Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: IE Explorer öffnet sich + Fehlermeldung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.06.2010, 19:19   #1
vmt
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung



Hallo,
ich habe ebenfalls das IE Explorer Problem. Dieser öffnet sich mit Werbung.

Weiterhin sind mit dem IE Problem zwei Fehlermeldung aufgetaucht:
"Bf1.exe funktionert nicht mehr." & "Bf6.exe funktionert nicht mehr."
Habe ich auch nochmal als Anhang beigefügt.

Edit: Beide "Bf.exen" befinden sich im "C:\Users\..\AppData\Local\Temp" Ordner
Müssten also nach CCleaner eigentlich weg sein.

Habe kein Battlefield oÄ auf dem Rechner.

Habe bereits Avira, Panda & Ad-Aware drüberlaufen lassen. Dabei wurde unter der "Isass.exe" die Trojaner: "Win32.Trojan.Buzus", "Win32.Trojan.Buzus/F" und "Win32.TrojanDownloader.Zlob/AD" gefunden, welche ich auch erstmal in die Quarantäne verschoben habe.
Ebenfalls habe ich CCleaner drüberlaufen lassen, hat aber nichts geändert.
Hoffe Ihr könnt mir helfen & Danke schön schonmal im Vorraus.

Hier mein HiJackLog:


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:15:47, on 04.06.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\..\AppData\Local\Temp\Bf6.exe
C:\Windows\system32\conime.exe
C:\Users\..\Programme\Mozilla\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\mspaint.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\..\Desktop\HJT\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\..\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\..\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [{12764367-E4FD-7E93-2ED7-7D2A986EC8C3}] "C:\Users\..\AppData\Roaming\Rois\soyt.exe"
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\..\AppData\Local\Temp\Bf1.exe
O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Users\..\AppData\Roaming\Adobe\Update\flacor.dat""
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file) (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 10059 bytes
         
--- --- ---
Miniaturansicht angehängter Grafiken
-fehlermeldung.jpg  

Geändert von vmt (04.06.2010 um 19:59 Uhr)

Alt 04.06.2010, 20:09   #2
Larusso
/// Selecta Jahrusso
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Bitte keine Code Tags.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
  • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
  • Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
  • Aktiviere "Quick-Scan durchführen" => Scan.
  • Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
  • Bei Funden in C:\System Volume Information den Haken entfernen.
    Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
    Er könnte jedoch trotz Malware noch gebraucht werden.
  • Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
  • Berichte, wie der Rechner nun läuft.
Hier findest Du eine ausführliche und bebilderte Anleitung.


Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
MBAM Logfile
OTL.txt
Extras.txt
__________________

__________________

Alt 04.06.2010, 21:25   #3
vmt
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung



Danke, bisher gab es keine Probleme seit dem Neustart nach MBAM.
Hier die OTL-log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.06.2010 21:12:31 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\..\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 31,53 Gb Free Space | 24,95% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 61,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ..
Current User Name: ..
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.04 21:11:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
PRC - [2010.06.04 18:19:51 | 000,040,960 | ---- | M] (Atribune.org) -- C:\Users\..\Desktop\Look2Me-Destroyer.exe
PRC - [2010.06.03 10:02:29 | 000,200,192 | ---- | M] () -- C:\Users\..\AppData\Local\Temp\Bf6.exe
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.04 17:52:57 | 001,228,208 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.02.04 17:52:57 | 000,814,160 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.23 15:51:38 | 000,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.10.15 10:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.10.15 10:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 16:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Program Files\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.04 21:11:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.19 09:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (FirebirdServerMAGIXInstance)
SRV - File not found [On_Demand | Stopped] --  -- (Boonty Games)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.04 17:52:57 | 001,228,208 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009.03.30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.10.03 16:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.04 17:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.09.02 20:57:48 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.26 08:00:02 | 000,064,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.05 20:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 20:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 20:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2008.11.20 13:48:26 | 000,045,568 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw17bda.sys -- (hcw17bda)
DRV - [2007.11.21 12:17:34 | 000,327,168 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2007.09.30 00:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007.08.31 11:42:06 | 000,192,688 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 16:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.22 19:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.17 10:30:38 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007.04.17 10:30:38 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007.04.17 10:30:38 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\..\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Users\..\Programme\Mozilla\components [2010.04.19 11:00:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Users\..\Programme\Mozilla\plugins [2010.05.04 16:23:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.28 15:46:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.04.28 15:47:06 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\mozilla\Extensions
[2010.04.28 15:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\..\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.04 15:09:21 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\mozilla\Firefox\Profiles\q8q1tnxm.default\extensions
[2010.05.03 18:58:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\..\AppData\Roaming\mozilla\Firefox\Profiles\q8q1tnxm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.03 18:58:31 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\..\AppData\Roaming\mozilla\Firefox\Profiles\q8q1tnxm.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.09.21 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\mozilla\Firefox\Profiles\q8q1tnxm.default\extensions\moveplayer@movenetworks.com
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\..\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{12764367-E4FD-7E93-2ED7-7D2A986EC8C3}] C:\Users\..\AppData\Roaming\Rois\soyt.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\..\AppData\Local\Temp\Bf1.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found
O24 - Desktop WallPaper: C:\Users\..\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\..\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a078139-875a-11dd-a0b5-0015af7b0a76}\Shell\Auto\command - "" = G:\tel.xls.exe -- File not found
O33 - MountPoints2\{5340ad64-9859-11de-ae62-0016d389e45b}\Shell - "" = AutoRun
O33 - MountPoints2\{5340ad64-9859-11de-ae62-0016d389e45b}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{d7d4962a-4d33-11df-aeb5-0016d389e45b}\Shell\EXplOre\cOMmAnD - "" = G:\SYSTEM.EXE -- File not found
O33 - MountPoints2\{d7d4962a-4d33-11df-aeb5-0016d389e45b}\Shell\opeN\coMMand - "" = G:\SYSTEM.EXE -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\H\Shell\ExPLORE\cOmmAnD - "" = H:\SYSTEM.EXE -- File not found
O33 - MountPoints2\H\Shell\oPEn\COmMand - "" = H:\SYSTEM.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.08.12 18:47:46 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.04 21:11:25 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Arne Proschek\Desktop\OTL.exe
[2010.06.04 18:51:08 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.06.04 18:50:52 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010.06.04 18:47:04 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.06.04 18:46:51 | 000,092,672 | ---- | C] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Users\Arne Proschek\Desktop\KillBox.exe
[2010.06.04 18:37:55 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\HJT
[2010.06.04 15:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.06.04 14:02:36 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.04 14:01:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.04 14:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.06.04 14:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.06.04 13:46:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2010.06.04 09:52:27 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Avira
[2010.06.04 09:51:55 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.06.04 09:51:55 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.05.25 12:09:38 | 000,000,000 | ---D | C] -- C:\Users\..\Documents\VirtualDJ
[2010.05.25 12:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010.05.25 12:08:23 | 000,000,000 | ---D | C] -- C:\Users\..\Desktop\Atomix Virtual DJ v6.0.2 Professional
[2010.05.18 13:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.05.18 13:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.05.18 12:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.04.28 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Roaming\Thunderbird
[2010.04.28 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\..\AppData\Local\Thunderbird
[2010.04.28 15:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.04.19 11:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.19 11:00:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.19 10:55:36 | 000,000,000 | ---D | C] -- C:\Users\..\BGB AT
[2010.04.08 16:06:08 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010.04.08 16:06:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010.04.08 16:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\League of Legends
[2010.04.03 19:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.31 09:58:28 | 000,000,000 | ---D | C] -- C:\Riot Games
[2010.03.14 15:58:44 | 000,000,000 | ---D | C] -- C:\Users\..\Documents\Tiger Woods PGA TOUR 06
[2010.03.14 15:33:16 | 000,438,272 | ---- | C] (On2.com) -- C:\Windows\System32\vp6vfw.dll
[2010.03.14 15:33:16 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\Windows\System32\SHW32.DLL
[2010.03.14 15:33:15 | 000,327,680 | ---- | C] (On2.com Inc.) -- C:\Windows\System32\vp6dec.ax
[2010.03.14 15:33:15 | 000,168,960 | ---- | C] (Xceed Software Inc.     1-450-442-2626     zip@xceedsoft.com     www.xceedsoft.com) -- C:\Windows\System32\XCDZIP35.OCX
[2010.03.14 15:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\EA SPORTS
[2010.03.10 19:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2007.10.22 13:45:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.10.22 13:45:45 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.04 21:16:57 | 003,145,728 | -HS- | M] () -- C:\Users\..\NTUSER.DAT
[2010.06.04 21:11:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\..\Desktop\OTL.exe
[2010.06.04 20:57:02 | 000,000,308 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.04 20:55:35 | 000,000,318 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.04 20:47:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.04 20:41:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 20:41:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.04 20:21:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.04 20:14:57 | 000,002,797 | ---- | M] () -- C:\Users\..\Desktop\HiJackThis.lnk
[2010.06.04 19:37:34 | 000,228,734 | ---- | M] () -- C:\Users\..\Documents\cc_20100604_193648.reg
[2010.06.04 18:46:52 | 000,092,672 | ---- | M] (Option^Explicit Software                        vbtechcd@gmail.com) -- C:\Users\Arne Proschek\Desktop\KillBox.exe
[2010.06.04 18:33:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.06.04 18:07:40 | 000,146,432 | ---- | M] () -- C:\Users\..\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.04 18:07:05 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.04 18:07:05 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.04 18:07:05 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.04 18:07:05 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.04 18:07:05 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.04 18:05:36 | 000,131,819 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.04 18:05:35 | 000,131,819 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.04 18:04:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.04 17:10:55 | 000,000,680 | ---- | M] () -- C:\Users\..\AppData\Local\d3d9caps.dat
[2010.06.04 16:45:39 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.04 16:41:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.04 16:35:19 | 000,524,288 | -HS- | M] () -- C:\Users\..\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.06.04 16:35:19 | 000,065,536 | -HS- | M] () -- C:\Users\..\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.06.04 16:35:15 | 002,547,898 | -H-- | M] () -- C:\Users\..\AppData\Local\IconCache.db
[2010.06.04 15:00:40 | 000,001,634 | ---- | M] () -- C:\Users\..\Desktop\CCleaner.lnk
[2010.06.04 14:01:15 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.03 02:24:33 | 008,169,046 | ---- | M] () -- C:\Users\..\Desktop\bdawim2180_96630n_de.pdf
[2010.06.02 20:01:12 | 001,906,531 | ---- | M] () -- C:\Users\..\Desktop\katalog20100408.pdf
[2010.05.26 14:13:01 | 000,380,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.25 12:54:18 | 000,104,392 | ---- | M] () -- C:\Users\..\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.25 12:09:55 | 000,000,780 | ---- | M] () -- C:\Users\..\Desktop\Virtual DJ.lnk
[2010.05.25 10:47:13 | 000,001,597 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.20 12:26:19 | 000,195,136 | ---- | M] () -- C:\Users\..\Documents\Konstitution_...pdf
[2010.05.18 13:04:08 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.04 19:36:55 | 000,228,734 | ---- | C] () -- C:\Users\..\Documents\cc_20100604_193648.reg
[2010.06.04 18:38:44 | 000,002,797 | ---- | C] () -- C:\Users\..\Desktop\HiJackThis.lnk
[2010.06.04 18:32:48 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.06.04 15:00:40 | 000,001,634 | ---- | C] () -- C:\Users\..\Desktop\CCleaner.lnk
[2010.06.04 14:38:45 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.06.04 14:01:15 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.04 13:25:34 | 000,000,308 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.04 01:14:10 | 000,000,318 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.03 02:24:32 | 008,169,046 | ---- | C] () -- C:\Users\..\Desktop\bdawim2180_96630n_de.pdf
[2010.06.02 20:01:11 | 001,906,531 | ---- | C] () -- C:\Users\..\Desktop\katalog20100408.pdf
[2010.05.25 12:09:55 | 000,000,780 | ---- | C] () -- C:\Users\..\Desktop\Virtual DJ.lnk
[2010.05.25 10:47:13 | 000,001,597 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2010.05.20 12:26:19 | 000,195,136 | ---- | C] () -- C:\Users\..\Documents\Konstitution_CTM.pdf
[2010.05.18 13:04:08 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.07 18:55:35 | 000,000,680 | ---- | C] () -- C:\Users\..\AppData\Local\d3d9caps.dat
[2009.09.02 20:57:48 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.21 12:20:57 | 000,033,807 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.07.21 12:20:04 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.21 12:19:43 | 000,007,734 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.02.07 19:38:54 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009.01.31 20:55:40 | 000,001,729 | ---- | C] () -- C:\Windows\wininit.ini
[2009.01.31 20:49:48 | 000,000,327 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.08.26 23:18:55 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.12.15 07:36:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.25 09:15:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.25 09:15:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.23 04:20:15 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.10.22 13:45:45 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.10.22 13:45:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.10.22 13:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007.10.22 13:45:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007.09.18 09:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007.09.12 09:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.12 09:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007.09.12 09:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.06.04 09:01:54 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Azureus
[2009.07.07 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\CPUControl
[2009.09.03 09:17:16 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\DAEMON Tools Lite
[2010.02.28 20:47:32 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\gtk-2.0
[2008.07.30 15:23:55 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\ICQ
[2009.09.08 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\ITTerritory
[2009.02.02 14:38:17 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Leadertech
[2010.01.26 00:38:07 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.06.04 21:11:19 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Mabewy
[2009.06.04 15:39:55 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\MAGIX
[2008.08.04 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\My Games
[2009.04.21 06:05:28 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Rois
[2008.08.11 19:42:45 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\streamripper
[2009.07.07 15:40:32 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\temp
[2008.09.25 21:16:27 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Template
[2010.04.28 15:47:04 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Thunderbird
[2009.06.05 12:14:36 | 000,000,000 | ---D | M] -- C:\Users\..\AppData\Roaming\Xilisoft Corporation
[2010.06.04 18:33:00 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010.06.04 16:37:15 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.04 20:57:02 | 000,000,308 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.04 20:55:35 | 000,000,318 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.06.04 16:41:30 | 000,001,114 | ---- | M] () -- C:\aaw7boot.log
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007.09.18 09:46:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.07.30 20:42:18 | 000,000,745 | ---- | M] () -- C:\deltaStartup.log
[2007.10.25 09:17:17 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007.10.25 09:17:17 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.04 16:41:32 | 531,628,031 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
         
--- --- ---
__________________

Geändert von vmt (04.06.2010 um 22:05 Uhr) Grund: windowsbenutzernamen übersehen

Alt 04.06.2010, 21:26   #4
vmt
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung



OTL- Extras:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2010 21:12:36 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\..\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 31,53 Gb Free Space | 24,95% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,62 Gb Free Space | 55,69% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 61,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ..
Current User Name: ..
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Users\..\Programme\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041B86C5-2E38-4E78-8269-187794C15E2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{23E539D2-E644-4948-817B-81B8560690FA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{316B8F7D-5218-4591-BE6F-4F910B0F0DD0}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3E089021-1D77-422B-B801-65686137AC2E}" = lport=8375 | protocol=17 | dir=in | name=league of legends launcher | 
"{4111E11C-7936-4FDC-BBE6-9CCFAA2AF1F4}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5CE02903-5118-4D7C-8147-707019A7044C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{705FBA80-D507-4B2F-B9CF-92841F6E4427}" = lport=138 | protocol=17 | dir=in | app=system | 
"{81465AF5-D829-4289-919C-1B5193CE53A0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{866D3D89-1444-4BCB-8D49-B05C427375F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8F0BB0D2-7C58-45A9-A008-D7BC1B0CBBD0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{91448DF8-6DE2-4733-B954-64617F004B4F}" = lport=8375 | protocol=6 | dir=in | name=league of legends launcher | 
"{A056BEB4-EA87-416D-9275-00DF8321F4B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A4387B5C-A5C4-4299-838B-7FB2C218E90A}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{AEC0F07E-3BE8-48EF-9B86-12541FE40C4C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C28B9594-F491-4872-9D9C-A065EF59403A}" = lport=8376 | protocol=17 | dir=in | name=league of legends launcher | 
"{C4536641-2406-4292-A59A-EC338B8E62E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C687553B-36DD-4C74-8924-E12C385588BC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C74C6B19-462B-4543-9610-56C0938A4ADC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CCA78169-FBE3-4093-A70D-884B9EB4407C}" = lport=8376 | protocol=6 | dir=in | name=league of legends launcher | 
"{D3747F18-2DF6-4635-96B9-4B01DE634BD4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=c:\windows\system32\svchost.exe | 
"{E360E099-3D29-46B7-B11D-1990066A82D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3CABC93-55C7-4366-8600-D5BE6A938EA8}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F03D6664-66A9-4BE2-9C04-7CEF40589437}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3ECFC8F-9CD5-44C3-A614-91746C3B4324}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F5605E2B-69DC-411E-8FF3-4B4AA4BFD21F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{FA95223E-D217-442B-A559-B6D9C9B4B39D}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{FBBC1C40-9B3F-4B8C-B86B-51DA65F9C512}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FEFA0233-CF57-4F83-B0C0-27C9C967B33E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F63F27-12C6-43EB-9C9B-F215A777DC0E}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{02C5D6EE-A172-4235-BBD3-E0807463D0D9}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{045524E0-56DD-43F3-8C5B-3DBEDD741A41}" = protocol=17 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{0A1A3174-23DB-4F00-9BB6-6EA5675393EE}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{125B92A0-3C0F-4AE8-A971-941CBDD4CBC4}" = protocol=17 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{14BBF35F-9755-44BB-8D7E-36BE14E649A7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{193ABF24-B1D1-4CAC-8C23-D155B419CBAF}" = protocol=17 | dir=in | app=c:\users\..\spiele\civ4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{21414FA7-3F37-4E11-8D5C-980CF98F1FE3}" = dir=in | app=c:\program files\msn messenger\livecall.exe | 
"{23068FBF-FBDB-457B-9B63-63BD09F8353E}" = protocol=17 | dir=in | app=c:\users\..\spiele\civ4\civilization4.exe | 
"{29EBDA06-DDCC-4F1A-910F-EC4EA444E0C1}" = protocol=6 | dir=in | app=c:\program files\league of legends\game\league of legends.exe | 
"{303D03F9-5D5A-4A50-A7A3-64336F46A670}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{386ED682-4F1E-42DD-8E7C-FA79B8DD726A}" = protocol=6 | dir=in | app=c:\program files\league of legends\air\lolclient.exe | 
"{3D366A97-A3C0-4388-8D87-9F6E45C76026}" = protocol=6 | dir=in | app=c:\users\..\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{3FA1A0C0-0B49-4A09-8DDB-73628879A0E6}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe | 
"{405B9D10-1BC4-43E9-9BAF-1D1689C192D0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{439DD256-35E8-4A9D-B068-9DAFF4F3A9DD}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe | 
"{50084C82-11AA-43CE-9942-7E8C3C027F08}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{546B9B0D-0B0F-4B51-9E5A-98575D476D69}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{5558F020-88FC-4853-9166-F9235FDE3B7B}" = protocol=6 | dir=in | app=c:\users\..\spiele\civ4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{57144A53-8E32-4CDC-9624-8929FDE1F885}" = dir=in | app=c:\users\..\programme\skype\phone\skype.exe | 
"{5AC65D4A-BE04-46E2-BBC3-5A5A60874680}" = protocol=6 | dir=in | app=c:\users\..\spiele\civ4\civilization4.exe | 
"{5C4B2316-F7B7-4CB9-BF49-D0B2EA2608F7}" = protocol=6 | dir=in | app=c:\aeriagames\megaten-de\imagineclient.exe | 
"{5C5FECE0-E2EE-4F81-A280-8B937DBDA03C}" = protocol=17 | dir=in | app=c:\program files\itterritory\dragonsen\dwarclienten.exe | 
"{5E8E78AB-37A3-4FFE-9755-FF2B1E58AF23}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{6390A432-272F-494D-9444-AC508D93BA0E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{68CAABA3-3183-4BE9-819C-8E3320E9650A}" = protocol=17 | dir=in | app=c:\users\..\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{7014B406-953D-4D4A-9051-ED871E9D00E5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7081E26D-D486-47DE-8F4D-F65CAD70A342}" = protocol=17 | dir=in | app=c:\users\..\spiele\civ4\beyond the sword\civ4beyondsword.exe | 
"{8AF34189-B5D0-4C31-8660-7D6E1F2BF651}" = protocol=6 | dir=in | app=c:\aeriagames\megaten-de\imagineupdate.exe | 
"{9E463C48-D869-41A1-BF6E-47D1AF138594}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{A0908908-AA33-4959-8E35-6BF4A3EAA910}" = protocol=6 | dir=in | app=c:\users\..\spiele\civ4\beyond the sword\civ4beyondsword.exe | 
"{A4F5EFCB-F1A7-4CD4-B54F-608D1B0FECE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A77AE9EA-EC50-42B1-AEB9-189B3835ECA2}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"{A780D0F1-66A7-473E-B598-4F38F90814FF}" = protocol=17 | dir=in | app=c:\aeriagames\megaten-de\imagineclient.exe | 
"{A9BAC606-4F20-43BE-97D6-1F353D460A0E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AA19F9F5-A136-4962-AC78-3752E626E65B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AAA35F27-9FA3-4020-BF90-A7755A5996E2}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{AC64A7D5-8751-4350-BA21-C73E2C6C4A79}" = protocol=17 | dir=in | app=c:\users\..\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{AED6F70E-C940-460F-BAAC-25A3DFF802DC}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{BACD0017-DDCB-4336-9E5D-DC7FD93394F8}" = protocol=17 | dir=in | app=c:\aeriagames\megaten-de\imagineupdate.exe | 
"{C3971E39-BE05-4965-B7DD-59B0E42AEECB}" = protocol=6 | dir=in | app=c:\program files\itterritory\dragonsen\dwarclienten.exe | 
"{C55D6435-B5A7-4943-85D5-23EFA03D295A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{DF76BC8B-09FA-4A15-B219-D379EEAF97C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DF8A907F-4816-4FCB-925D-9648CAF6D927}" = protocol=6 | dir=in | app=c:\users\..\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{F9503EF7-E7D2-436C-A198-E4E915F670F1}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"TCP Query User{037690B2-AC31-4971-838C-826BC2D1B544}C:\users\..\downloads\loleudownloader.exe" = protocol=6 | dir=in | app=c:\users\..\downloads\loleudownloader.exe | 
"TCP Query User{07E67EBA-4CA3-4DDC-BF25-8298355F4747}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{128BCD2E-611C-4A21-96BD-D51D14AA38D9}C:\users\..\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\..\program files\dna\btdna.exe | 
"TCP Query User{13E31167-32CD-40FC-87C3-BA33AD36A1E7}C:\users\..\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\users\..\programme\winamp\winamp.exe | 
"TCP Query User{1792BCAA-BD60-421A-A12F-5773C8AF46EF}C:\users\..\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\..\program files\dna\btdna.exe | 
"TCP Query User{2061A1A4-CC33-4798-852D-23F2934263C3}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{2DF530EC-E6CE-48AA-8147-6DCC7DC31314}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe | 
"TCP Query User{3CD188B2-B09F-453E-A41A-44977DD919FC}C:\program files\ea games\command and conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat | 
"TCP Query User{3ECEA572-7143-422D-950F-3EF0062F41AB}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe | 
"TCP Query User{3FCA06EF-1B96-4416-B025-ABF5C182F3C2}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"TCP Query User{4AD3AEF7-8896-44DD-9EE7-22615D017012}C:\program files\team17\worms armageddon\wa.exe" = protocol=6 | dir=in | app=c:\program files\team17\worms armageddon\wa.exe | 
"TCP Query User{4B868E0C-0FBC-423E-8AD6-D28AB5A91F0F}G:\cs\hl.exe" = protocol=6 | dir=in | app=g:\cs\hl.exe | 
"TCP Query User{57CFE7F8-5C48-4E99-AD2C-090B35D1AFDC}C:\users\..\programme\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\..\programme\icq6\icq.exe | 
"TCP Query User{5AE9D2A9-8533-4B2D-AC0E-3794A2902FC1}C:\users\..\spiele\farcry\bin32\farcry.exe" = protocol=6 | dir=in | app=c:\users\..\spiele\farcry\bin32\farcry.exe | 
"TCP Query User{9457E1E7-D5DE-4FD3-8640-7F9244330796}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{954C6B3F-3B8E-464B-86EE-DD6788B776F2}C:\users\..\spiele\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\..\spiele\cs\hl.exe | 
"TCP Query User{994A9CFE-AF8E-4446-8DC7-758B0C89D82E}C:\users\..\desktop\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\users\..\desktop\quake iii arena\quake3.exe | 
"TCP Query User{A03CB2FE-9BDD-488C-A676-4C610BD93D0D}C:\users\..\programme\qip\qip.exe" = protocol=6 | dir=in | app=c:\users\..\programme\qip\qip.exe | 
"TCP Query User{A50DC087-A564-4919-A678-257CBBE954AC}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A5385651-AEAB-4042-9D61-0A884BCA6890}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{A826B3D1-73D7-47FE-BADC-D11085CC7FDD}C:\users\..\spiele\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\users\..k\spiele\quake iii arena\quake3.exe | 
"TCP Query User{ABF8FA65-871F-421F-936C-9991AB0D3378}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"TCP Query User{B68F2735-6C40-4D99-9F42-91A14B288D4F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BF64363A-72BB-4011-BC99-3083B785A634}C:\program files\poker.com\client.exe" = protocol=6 | dir=in | app=c:\program files\poker.com\client.exe | 
"TCP Query User{C5752587-9F9B-41E7-8EFC-C7F009B7636C}C:\users\..\desktop\cs\hl.exe" = protocol=6 | dir=in | app=c:\users\..\desktop\cs\hl.exe | 
"TCP Query User{CC16A19A-C9CC-49D4-BA40-95AE91F8F22C}C:\users\..\spiele\nwn\nwmain.exe" = protocol=6 | dir=in | app=c:\users\..\spiele\nwn\nwmain.exe | 
"TCP Query User{D152888F-2FA9-4CAC-BD14-A58046A8E558}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{13E5470B-D23F-4D92-8737-2C5BCBE8131B}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe | 
"UDP Query User{26006F6F-B3D2-4F49-9FC6-C26656322B8E}C:\users\..\downloads\loleudownloader.exe" = protocol=17 | dir=in | app=c:\users\..\downloads\loleudownloader.exe | 
"UDP Query User{33CD75C6-010E-4AC5-8A7A-B152014D342A}C:\users\..\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\..\program files\dna\btdna.exe | 
"UDP Query User{499F1263-74AC-413F-8416-8FB3DCAFED63}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{7138745B-7D9E-45DF-98E8-20E423687EA5}C:\program files\ea games\command & conquer generäle stunde null\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer generäle stunde null\game.dat | 
"UDP Query User{737F4C5C-C889-4D96-8FD4-811B5707A5B4}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{86B43ECD-8642-467B-B7A5-61541515A9E8}C:\program files\team17\worms armageddon\wa.exe" = protocol=17 | dir=in | app=c:\program files\team17\worms armageddon\wa.exe | 
"UDP Query User{968A9076-8EAA-4D5C-8AB2-A046A0EC58E1}C:\users\..\spiele\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\users\..\spiele\quake iii arena\quake3.exe | 
"UDP Query User{96D42BDD-8EC8-4A39-98CD-3447816A634B}C:\users\..\spiele\farcry\bin32\farcry.exe" = protocol=17 | dir=in | app=c:\users\..\spiele\farcry\bin32\farcry.exe | 
"UDP Query User{A69D64F1-C5D1-4AF1-8FA4-12EF3C5C57B7}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{A7FA0E12-F821-4736-BAF4-AB3C07A48558}C:\program files\ea games\command and conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command and conquer generals\game.dat | 
"UDP Query User{AF3B273B-A81D-4916-86B2-16C4534264BE}G:\cs\hl.exe" = protocol=17 | dir=in | app=g:\cs\hl.exe | 
"UDP Query User{BEE0C145-7A02-45F3-B5AC-841C2D99F94A}C:\users\..\spiele\nwn\nwmain.exe" = protocol=17 | dir=in | app=c:\users\..\spiele\nwn\nwmain.exe | 
"UDP Query User{C04E3553-7FAA-4D5E-8C3D-BF42C921C8B6}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{C372863C-18B0-4E7D-AC0B-D0E6E4020BEC}C:\users\..\programme\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\..\programme\icq6\icq.exe | 
"UDP Query User{CF7772BD-D2CE-4601-9006-4B4AD5FC6B91}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{D1FEAE6B-4D2F-4936-AAF4-32F406D58F2D}C:\users\..\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\..\program files\dna\btdna.exe | 
"UDP Query User{D2EEC349-C885-43D2-A4A7-441285B200D8}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe | 
"UDP Query User{D3E80FB5-25EB-4C9B-BF4A-2041AA1E220A}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{D8277C8A-080F-4C74-B008-D04859AA5E38}C:\users\..\spiele\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\..\spiele\cs\hl.exe | 
"UDP Query User{DE99D59E-8733-41C5-9409-011F811E729C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{E0B80DDB-B2EC-4006-AA8C-A54694021B90}C:\program files\poker.com\client.exe" = protocol=17 | dir=in | app=c:\program files\poker.com\client.exe | 
"UDP Query User{E1D8D323-4262-4199-8E8E-52F1E5321F1C}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe | 
"UDP Query User{E2F4FFEC-7016-4196-A4F1-BE21A93D52A4}C:\users\..\programme\qip\qip.exe" = protocol=17 | dir=in | app=c:\users\..\programme\qip\qip.exe | 
"UDP Query User{EB8DB9C6-51DC-429B-8C7D-5EF2CFCDB551}C:\users\..\desktop\cs\hl.exe" = protocol=17 | dir=in | app=c:\users\..\desktop\cs\hl.exe | 
"UDP Query User{F3BAA278-47A3-4041-81C7-8F8126E4F876}C:\users\..\desktop\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\users\..\desktop\quake iii arena\quake3.exe | 
"UDP Query User{F7B67BA0-56CF-485F-9D37-6F0834E2DD87}C:\users\..\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\users\..\programme\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1CE59656-4104-44AA-00BF-D2546C7EA497}" = Tiger Woods PGA TOUR 06
"{1DAFF305-A88A-40AC-A882-EB2C6F53AF94}" = League of Legends
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53DF73B1-37F5-4B7F-86ED-FA7CC4041031}" = Nero 8 Essentials
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96C39A4E-8636-439B-B439-02E908C05A2A}" = League of Legends
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}" = CyberLink YouCam
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2006
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CPU-Control_is1" = CPU-Control
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"FLV Player" = FLV Player 2.0 (build 25)
"Free Studio_is1" = Free Studio version 4.3
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"League of Legends_is1" = League of Legends
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"QIP2005" = QIP 2005 Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"QIP 2005" = QIP 2005 8095
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.06.2010 10:15:04 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf6.exe, Version 0.0.0.0, Zeitstempel 0x4c06312c,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x036d4200,  Prozess-ID 0xdd0, Anwendungsstartzeit 01cb03efb9d92c3a.
 
Error - 04.06.2010 10:15:07 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x047e4200,  Prozess-ID 0xcdc, Anwendungsstartzeit 01cb03efb45a5f9a.
 
Error - 04.06.2010 10:48:27 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x04ad4200,  Prozess-ID 0x9e8, Anwendungsstartzeit 01cb03f499d3808d.
 
Error - 04.06.2010 10:51:35 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf6.exe, Version 0.0.0.0, Zeitstempel 0x4c06312c,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x039c4200,  Prozess-ID 0xc4c, Anwendungsstartzeit 01cb03f499a8a7cd.
 
Error - 04.06.2010 11:14:22 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02e34200,  Prozess-ID 0x16e4, Anwendungsstartzeit 01cb03f88f36fe0d.
 
Error - 04.06.2010 12:35:20 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02134200,  Prozess-ID 0x810, Anwendungsstartzeit 01cb0403e0052e40.
 
Error - 04.06.2010 12:38:23 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02da4200,  Prozess-ID 0x1190, Anwendungsstartzeit 01cb04044b52d0d0.
 
Error - 04.06.2010 13:08:24 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02e24200,  Prozess-ID 0x908, Anwendungsstartzeit 01cb04087c35c820.
 
Error - 04.06.2010 13:55:47 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02cb4200,  Prozess-ID 0x1324, Anwendungsstartzeit 01cb040f1c6ac150.
 
Error - 04.06.2010 14:55:24 | Computer Name = .. | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Bf1.exe, Version 0.0.0.0, Zeitstempel 0x4c063e9b,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x02e44200,  Prozess-ID 0x172c, Anwendungsstartzeit 01cb04176ed590c0.
 
[ System Events ]
Error - 04.06.2010 08:43:02 | Computer Name = .. | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2010 10:09:55 | Computer Name = .. | Source = HTTP | ID = 15016
Description = 
 
Error - 04.06.2010 10:10:20 | Computer Name = .. | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2010 10:14:39 | Computer Name = .. | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 04.06.2010 10:14:39 | Computer Name = .. | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2010 10:36:54 | Computer Name = .. | Source = HTTP | ID = 15016
Description = 
 
Error - 04.06.2010 10:37:14 | Computer Name = .. | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2010 10:41:44 | Computer Name = .. | Source = HTTP | ID = 15016
Description = 
 
Error - 04.06.2010 10:42:04 | Computer Name = .. | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.06.2010 12:04:48 | Computer Name = .. | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 0016D389E45B wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         
--- --- ---

Geändert von vmt (04.06.2010 um 22:09 Uhr) Grund: Windowsbenuternamen übersehen

Alt 04.06.2010, 21:27   #5
vmt
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung



MBAM - Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4169

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

04.06.2010 22:06:38
mbam-log-2010-06-04 (22-06-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136074
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getdo (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\..\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\..\AppData\Local\Temp\Bf1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Alt 05.06.2010, 14:25   #6
Larusso
/// Selecta Jahrusso
 
IE Explorer öffnet sich + Fehlermeldung - Standard

IE Explorer öffnet sich + Fehlermeldung



Hast Du Malwarebytes nach OTL laufen lassen ?

Sieht laut Uhrzeit zumind so aus.

Schritt 1

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Schritt 2

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in Deiner nächsten Antwort
OTL.txt
Gmer.txt
__________________
--> IE Explorer öffnet sich + Fehlermeldung

Antwort

Themen zu IE Explorer öffnet sich + Fehlermeldung
.com, ad-aware, adobe, agere systems, antivir, antivir guard, avg, avira, bonjour, defender, desktop, fehlermeldung, flacor.dat, google, gupdate, hijackthis, ie explorer, internet, internet explorer, isass.exe, launch, local\temp, menu.exe, mozilla, plug-in, rundll, senden, server, software, system, trojaner, vista, windows



Ähnliche Themen: IE Explorer öffnet sich + Fehlermeldung


  1. Internet Explorer öffnet sich im Hintergrund, zieht Internet und Chrome öffnet nicht mehr
    Alles rund um Windows - 12.03.2015 (38)
  2. Internet Explorer öffnet sich !
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (4)
  3. Explorer öffnet sich von selbst
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (34)
  4. Internet Explorer öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  5. Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen
    Log-Analyse und Auswertung - 27.08.2010 (2)
  6. IE Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 17.08.2010 (1)
  7. I-Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 03.08.2010 (25)
  8. Internet Explorer öffnet sich automatisch und öffnet Werbeseiten
    Log-Analyse und Auswertung - 18.06.2010 (1)
  9. Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 09.05.2010 (64)
  10. HILFE: Firefox öffnet Werbetabs&Internet Explorer öffnet sich selbstständig
    Log-Analyse und Auswertung - 07.05.2010 (6)
  11. IE Explorer öffnet sich von alleine
    Log-Analyse und Auswertung - 18.08.2009 (1)
  12. Explorer öffnet sich von alleine
    Log-Analyse und Auswertung - 14.11.2008 (0)
  13. fehlermeldung beim hochfahren , internet explorer öffnet sich ständig
    Log-Analyse und Auswertung - 12.03.2008 (4)
  14. Internet explorer öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (19)
  15. Internet Explorer öffnet sich selbsständig, hängt sich auf
    Log-Analyse und Auswertung - 09.11.2007 (10)
  16. Internet Explorer öffnet sich automatisch, hängt sich auf
    Mülltonne - 06.11.2007 (0)
  17. Explorer öffnet sich automatisch
    Log-Analyse und Auswertung - 03.07.2007 (3)

Zum Thema IE Explorer öffnet sich + Fehlermeldung - Hallo, ich habe ebenfalls das IE Explorer Problem. Dieser öffnet sich mit Werbung. Weiterhin sind mit dem IE Problem zwei Fehlermeldung aufgetaucht: "Bf1.exe funktionert nicht mehr." & "Bf6.exe funktionert nicht - IE Explorer öffnet sich + Fehlermeldung...
Archiv
Du betrachtest: IE Explorer öffnet sich + Fehlermeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.