:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell - "" = AutoRun
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\AutoRun\command - "" = F:\UNUCI/junaci.exe
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\open\command - "" = F:\UNUCI/junaci.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {28960A48-F79B-8050-D3DC-540FD4EE619C} - Java (Sun)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/01/26 17:52:11 | 000,142,848 | ---- | C] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\InetAccelerator
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InetAccelerator
[2012/01/26 17:43:46 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/26 17:43:46 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\Malwarebytes
[2012/01/26 17:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 17:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/26 17:43:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/26 17:43:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/26 17:38:10 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Farkas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/24 17:23:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012/01/22 19:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/12 17:44:19 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2012/01/12 17:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\plugins
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\images
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\hilfe
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\eric
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\dict
[2012/01/12 17:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\bin
[2008/01/20 21:24:27 | 000,034,816 | -HS- | C] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Roaming\6E08D2.exe
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/01/27 16:22:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/27 16:21:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 16:21:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/27 16:19:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/26 17:52:11 | 000,142,848 | ---- | M] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/01/26 17:49:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/01/26 17:49:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/26 17:49:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/01/26 17:49:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/26 17:43:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/26 17:43:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/26 17:39:13 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/26 17:38:14 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Farkas\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/24 17:24:16 | 000,302,592 | ---- | M] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012/01/24 17:22:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Farkas\Desktop\OTL.exe
[2012/01/22 19:36:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/01/12 17:43:30 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012/01/12 17:43:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012/01/05 18:26:21 | 000,074,752 | ---- | M] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/01/26 17:43:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 17:24:12 | 000,302,592 | ---- | C] () -- C:\Users\Farkas\Desktop\49t9wf9k.exe
[2012/01/12 17:43:30 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010/09/25 08:33:33 | 000,000,162 | ---- | C] () -- C:\Windows\civ.ini
[2009/06/12 17:19:21 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/05/01 15:44:50 | 000,000,468 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/05/01 15:44:50 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2009/05/01 15:44:50 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/05/01 15:41:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/05/01 15:41:52 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009/05/01 15:27:52 | 000,000,212 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/05/01 15:27:52 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/05/01 15:27:52 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2009/05/01 15:13:37 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/05/01 09:04:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/29 12:49:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/04/28 11:44:59 | 000,074,752 | ---- | C] () -- C:\Users\Farkas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/25 14:35:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/04/25 14:35:02 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/04/25 14:35:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/04/25 14:35:02 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009/04/25 14:31:34 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/25 14:31:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/25 06:42:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/04/25 05:07:00 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/04/25 04:58:50 | 000,001,660 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/21 02:15:58 | 000,618,442 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,122,842 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007/04/15 20:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 001,607,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/09/28 03:20:05 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Amazon
[2010/08/02 15:36:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\doublecmd
[2012/01/12 17:44:20 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\elsterformular
[2009/05/17 08:16:32 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Feedreader
[2010/09/23 04:04:28 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Hogrefe
[2012/01/26 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\InetAccelerator
[2009/09/13 04:41:18 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Miranda
[2009/04/28 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\Farkas\AppData\Roaming\Windows Live Writer
[2009/11/11 16:22:10 | 000,000,000 | ---D | M] -- C:\ProgramData\2DBoy
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2012/01/12 17:43:59 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2010/09/23 04:03:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Hogrefe
[2012/01/26 17:52:11 | 000,000,000 | ---D | M] -- C:\ProgramData\InetAccelerator
[2009/04/25 05:20:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PC-Doctor
[2009/04/25 05:20:34 | 000,000,000 | ---D | M] -- C:\ProgramData\PCDr
[2009/05/01 15:13:08 | 000,000,000 | ---D | M] -- C:\ProgramData\ScanSoft
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2009/04/25 05:20:36 | 000,000,000 | ---D | M] -- C:\ProgramData\SupportSoft
[2009/04/25 05:12:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/11/03 02:07:37 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/09/07 17:04:28 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/01 05:41:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/26 17:39:13 | 000,032,524 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009/04/28 11:35:06 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008/02/06 01:46:24 | 000,000,000 | -HSD | M] -- C:\Boot
[2009/05/01 15:41:53 | 000,000,000 | ---D | M] -- C:\Brother
[2009/04/28 16:37:20 | 000,000,000 | ---D | M] -- C:\DELL
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009/01/19 07:53:42 | 000,000,000 | ---D | M] -- C:\Drivers
[2009/04/25 05:03:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008/01/20 21:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/01/26 17:43:37 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/26 17:52:11 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/04/28 11:30:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2012/01/24 17:32:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/04/28 11:31:14 | 000,000,000 | R--D | M] -- C:\Users
[2012/01/24 16:16:59 | 000,000,000 | ---D | M] -- C:\Windows
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/04/25 14:29:50 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/25 14:29:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2009/04/25 14:29:49 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/25 14:29:49 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/25 14:29:49 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008/01/20 21:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WININIT.EXE  >[/color]
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/20 21:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2011/12/24 11:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/12/24 11:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results >[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install]
 
[color=#A23BEC]< \Install|LastSuccessTime /rs >[/color]
 
[color=#A23BEC]< CREATERESTOREPOINT >[/color]
< End of report >
Seitenanfang Seitenende
29.01.2012, 23:42
Swisstreasure
Moderator

Beiträge: 5694
#12 Fixen mit OTLpe

• Starte den unbootbaren Computer erneut mit der OTLPE-CD,
• warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.
• Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:

Code

:OTL
PRC - [2009.04.25 20:29:49 | 000,060,928 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe
O4 - HKU\Farkas_ON_C..\Run: [Firefox helper] C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe (Корпорация Майкрософт)
O4 - HKU\Farkas_ON_C..\Run: [InetAccelerator] C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [InetAccelerator] C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O4 - HKLM..\Run: [InetAccelerator.] C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O7 - HKU\Farkas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Trolltech = C:\Users\Farkas\AppData\Roaming\6E08D2.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\ProgramData\InetAccelerator\InetAccelerator.exe) - C:\ProgramData\InetAccelerator\InetAccelerator.exe (MacroSoft)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\InetAccelerator.exe) - C:\Windows\System32\InetAccelerator.exe (MacroSoft)
O20 - HKU\Farkas_ON_C Winlogon: Shell - (C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe) - C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe (MacroSoft)
[2008/01/20 21:24:27 | 000,034,816 | -HS- | C] (Корпорация Майкрософт) -- C:\Users\Farkas\AppData\Roaming\6E08D2.exe
O32 - AutoRun File - [2006/03/24 12:06:42 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell - "" = AutoRun
O33 - MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\AutoRun\command - "" = F:\UNUCI/junaci.exe
O33 - MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\Shell\open\command - "" = F:\UNUCI/junaci.exe
[2012/01/26 17:52:11 | 000,142,848 | ---- | C] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\Users\Farkas\AppData\Roaming\InetAccelerator
[2012/01/26 17:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\InetAccelerator
[2012/01/26 17:52:11 | 000,142,848 | ---- | M] (MacroSoft) -- C:\Windows\System32\InetAccelerator.exe
:Commands
[purity]
[emptytemp]


• Sollte das mangels Internet-Verbindung nicht möglich sein,
• kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
• Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
• Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
• Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>
• Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.
Seitenanfang Seitenende
30.01.2012, 20:47
spiderfab
Member

Themenstarter

Beiträge: 32
#13

Code


========== OTL ==========
No active process named firefox.exe was found!
Registry value HKEY_USERS\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Firefox helper deleted successfully.
C:\Users\Farkas\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
Registry value HKEY_USERS\Farkas_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\InetAccelerator deleted successfully.
C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InetAccelerator deleted successfully.
C:\Windows\System32\InetAccelerator.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\InetAccelerator. deleted successfully.
C:\ProgramData\InetAccelerator\InetAccelerator.exe moved successfully.
Registry value HKEY_USERS\Farkas_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\Trolltech deleted successfully.
C:\Users\Farkas\AppData\Roaming\6E08D2.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\ProgramData\InetAccelerator\InetAccelerator.exe deleted successfully.
File C:\ProgramData\InetAccelerator\InetAccelerator.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Windows\system32\InetAccelerator.exe deleted successfully.
File C:\Windows\System32\InetAccelerator.exe not found.
Registry value HKEY_USERS\Farkas_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe deleted successfully.
File C:\Users\Farkas\AppData\Roaming\InetAccelerator\InetAccelerator.exe not found.
File C:\Users\Farkas\AppData\Roaming\6E08D2.exe not found.
X:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ce1d31-3691-11de-a12e-00225f4e3259}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{25ce1d31-3691-11de-a12e-00225f4e3259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25ce1d31-3691-11de-a12e-00225f4e3259}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c15e0ab-3fff-11df-909a-00225f4e3259}\ not found.
File F:\UNUCI/junaci.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c15e0ab-3fff-11df-909a-00225f4e3259}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c15e0ab-3fff-11df-909a-00225f4e3259}\ not found.
File F:\UNUCI/junaci.exe not found.
File C:\Windows\System32\InetAccelerator.exe not found.
C:\Users\Farkas\AppData\Roaming\InetAccelerator folder moved successfully.
C:\ProgramData\InetAccelerator folder moved successfully.
File C:\Windows\System32\InetAccelerator.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Farkas
->Temp folder emptied: 111724736 bytes
->Temporary Internet Files folder emptied: 105296933 bytes
->Java cache emptied: 17655935 bytes
->FireFox cache emptied: 117308249 bytes
->Flash cache emptied: 151572 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 565728 bytes
 
Total Files Cleaned = 336.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01302012_203801


Windows bootet wieder normal, einziges Popup kam von Avira, dass eine neue Version verfügbar sein. Hab natürlich nichts geklickt.

Als nächstes wieder Malwarebytes?
Seitenanfang Seitenende
31.01.2012, 01:27
Swisstreasure
Moderator

Beiträge: 5694
#14 Genau ;) Führe nun Malwarebytes aus.
Seitenanfang Seitenende
01.02.2012, 01:14
spiderfab
Member

Themenstarter

Beiträge: 32
#15

Code


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.26.06

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Farkas :: FARKAS-PC [Administrator]

01.02.2012 01:03:54
mbam-log-2012-02-01 (01-03-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 179493
Laufzeit: 6 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Das scheint mir bisher zu einfach ;) Was nun?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12