Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MSN Virus wie ENTFERNE ich den richtig?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.06.2010, 00:52   #1
hilflos17
 
MSN Virus wie ENTFERNE ich den richtig? - Standard

MSN Virus wie ENTFERNE ich den richtig?



hallo,
ich hab ein ähnliches problem wie naitse91 habe einen geschickten link bekommen diesen geöffnet und auf ausführen geklickt(windows vista),seitdem wird dieser link immer wieder an meine kontaktliste geschickt und mein computer öffnet immer wieder fenster mit werbung.ich habe jetzt bereits wie hier schon beschrieben durch otl einen scan durchgeführt und folgende texte bekommen :
extras:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.06.2010 17:52:26 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,08 Gb Total Space | 5,64 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Drive D: | 152,81 Gb Total Space | 21,93 Gb Free Space | 14,35% Space Free | Partition Type: NTFS
Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARKUS-PC
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Eigene Dateien\mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002FD5A8-0F26-4E9E-8165-4BDB23EE7C0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0B7E92B5-311A-4212-A742-6C3871714CB4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{16D29749-4BC5-44E9-8617-DA04227287D3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1DA77DC3-0D17-4289-9AC2-FFC564E229D4}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1E1CFD7E-B020-444F-BA0E-39DEFF370AD2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2BD21225-AF33-41AA-AB5C-4217C5C93AAE}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{49B0F3A7-4CD6-4A50-969E-E49C25CD0D19}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4C843016-FF07-437A-A6C0-ACBA9EAF5888}" = lport=138 | protocol=17 | dir=in | app=system | 
"{539EB45B-303A-474C-8097-BF5692AE0B02}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{66011EC1-BE76-4EBB-8CEE-F6A187678D51}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E633D14-3C39-42ED-B392-42238452CD96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{85A945FC-4F9C-40E1-B77A-6C500ADFD5F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9540C9EE-CF78-4C75-96F1-2E915FFBB7C1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B0B6D790-3EA3-4B0E-B241-07A16EF80B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D8E7D849-2A80-46E3-93D1-570CD05DBD3D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DF5D4736-6719-4353-9F1D-4ADEDBC12580}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E0298326-F38F-4CDE-8C0D-531B1AD732D0}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E22248-E65D-4976-BE4A-013A7696B7D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{03AEEE27-B958-4C37-9669-E04474F9DB94}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{074BDE18-F1F8-4310-8C71-78144D2F97CF}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe | 
"{0C32897E-CB25-448C-A2F2-5EFAC3F1D3B9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{0F1CC015-3604-45C7-916D-AE2A55A1C493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FFA6342-F6A8-43D5-A2AF-486A52020FD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{20A8B426-C594-4F60-8C6A-6D2468A44B3A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{39D34489-F9F2-4865-BD5C-AB01B503D0CC}" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawmp.exe | 
"{3A831634-41AD-476B-9264-5220C18BCE12}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{3CA36795-5FB2-4EFA-95CF-BD88A2705D59}" = protocol=6 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\counter-strike source\hl2.exe | 
"{5D4DE7AB-8F91-4EE9-A795-34999C26657F}" = protocol=6 | dir=in | app=d:\spiele\unreal\system\ut2004.exe | 
"{66F72285-AE83-48C4-B31D-6D2668461894}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{699B3CD5-AB0D-404C-802D-CE05905D8DBA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6CAFF1A9-0EA6-483F-A2D6-6637CF211E65}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{76C35B39-4F0D-4AED-A547-5DB1CA8E79A2}" = protocol=17 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\counter-strike source\hl2.exe | 
"{99AF5431-E331-44C7-9EB7-E9A43268C8E1}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{A407DFBE-6308-491A-B64E-384B7C543A2A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A522FE29-ED4B-4BEF-BDF3-2EB7C526AEF9}" = protocol=17 | dir=in | app=d:\spiele\unreal\system\ut2004.exe | 
"{A6C38AA6-12E5-48D6-A530-44D465E244D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A756F059-929F-4BCC-9A62-8138C873DD06}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{AB094AEA-F9BE-4E9A-9131-4D4A4A97043D}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe | 
"{B24B8B2C-FBDD-4454-A9EB-BBFE31A4C682}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BCC17B9D-68AC-4CB0-B109-56CB6BB001BD}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\backgrounddownloader.exe | 
"{C0A40F48-0B26-450E-B0C0-F8510857A785}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{CBAA6A2E-7895-4685-B03B-361899EC55C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CFB579E1-FFEC-4B16-AF21-BFF00A547701}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{D4111019-D733-4BC1-8120-DD67B6B7CFB1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D45437B7-67D3-489A-A5CA-2E644CC5991D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D61195FC-2945-408D-A10E-4A52BF2BA896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D62FED09-3315-4F52-9D6A-394B4D773D39}" = protocol=17 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{DCE1536C-838B-4A98-9668-EF6A463D7D4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DEA6A378-A763-4166-87EE-57BBF4BA6EC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E57736FB-ECA9-4A90-AC69-09F7E74D2619}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{EF047AEC-7E3F-4CFF-8F51-22D028F583A2}" = protocol=6 | dir=in | app=d:\spiele\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{FEF4212D-D8E9-495C-9D06-E150B65AC2C8}" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawmp.exe | 
"{FF4CBEC8-DDB9-4902-9769-F89980B557D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{09623D41-3E1A-4CB7-B6AE-7FD2998E96A5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{0CCA78ED-D3BD-4949-9207-CB9C6F5D5A6E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{0CEBB3BC-F3AD-4C13-A9D8-812FC85F023E}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe | 
"TCP Query User{104FF35F-6A96-482F-98BD-1BBB8AD13A07}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe | 
"TCP Query User{17EBC1D5-1111-4C96-AA5E-950C13D63B03}D:\spiele\gotcha 2005\gotcha.exe" = protocol=6 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe | 
"TCP Query User{1CC19FF1-1BD1-43C9-A334-DA2B0CB6C46D}D:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{208F0FA8-DC0F-4A93-A510-4C21F3890D47}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe | 
"TCP Query User{20B0D85C-5188-4F53-9E95-391F4627D103}D:\spiele\world of padman\wop.exe" = protocol=6 | dir=in | app=d:\spiele\world of padman\wop.exe | 
"TCP Query User{222EE9E4-E86E-4DF1-9F58-953B53808E36}D:\spiele\gotcha 2005\gotcha.exe" = protocol=6 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe | 
"TCP Query User{357E248D-1F53-46D6-88E6-9674D0BAA63C}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe | 
"TCP Query User{370D3144-4D43-482A-A66C-02BB8D86AD07}D:\spiele\world of padman\wop.exe" = protocol=6 | dir=in | app=d:\spiele\world of padman\wop.exe | 
"TCP Query User{3D735B7D-154A-46C6-9BFE-AD849D32548B}D:\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\spiele\flatout2\flatout2.exe | 
"TCP Query User{3FCD05B5-7B92-48E5-A5AA-4EB0B4D1F813}C:\users\administrator\desktop\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\tft\war3.exe | 
"TCP Query User{46D59E5C-4B86-4348-9C06-D9A64D01211C}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe | 
"TCP Query User{4B5B8571-DFBB-4E8D-835F-72E473AE0A15}C:\users\administrator\desktop\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\tft\war3.exe | 
"TCP Query User{5181B45F-3A5E-4223-8F8E-A78D3699510A}C:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{529AFC4A-5495-43BE-8FB3-1ACABAA89204}D:\spiele\terrorist takedown 2\rungameserver.exe" = protocol=6 | dir=in | app=d:\spiele\terrorist takedown 2\rungameserver.exe | 
"TCP Query User{59980532-7040-443F-85AE-D1570883DFD5}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{599BB080-C677-4C08-B6BB-261E11F66199}D:\temp\rar$ex04.935\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex04.935\volley.exe | 
"TCP Query User{5A785B82-BCE6-40D8-A22E-77ABB0D3F211}C:\users\administrator\desktop\dlrg\wacraft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\dlrg\wacraft\war3.exe | 
"TCP Query User{5C86F235-12A3-4CAF-B89B-E1F07DAFBC51}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe | 
"TCP Query User{6C9DE1B8-A630-44C0-B169-06A24F6ACE22}D:\spiele\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe | 
"TCP Query User{74EAD64D-C797-4616-9D34-EBA88DE3A7EE}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe | 
"TCP Query User{80C8CAB4-4E26-4B9E-AB3B-E877EAE0A66C}C:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe | 
"TCP Query User{81358A51-2EFC-42FF-9874-C9E27E2A6F4D}D:\spiele\cod5\codwawmp.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwawmp.exe | 
"TCP Query User{837ABB38-7C94-4D34-961C-5AEE143C85B0}D:\spiele\rollcage\direct3d\rollcage.exe" = protocol=6 | dir=in | app=d:\spiele\rollcage\direct3d\rollcage.exe | 
"TCP Query User{839029B8-D101-4B70-8A7C-6FA4D0283967}D:\spiele\metin\metin2.bin" = protocol=6 | dir=in | app=d:\spiele\metin\metin2.bin | 
"TCP Query User{85CB6E71-F358-47D8-89DD-946420FA91D8}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{86C5C525-946E-4713-853C-A85D7225B90D}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{87535782-620E-4F51-B28C-9E6CD1C361F2}D:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe | 
"TCP Query User{883CA803-5795-415D-9434-7F097669F57E}C:\program files\blobby volley 2.0 alpha 6\blobby.exe" = protocol=6 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby.exe | 
"TCP Query User{93EFE4C3-3292-4731-ABE2-77154DA18150}D:\spiele\tft\war3.exe" = protocol=6 | dir=in | app=d:\spiele\tft\war3.exe | 
"TCP Query User{966DFE50-734C-40F4-877C-025B24DA3939}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe | 
"TCP Query User{96D0A77F-5751-46B3-8497-426DA92E0D8F}D:\temp\rar$ex00.763\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.763\volley.exe | 
"TCP Query User{993B2404-F98E-475B-ADBA-470439248D41}D:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe | 
"TCP Query User{9A289C49-D4B5-4CC3-B9D1-83095451ADF1}D:\temp\rar$ex00.498\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.498\volley.exe | 
"TCP Query User{9B325CF9-C176-48A7-95FA-DE739367682C}D:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe | 
"TCP Query User{A06F0269-F056-4CE6-8A03-16EF96BDB0C6}D:\temp\rar$ex00.600\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.600\volley.exe | 
"TCP Query User{A6BF8BAD-BCD7-40AC-83EA-8E610826EE42}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe | 
"TCP Query User{ACFC2A85-158B-47B4-BFAA-33F08697F948}D:\spiele\tft\war3.exe" = protocol=6 | dir=in | app=d:\spiele\tft\war3.exe | 
"TCP Query User{B1DDE29D-16C4-46E9-85AD-3EB2451B2B97}D:\spiele\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=d:\spiele\rollercoaster tycoon\rct.exe | 
"TCP Query User{B4001850-DA35-42FC-B063-E3545854E756}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe | 
"TCP Query User{C2373F0E-9A70-4C30-9CC0-7D71D6B3E2B9}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe | 
"TCP Query User{C47A3F9E-97A0-49ED-B41C-6B732F7036AA}C:\users\administrator\desktop\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe | 
"TCP Query User{C58F7A62-62CD-4DB0-B045-D2DE9BEEC6D1}D:\spiele\cod5\codwaw.exe" = protocol=6 | dir=in | app=d:\spiele\cod5\codwaw.exe | 
"TCP Query User{C5F7515A-D83B-4C57-8CBA-025357C8DD10}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe | 
"TCP Query User{CCBD13C1-2BBE-4C3C-A7EA-A2D73B57F562}D:\temp\rar$ex00.477\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.477\volley.exe | 
"TCP Query User{CE391ED8-560D-40DB-BA69-34C32D7C8254}D:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"TCP Query User{DC7A5B40-4D4E-4E2E-A40F-3E82635CA03A}D:\spiele\css 1\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\counter-strike source\hl2.exe | 
"TCP Query User{E6FF942E-4ACE-4D65-B177-0CEA09F39F19}D:\spiele\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe | 
"TCP Query User{EBAAF56B-445D-478E-B4AB-1382A741B93E}D:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe | 
"TCP Query User{EFA1F86E-41D7-4FCC-9111-B46EE7C3162E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F4BE6DFA-6E48-44CE-9565-D8A8BCBFA6EB}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe | 
"TCP Query User{F56411C7-2E1B-4160-A6B8-9552C751AD7C}D:\spiele\counter-strike source\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\counter-strike source\counter-strike source\hl2.exe | 
"TCP Query User{F6B6CD34-743C-4E8F-8CDC-8AC303A74141}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe | 
"TCP Query User{F8804A13-2FEE-4D60-A0CA-4070F32A4D0F}D:\temp\rar$ex00.373\volley.exe" = protocol=6 | dir=in | app=d:\temp\rar$ex00.373\volley.exe | 
"TCP Query User{F92061FA-709C-4DEC-B77B-B9237F869EBD}C:\users\administrator\desktop\css\hl2.exe" = protocol=6 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe | 
"TCP Query User{FF765F06-8019-4623-A979-B57178C68C03}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe | 
"UDP Query User{03D7C2F5-6FD2-4D55-AA62-F09F464366FB}D:\spiele\world of padman\wop.exe" = protocol=17 | dir=in | app=d:\spiele\world of padman\wop.exe | 
"UDP Query User{04102C2B-AC48-4592-8EE3-56F0A918275B}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe | 
"UDP Query User{0C2554F1-E8E1-4C9A-A7E0-5C3DE749FDF8}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe | 
"UDP Query User{114E4649-33DA-4B07-9031-C4607482C251}D:\spiele\gotcha 2005\gotcha.exe" = protocol=17 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe | 
"UDP Query User{15F065C4-9FE5-4710-B0B7-8791154DDD9D}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe | 
"UDP Query User{169FB9B1-BAC1-45BF-88A6-72960CD54210}D:\temp\rar$ex00.600\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.600\volley.exe | 
"UDP Query User{18A3D339-BB28-437E-B42B-DC4EB114278A}D:\spiele\cod5\codwawmp.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwawmp.exe | 
"UDP Query User{1C813B73-4612-48FE-82EE-43E05E0617FC}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe | 
"UDP Query User{1CE7C081-8D40-4489-BD4E-6548CDE8FA7B}D:\temp\rar$ex00.477\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.477\volley.exe | 
"UDP Query User{1EEE82B0-AD97-4F58-92DB-849DBBD5A7B3}D:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\steamapps\flash35@gmx.de\counter-strike source\hl2.exe | 
"UDP Query User{1F25BDF1-A318-4AED-BD27-028129C58F0E}D:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\freddynator\counter-strike source\hl2.exe | 
"UDP Query User{37AF2D54-F436-4AE0-9072-BC4E2BEB8E25}C:\program files\blobby volley 2.0 alpha 6\blobby.exe" = protocol=17 | dir=in | app=c:\program files\blobby volley 2.0 alpha 6\blobby.exe | 
"UDP Query User{3BE2BF15-9436-4A93-98E8-34CD7FC8AB2F}D:\spiele\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe | 
"UDP Query User{3CC254F9-E3AF-4BA6-BA71-68D5AC21E93A}D:\spiele\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css\counter-strike source\hl2.exe | 
"UDP Query User{3CD3318D-49EE-4FB6-8CCD-E5E2A11DA34A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3E485C52-2F58-4F18-BE01-A3637543F36D}D:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.539\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{3F0DC674-1ECA-4CC1-B555-BE10D5629570}D:\spiele\tft\war3.exe" = protocol=17 | dir=in | app=d:\spiele\tft\war3.exe | 
"UDP Query User{47C35876-1343-419F-9449-00D571B34570}D:\spiele\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=d:\spiele\rollercoaster tycoon\rct.exe | 
"UDP Query User{4C336680-36A8-4244-8E27-DC93EC9E692B}C:\users\administrator\desktop\dlrg\wacraft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\dlrg\wacraft\war3.exe | 
"UDP Query User{4E92FDBD-BB52-497B-B322-03D56820B42C}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe | 
"UDP Query User{4F129F99-7D8E-486D-B705-D7AE876DA754}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{55A70F23-DEA7-44BD-A155-90BD2ADDC32E}D:\spiele\cod5\codwaw.exe" = protocol=17 | dir=in | app=d:\spiele\cod5\codwaw.exe | 
"UDP Query User{561E73A0-F785-47A2-B37B-F5382EE9EE23}I:\spiele\warcraft\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\spiele\warcraft\warcraft iii\war3.exe | 
"UDP Query User{5B5B3852-B2B4-4BA8-B18A-359C0533F55B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5BEF97DB-1F6A-4C2E-9DC1-4DBE610C8BAF}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe | 
"UDP Query User{60E56DAA-09DE-4B5B-A6D8-E962AC58268F}C:\users\administrator\desktop\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe | 
"UDP Query User{646A138A-203A-4751-BD80-003B2DE7096D}C:\users\administrator\desktop\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\tft\war3.exe | 
"UDP Query User{699EC9D3-5628-417F-AE5F-36B2B46CBB74}C:\users\administrator\desktop\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\css\hl2.exe | 
"UDP Query User{6E4EA5BE-F47D-4826-8699-9C0DE38BCE8B}D:\temp\rar$ex00.763\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.763\volley.exe | 
"UDP Query User{6ED42D58-59F5-475E-8D5D-BAB59F34FF8F}D:\temp\rar$ex00.498\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.498\volley.exe | 
"UDP Query User{703B5593-5D74-4DBD-B6F9-F6FF0516A3AC}D:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\l2p5792\counter-strike source\hl2.exe | 
"UDP Query User{70C6331C-C5F0-4414-A863-87CBB65E36E9}D:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\steamapps\didok1809\counter-strike source\hl2.exe | 
"UDP Query User{76ACBA95-6BDD-47C7-9FE2-D04688F5F735}D:\temp\rar$ex04.935\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex04.935\volley.exe | 
"UDP Query User{78B1DAE3-A133-4C64-A231-7875AE5BAF67}D:\spiele\world of padman\wop.exe" = protocol=17 | dir=in | app=d:\spiele\world of padman\wop.exe | 
"UDP Query User{799BBAC8-FEF3-4C7D-B7C2-3338EA505822}D:\spiele\gotcha 2005\gotcha.exe" = protocol=17 | dir=in | app=d:\spiele\gotcha 2005\gotcha.exe | 
"UDP Query User{8046AB84-80E6-4135-B151-9CF4AE719128}D:\spiele\terrorist takedown 2\rungameserver.exe" = protocol=17 | dir=in | app=d:\spiele\terrorist takedown 2\rungameserver.exe | 
"UDP Query User{936B7D0B-2A56-49A7-9238-65846ECC5BC9}D:\spiele\css\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\css\tmnationsforever\tmforever.exe | 
"UDP Query User{B63FF232-99F5-4DF0-82BA-75BC04064E14}D:\spiele\metin\metin2.bin" = protocol=17 | dir=in | app=d:\spiele\metin\metin2.bin | 
"UDP Query User{BA4B6C1C-AAFF-4E6F-BBAE-42DC9D4B1DFD}D:\spiele\css 1\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css 1\css\counter-strike source\hl2.exe | 
"UDP Query User{C4342141-0BAB-4A84-9C57-ABAC19B22836}C:\users\administrator\desktop\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\css\hl2.exe | 
"UDP Query User{C5137E09-9933-498B-9D2E-1ED65E17CF42}D:\temp\rar$ex00.373\volley.exe" = protocol=17 | dir=in | app=d:\temp\rar$ex00.373\volley.exe | 
"UDP Query User{C54B5738-E99F-460E-9DEE-D3AF13C289D3}D:\spiele\neuer ordner\css\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\neuer ordner\css\counter-strike source\hl2.exe | 
"UDP Query User{C6B5F556-836C-41C6-BC96-54BA0568095A}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{CB851B78-6D54-4FEF-B32B-29C43428A7C5}C:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\steam\steamapps\l2p5792\day of defeat source\hl2.exe | 
"UDP Query User{CCC376D3-C96D-48D1-B471-AE38DA0F215B}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe | 
"UDP Query User{CDBAF3DD-6F55-4FFB-9D93-4B5060BEE9D7}C:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\css\hl2.exe | 
"UDP Query User{CEA79047-AF10-4BF5-A0E5-ADCFF64F337E}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe | 
"UDP Query User{CEC83323-74B2-4417-89E9-5651CD4F150A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{D2D1C439-9B0E-4858-9D02-2855C2233B57}D:\spiele\rollcage\direct3d\rollcage.exe" = protocol=17 | dir=in | app=d:\spiele\rollcage\direct3d\rollcage.exe | 
"UDP Query User{D39F65FF-6371-4AC8-B9F6-1531256CDC62}C:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{D91CC26B-8FC5-40D1-B760-0674D422AB00}D:\spiele\counter-strike source\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\counter-strike source\counter-strike source\hl2.exe | 
"UDP Query User{DA25F2C0-0733-4E58-9414-8D5FBB327F20}D:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\css online\steamapps\rambomann16\counter-strike source\hl2.exe | 
"UDP Query User{E762A71D-C88A-44DB-B77A-17E09A0F248A}D:\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\spiele\flatout2\flatout2.exe | 
"UDP Query User{ED074734-70F0-4069-A4F8-F833C177BC05}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{EDDE244E-43AB-43A0-8902-70BEDEDDD9B9}D:\spiele\tft\war3.exe" = protocol=17 | dir=in | app=d:\spiele\tft\war3.exe | 
"UDP Query User{F124A206-DBE7-404D-BE87-7C8D174A5E6F}C:\users\administrator\desktop\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\spiele lan pati\tft\war3.exe | 
"UDP Query User{F4EDF729-73E6-4645-AB63-77D5F4CD5467}D:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\spiele\tmnationsforever\tmforever.exe | 
"UDP Query User{FFCBCE62-F8B7-4686-AF99-88ADD8D22B02}C:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe" = protocol=17 | dir=in | app=c:\users\administrator\desktop\games\spiele lan pati\tft\war3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1102B81E-73F2-339C-E299-C48D7CA32441}" = Catalyst Control Center Graphics Full Existing
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14CF71FD-281E-91AD-941C-BFAA649C1E12}" = CCC Help German
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{15422767-809D-8D9C-140D-99B39C9683DA}" = Catalyst Control Center Graphics Full New
"{186DB7E2-1C55-0715-12E1-7FC473D30A4C}" = Catalyst Control Center Graphics Previews Common
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C04D433-2EDF-4AFB-B31B-C0B13065092F}" = MagicTune3.6_Client_pivot
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{394DC0BC-5476-4260-B52C-BDE1BDEFA958}" = Unreal Tournament 2004
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A1BBC38-2602-B555-24D3-942F01D8DC39}" = CCC Help English
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EADDD5A-DA5B-4314-B6A3-00BF097E14E5}" = Gladiator
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{518FAB61-275A-4977-95B0-4EB92B8FEC70}" = Atlantis Evolution
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6419FBF5-2DB7-FF43-EE67-5448F868D080}" = Catalyst Control Center Core Implementation
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FA7B446-0DE0-C883-9DB4-AC9A35D60735}" = Catalyst Control Center HydraVision Full
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A70700000002}" = Adobe Reader 7.0.7 - Deutsch
"{ACB91656-A3D1-4E5F-82F0-D3E5200F1D06}" = Skins
"{B26E49E2-9521-4677-95CB-63B117D84BD8}" = Gun Metal
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F7C6EB-B6AD-CE5E-46BD-E6DE8EBB6E5A}" = Catalyst Control Center Graphics Previews Vista
"{C8E9FBF9-6CBE-AE9B-C8AB-2C8F5E32140C}" = ccc-core-static
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB1BA2C-34DB-5947-BFFF-F52E3A542514}" = ATI Catalyst Install Manager
"{CCC66778-C62B-D147-A3AC-B6E2FAA61715}" = Fragen-Lern-CD 4.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDACB061-0C85-8A15-45C9-28415476762B}" = Catalyst Control Center Graphics Light
"{E182BF0C-B1C9-655A-0F65-1E511E8687AD}" = Catalyst Control Center Localization German
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{ECE1F718-CDFD-7A05-BDB9-4D33BFE67D9C}" = ccc-utility
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{EF5B1E83-1403-4F0E-A8E6-C169DF0CCE8C}" = LG PC Suite II
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F51D9393-BB14-4566-99BF-D6ED63AEFCD7}" = Natural Color
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}" = Catalyst Control Center InstallProxy
"4StoryDE_is1" = 4Story 3.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"aTube Catcher" = aTube Catcher
"AVery3DChristmas" = www.UselessCreations.com - A Very 3D Christmas Screensaver - Trial Version
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Brother HL-5050" = Brother HL-5050
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Deer Hunter 2005 Demo_is1" = Deer Hunter - The 2005 Season Demo
"Digitale Bibliothek" = Digitale Bibliothek
"Drakan - Order of the Flame" = Drakan - Order of the Flame
"Eintracht Frankfurt Screensave_is1" = Eintracht Frankfurt Screensave
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Funkyplot_is1" = Funkyplot 1.1.0-pre1
"Gothic" = Gothic
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"GTA2" = GTA2
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"Icy Tower_is1" = Icy Tower v1.3
"InstallShield_{3EADDD5A-DA5B-4314-B6A3-00BF097E14E5}" = Gladiator
"InstallShield_{518FAB61-275A-4977-95B0-4EB92B8FEC70}" = Atlantis Evolution
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Mediothek Biologie 1" = Mediothek Biologie 1
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Mplayer.com" = Mplayer.com
"OpenAL" = OpenAL
"Peggle" = Peggle (remove only)
"Peggle Deluxe 1.03" = Peggle Deluxe 1.03
"Peggle Nights Deluxe 1.0.3.5802" = Peggle Nights Deluxe 1.0.3.5802
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"tt2_is1" = Terrorist Takedown 2 (1.01)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.4
"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.04.2009 19:21:17 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 14.0.8064.206 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: e90  Anfangszeit: 01c9be20bcaf5cf6  Zeitpunkt
 der Beendigung: 78
 
Error - 15.04.2009 19:22:08 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 16.04.2009 05:49:10 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 17.04.2009 08:16:31 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 17.04.2009 11:38:19 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 17.04.2009 19:25:51 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 18.04.2009 06:16:15 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 18.04.2009 08:52:48 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 18.04.2009 14:00:09 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
Error - 18.04.2009 18:19:12 | Computer Name = Markus-PC | Source = SecurityCenter | ID = 3
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
 WMI herstellen, um Antivirus, AntiSpyware- und Firewallprogramme von Drittanbietern
 zu überwachen.
 
[ System Events ]
Error - 20.06.2010 08:09:43 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 24.06.2010 12:35:14 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 25.06.2010 06:59:25 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 26.06.2010 06:01:02 | Computer Name = Markus-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
 
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "C:" aus.
 
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
 
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
 
Error - 26.06.2010 06:54:03 | Computer Name = Markus-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie chkdsk auf Volume "\Device\HarddiskVolume1" aus.
 
Error - 26.06.2010 07:18:50 | Computer Name = Markus-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---

Alt 27.06.2010, 00:53   #2
hilflos17
 
MSN Virus wie ENTFERNE ich den richtig? - Standard

MSN Virus wie ENTFERNE ich den richtig?



und otl:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.06.2010 17:52:26 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Administrator\Desktop
Windows Vista Ultimate Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,08 Gb Total Space | 5,64 Gb Free Space | 7,04% Space Free | Partition Type: NTFS
Drive D: | 152,81 Gb Total Space | 21,93 Gb Free Space | 14,35% Space Free | Partition Type: NTFS
Drive E: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARKUS-PC
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Pwacyb.exe ()
PRC - C:\Users\Public\winvsrnc.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft IntelliType Pro\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - D:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Programme\RocketDock\RocketDock.exe ()
PRC - D:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
PRC - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
PRC - C:\Programme\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Programme\SEC\MagicTune3.6_Client_pivot\GammaTray.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Programme\SEC\Natural Color\NaturalColorLoad.exe ()
PRC - C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
PRC - C:\Windows\System32\BRSS01A.EXE (brother Industries Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\RocketDock\RocketDock.dll ()
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (EPGService) -- D:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (Brother XP spl Service) -- C:\Windows\System32\BRSVC01A.EXE (brother Industries Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (OemBiosDevice) -- C:\Windows\system32\drivers\royal.sys (PARADOX)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (JGOGO) -- C:\Windows\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (MagicTune) -- C:\Windows\system32\drivers\MTictwl.sys ()
DRV - (LMouFlt2) -- C:\Windows\System32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\Windows\System32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\Windows\System32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (fasttx2k) -- C:\Windows\system32\drivers\fasttx2k.sys (Promise Technology, Inc.)
DRV - (b57w2k) -- C:\Windows\System32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BrPar) -- C:\Windows\System32\drivers\BrPar.sys (Brother Industries Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ultras-frankfurt.de/index.php
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.1.11880
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CDS&o=16225&locale=en_US&apn_uid=2F26D38D-63D6-4CAC-881E-5408E4E1835F&apn_ptnrs=QQ&apn_sauid=03B80C56-FCD7-41F7-85C5-DAB50E190779&apn_dtid=YYYYYYYYDE&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Eigene Dateien\real player\browserrecord [2008.01.11 01:00:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: D:\Eigene Dateien\mozilla\components [2010.05.17 12:33:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: D:\Eigene Dateien\mozilla\plugins [2010.05.17 12:33:51 | 000,000,000 | ---D | M]
 
[2008.11.16 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.06.26 16:11:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions
[2009.08.11 02:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.26 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\y9dgbjmx.default\extensions\toolbar@ask.com
[2010.06.26 16:01:06 | 000,002,565 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\askcom.xml
[2010.06.26 16:11:09 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-1.xml
[2009.12.02 23:16:13 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-2.xml
[2010.01.13 11:46:36 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-3.xml
[2010.05.22 17:58:52 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin-4.xml
[2009.09.16 00:02:54 | 000,000,944 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\y9dgbjmx.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Eigene Dateien\real player\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPGServiceTool] D:\Program Files\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe File not found
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\Windows\Logi_MwX.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Ptipbmf] C:\Windows\System32\ptipbmf.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] D:\Eigene Dateien\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] D:\Eigene Dateien\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [Halo2] C:\Windows\System32\sshnas21.DLL ()
O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [QNB2EB90WX] D:\Temp\Pfd.exe ()
O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - D:\Spiele\Pokerstars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-4205518892-3575212097-1054857883-500\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225824457575&h=5420ffce337c03ef28ec4d2baaa6d195/&filename=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1207573559 (Image Uploader Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} hxxp://80.237.209.20/objects/NpFv415.dll (Flatcast Viewer 4.15)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\sdra64.exe) - C:\Windows\System32\sdra64.exe File not found
O24 - Desktop WallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004.11.07 01:17:15 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2004.11.06 02:20:16 | 000,023,040 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2004.11.06 02:20:16 | 000,000,115 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{1a379f08-1880-11de-a05b-001e8c848c07}\Shell\AutoRun\command - "" = J:\menu.exe -- File not found
O33 - MountPoints2\{2f5593f6-fdfd-11dd-851f-001e8c848c07}\Shell - "" = AutoRun
O33 - MountPoints2\{2f5593f6-fdfd-11dd-851f-001e8c848c07}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{47fd15d1-b7b8-11dc-9cd7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{47fd15d1-b7b8-11dc-9cd7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.EXE -- File not found
O33 - MountPoints2\{642101d5-2e3d-11dd-b386-00e018e8807c}\Shell - "" = AutoRun
O33 - MountPoints2\{642101d5-2e3d-11dd-b386-00e018e8807c}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{94c86d06-4bde-11dd-95de-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94c86d06-4bde-11dd-95de-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2004.11.06 02:20:16 | 000,023,040 | R--- | M] ()
O33 - MountPoints2\{97713dcc-0d9b-11df-ae36-001e8c848c07}\Shell\AutoRun\command - "" = F:\Menu.exe -- File not found
O33 - MountPoints2\{99a33ab7-9313-11dd-b955-001e8c848c07}\Shell - "" = AutoRun
O33 - MountPoints2\{99a33ab7-9313-11dd-b955-001e8c848c07}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2006.11.02 13:18:47 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Program Files\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{b4db1911-e061-4cc6-aab1-6fe12ea65eac} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.26 17:50:51 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.06.26 17:46:13 | 000,518,656 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2010.06.26 14:18:07 | 000,000,000 | ---D | C] -- C:\DVDVideoSoft
[2010.06.26 12:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2010.06.26 12:06:32 | 000,000,000 | ---D | C] -- C:\Programme\Messenger Plus! Live
[2010.06.24 22:14:25 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
[2010.06.08 20:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\POPWWPROFILES
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.26 17:57:42 | 007,340,032 | -HS- | M] () -- C:\Users\Administrator\ntuser.dat
[2010.06.26 17:51:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.06.26 17:47:06 | 000,000,262 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.26 17:46:23 | 000,518,656 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTM.exe
[2010.06.26 17:32:04 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.26 16:58:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 16:58:51 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.26 15:58:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.26 15:58:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.26 15:58:45 | 2146,623,488 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.26 14:57:29 | 004,501,277 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010.06.26 14:03:49 | 000,164,864 | ---- | M] () -- C:\Windows\Pwacyb.exe
[2010.06.26 12:04:16 | 000,164,864 | ---- | M] () -- C:\Windows\Pwacya.exe
[2010.06.26 12:04:14 | 000,205,824 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010.06.26 11:41:13 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\chrtmp
[2010.06.26 02:53:58 | 000,138,464 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.06.24 20:09:11 | 000,096,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.24 20:09:11 | 000,054,386 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.24 20:09:11 | 000,041,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.24 20:09:11 | 000,012,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.24 20:09:11 | 000,012,092 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.24 19:16:10 | 000,023,985 | ---- | M] () -- C:\Users\Administrator\Documents\Bodybuilding-No-2-2.jpg
[2010.06.16 20:32:40 | 000,010,761 | ---- | M] () -- C:\Windows\HCWPNP.INI
[2010.06.13 01:20:10 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010.06.08 20:29:15 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Prince of Persia Warrior Within.lnk
[2010.05.31 14:39:30 | 000,000,227 | ---- | M] () -- C:\Users\Administrator\Desktop\Half-Life 2 Lost Coast.url
[2010.05.30 20:19:40 | 000,000,227 | ---- | M] () -- C:\Users\Administrator\Desktop\Half-Life 2 Deathmatch.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.26 15:59:08 | 000,164,864 | ---- | C] () -- C:\Windows\Pwacyb.exe
[2010.06.26 12:04:44 | 000,164,864 | ---- | C] () -- C:\Windows\Pwacya.exe
[2010.06.26 12:04:30 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.26 12:04:20 | 000,000,262 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.26 12:04:14 | 000,205,824 | ---- | C] () -- C:\Windows\System32\sshnas21.dll
[2010.06.26 11:41:13 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\chrtmp
[2010.06.24 19:17:27 | 000,023,985 | ---- | C] () -- C:\Users\Administrator\Documents\Bodybuilding-No-2-2.jpg
[2010.06.08 20:29:15 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Prince of Persia Warrior Within.lnk
[2010.05.31 14:39:30 | 000,000,227 | ---- | C] () -- C:\Users\Administrator\Desktop\Half-Life 2 Lost Coast.url
[2010.05.30 20:19:40 | 000,000,227 | ---- | C] () -- C:\Users\Administrator\Desktop\Half-Life 2 Deathmatch.url
[2010.01.04 02:55:11 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.04 02:54:34 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.09.15 23:01:27 | 000,000,000 | ---- | C] () -- C:\Windows\Eintracht Frankfurt Screensave.ini
[2009.07.23 14:57:18 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.05.27 23:02:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.05.27 23:02:19 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.05.27 23:02:15 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2009.05.27 23:00:04 | 000,032,133 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.05.27 22:59:45 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.05.27 22:57:23 | 000,010,761 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.02.18 22:43:43 | 000,685,816 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.01.16 13:49:35 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008.12.01 22:46:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.07.07 07:02:14 | 000,010,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.07.07 06:47:18 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2008.07.07 06:47:11 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2008.06.02 18:56:13 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008.03.22 12:25:05 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.22 12:25:05 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.01.28 22:23:44 | 000,399,360 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2008.01.28 22:23:43 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.01.12 02:16:13 | 000,000,097 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.01.10 00:56:28 | 000,020,480 | ---- | C] () -- C:\Windows\System32\H@tKeysH@@k.DLL
[2008.01.08 17:27:13 | 000,000,507 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.31 19:35:09 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2007.12.31 19:35:09 | 000,000,040 | ---- | C] () -- C:\Windows\BRDIAG.INI
[2007.12.31 19:35:09 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\opt_5050.ini
[2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\BROHL505.INI
[2007.12.31 19:35:09 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2007.12.31 19:35:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\BRGSRC32.DLL
[2007.12.31 19:35:08 | 000,004,608 | ---- | C] () -- C:\Windows\System32\BRGSRC16.DLL
[2007.12.31 19:35:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\BROSNMP.DLL
[2007.12.31 19:35:06 | 000,011,604 | ---- | C] () -- C:\Windows\HL-5050.INI
[2007.12.31 19:35:04 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2007.12.31 19:35:03 | 000,000,453 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2007.12.31 19:35:03 | 000,000,052 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007.12.31 19:30:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Gif89.dll
[2007.12.31 19:30:41 | 000,012,062 | ---- | C] () -- C:\Windows\System32\drivers\MTiCtwl.sys
[2006.11.02 14:34:23 | 000,080,010 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2006.11.02 14:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.31 09:37:58 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2010.04.16 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Agqiv
[2008.10.20 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azihy
[2010.02.26 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2010.04.16 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haedfy
[2010.05.29 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2009.10.01 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2008.05.04 08:33:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Neqeuw
[2009.03.22 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teeworlds
[2008.02.05 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca
[2008.10.02 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\zweitgeist
[2010.06.26 14:57:52 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.26 17:47:06 | 000,000,262 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.26 17:32:04 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.26 00:07:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2009.02.14 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AdobeUM
[2010.04.16 20:21:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Agqiv
[2010.01.15 00:52:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2007.12.31 19:14:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2009.04.16 16:31:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVS4YOU
[2008.10.20 19:19:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Azihy
[2008.02.28 23:04:45 | 000,000,000 | R--D | M] -- C:\Users\Administrator\AppData\Roaming\Brother
[2010.02.26 00:10:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2008.07.24 01:28:08 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2010.03.13 18:20:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2008.01.01 02:55:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Google
[2010.04.16 20:21:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Haedfy
[2010.05.29 16:23:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2007.12.31 18:01:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2009.10.01 16:53:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\InstallShield
[2009.10.01 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\LG Electronics
[2007.12.31 19:28:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2006.11.02 14:35:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2009.01.23 12:42:07 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2008.12.09 22:51:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mIRC
[2008.11.16 18:27:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2008.05.04 08:33:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Neqeuw
[2009.12.12 02:13:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Real
[2008.02.05 20:42:27 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony Ericsson
[2010.04.27 21:26:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\teamspeak2
[2009.03.22 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teeworlds
[2008.02.05 20:47:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca
[2009.06.20 18:54:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2008.05.02 23:26:52 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2008.06.30 23:39:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xfire
[2008.10.02 14:17:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\zweitgeist
 
< %APPDATA%\*.exe /s >
[2009.01.05 20:46:54 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{FC5A7E9B-2CAC-6261-7F34-817C6547ABF3}\ARPPRODUCTICON.exe
[2010.02.22 11:51:19 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Administrator\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2010.05.30 16:28:36 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Administrator\AppData\Roaming\Real\Update\setup3.10\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 21:32:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 21:32:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USERINIT.EXE  >
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.02.18 22:43:43 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2007.12.31 17:50:19 | 007,041,024 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.12.31 17:50:16 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.12.31 17:50:19 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.12.31 17:50:30 | 016,109,568 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.12.31 17:50:32 | 006,062,080 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.12.01 22:47:29 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007.12.31 18:42:16 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >
         
--- --- ---


was soll ich jetzt tun?
wäre super wenn mir jemand helfen könnte.danke schonmal im vorraus
__________________


Alt 03.07.2010, 02:15   #3
hilflos17
 
MSN Virus wie ENTFERNE ich den richtig? - Standard

MSN Virus wie ENTFERNE ich den richtig?



also mittlerweile ist es so dass der msn virus also das verschicken von links weg ist sich jedoch immer wieder werbefenster öffnen.kann ich das iwie verhindern?
__________________

Antwort

Themen zu MSN Virus wie ENTFERNE ich den richtig?
call of duty, counter-strike source, firefox.exe, gmx.de, grand theft auto, install.exe, location, oldtimer, saver, schattenkopien, shell32.dll, studio, tower, vlc media player, windows system, windows-sicherheitscenter, world at war



Ähnliche Themen: MSN Virus wie ENTFERNE ich den richtig?


  1. Wie entferne ich den WIN32 Trojaner/Virus
    Antiviren-, Firewall- und andere Schutzprogramme - 23.02.2015 (9)
  2. Wie entferne ich den Vaudix Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2015 (3)
  3. Wie entferne ich Search Protect richtig?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2014 (21)
  4. Warscheinlich ist mein PC von einem Rootkit befallen. Wie entferne ich den und wie schütze ich mich richtig?
    Alles rund um Windows - 08.10.2013 (2)
  5. wie entferne ich den GVU Virus neuster Art?
    Log-Analyse und Auswertung - 13.01.2013 (1)
  6. Wie entferne ich den Skype Virus ?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (5)
  7. Blabbers auf meinem Rechner gefunden, wie entferne ich den richtig?
    Log-Analyse und Auswertung - 27.09.2012 (1)
  8. Gema Virus eingefangen, wie entferne ich ihn?
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (7)
  9. Wie entferne ich den Acro.dll-Virus
    Log-Analyse und Auswertung - 03.12.2011 (8)
  10. Facebook Virus - wie entferne ich ihn?
    Log-Analyse und Auswertung - 25.10.2011 (5)
  11. Wie entferne ich den Win 7 Total Security Virus ?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (24)
  12. Wie entferne ich den Virus (TR/Shutdowner.fft)
    Mülltonne - 19.12.2010 (2)
  13. Wie entferne ich den Virus (TR/Shutdowner.fft)
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (1)
  14. MSN Virus wie ENTFERNE ich den wieder?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2010 (18)
  15. Wie entferne ich diese exedatei (msn virus)
    Mülltonne - 13.06.2010 (2)
  16. Wie entferne ich den virus/Trojaner winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 20.03.2008 (25)
  17. Wie entferne ich den der Virus Trojan.Killfiles?
    Plagegeister aller Art und deren Bekämpfung - 16.07.2005 (6)

Zum Thema MSN Virus wie ENTFERNE ich den richtig? - hallo, ich hab ein ähnliches problem wie naitse91 habe einen geschickten link bekommen diesen geöffnet und auf ausführen geklickt(windows vista),seitdem wird dieser link immer wieder an meine kontaktliste geschickt und - MSN Virus wie ENTFERNE ich den richtig?...
Archiv
Du betrachtest: MSN Virus wie ENTFERNE ich den richtig? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.