Ich möchte meinen PC verkaufen deswegen wäre es schön wenn ihr den mal ebend schnell ausweten könntet:

HiJackthis Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:02:13, on 20.07.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mmrtkrnl.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Raphael\AppData\Local\ljnmjpm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Users\Raphael\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - I:\LeopardXP\FindeXer.dll (file missing)
O3 - Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Realtime Audio Engine] "mmrtkrnl.exe" /i
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ljnmjpm] "c:\users\raphael\appdata\local\ljnmjpm.exe" ljnmjpm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe (file missing)
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4 (file missing) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\System32\nvSCPAPISvr.exe

--
End of file - 6919 bytes
         

--- --- ---

Hallo

da sich anscheinend Malware auf dem System befindet, das System zudem sehr ungepflegt wirkt und du es verkaufen möchtest, kurz und schmerzlos ->
Neuinstallation

MFG

kann ich die Neuinstallation nicht auch irgendwie umgehen??

Hallo

Zitat:

kann ich die Neuinstallation nicht auch irgendwie umgehen?

klar kannst du, ist doch deine Entscheidung
Wenn du aber sicher gehen möchtest, dann verkaufst du den Rechner nur frisch formatiert

MFG

Wie kann ich Malware löschen und den pc wieder auffraümen??
neuinstallation geht nähmlich net,da keine recovery cd vorhanden oder treiber.

Hallo

Zitat:

neuinstallation geht nähmlich net,da keine recovery cd vorhanden oder treiber.

Wenn der Windowskey vorhanden ist, sollte auch die installation von CD gelingen und Treiber lassen sich i.d.R. auch aus dem Netz besorgen.

Schauen wir mal, arbeite bitte diese Anleitung ab.
Lass vom CCleaner auch die Registry bereinigen bis nix mehr gefunden wird, RSIT können wir bitte weglassen.
Poste alle anderen Logs hierher, dann sehen wir weiter.

MFG

Malwarebytes Anti-Malware funktioniert nicht.
2 Fehler:- MBAM_ERROR_EXPANDING_VARIABLES(0,9)
- MBAM_ERROR_MISSING_FILE(3,0, mbamswissarmy.sys)
Das System kann den Angegebenen Pfard nicht finden

Was soll ich machen????

Hallo

erstmal OTL ausführen und Logs hierher posten.

Zitat:

Malwarebytes Anti-Malware funktioniert nicht.

Versuch dann mal diese Anleitung abzuarbeiten

MFG

Was ist OTL??

Hallo

Zitat:

Was ist OTL??

lies doch einfach nochmal die Anleitung 1 Punkt C

Habe aber kein Windows 7 oder eine 64-Bit Version.

Hallo

ich bitte dich ja nicht umsonst...
Führe einen Scan mit OTL aus, egal wie das BS heißt

MFG

Logfile 1:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 23.07.2010 17:00:14 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,66 Gb Total Space | 304,92 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 17,56 Gb Free Space | 87,86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RAPHAEL-PC
Current User Name: Raphael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Raphael\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Raphael\AppData\Local\ljnmjpm.exe ()
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Safari\Safari.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Raphael\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe File not found
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoogleDesktopManager-110309-193829) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (Stereo Service) -- C:\Windows\System32\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (MMRTKRNL) -- C:\Windows\system32\drivers\mmrtkrnl.sys (AlcaTech)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com File not found
 
[2010.05.17 19:37:55 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\extensions
[2010.05.17 19:37:56 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.06.27 14:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raphael\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - I:\LeopardXP\FindeXer.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Realtime Audio Engine] C:\Windows\System32\mmrtkrnl.exe (AlcaTech)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ljnmjpm] c:\users\raphael\appdata\local\ljnmjpm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\Windows\Resources\Themes\LeopardXP\LeopardXP.msstyles File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Raphael\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{758231ab-87fd-11dd-ba34-0015af726fcd}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{a6dad563-a500-11dd-a77d-0015af726fcd}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{d4721310-5fea-11de-bafe-001d92b5b81b}\Shell\AutoRun\command - "" = I:\avira.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.23 16:54:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2010.07.22 12:59:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.22 12:59:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.22 12:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.22 12:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.22 12:03:00 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Documents\Updater5
[2010.07.21 20:06:32 | 001,826,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SkyTel.exe
[2010.07.21 20:06:32 | 001,773,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.07.21 20:06:32 | 001,196,032 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlUpd.exe
[2010.07.21 20:06:32 | 000,532,480 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.07.21 20:06:32 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.07.21 20:06:32 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.07.21 20:06:32 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.07.21 20:06:32 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.07.21 20:06:31 | 002,098,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.07.21 20:06:31 | 000,694,272 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.07.21 20:06:30 | 006,111,232 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010.07.21 20:06:30 | 001,929,216 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.07.21 20:06:30 | 000,285,216 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.07.21 20:06:30 | 000,155,648 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.07.21 20:06:30 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.07.21 20:06:29 | 000,140,288 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2010.07.21 20:06:28 | 000,520,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.07.21 08:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2010.07.21 08:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2010.07.21 08:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Toolkit Suite
[2010.07.21 08:48:39 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Fighters
[2010.07.21 08:48:38 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\PackageAware
[2010.07.20 14:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.07.20 12:13:28 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\TeamViewer
[2010.07.12 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\Raphael\Documents\ICQ
[2010.07.06 16:56:53 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010.07.06 16:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.07.06 16:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.07.06 16:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010.07.04 12:59:45 | 000,000,000 | ---D | C] -- C:\Sierra
[2010.07.04 11:29:16 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\Audio Recorder for Free
[2010.06.29 21:06:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010.06.29 15:32:08 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.28 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\MigWiz
[2010.06.27 20:56:22 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2010.06.26 19:36:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.06.26 14:14:56 | 000,000,000 | ---D | C] -- C:\Users\Raphael\AppData\Local\Stardock
[2010.06.26 13:01:05 | 000,000,000 | ---D | C] -- C:\Windows\BricoPacks
[2010.06.25 14:17:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 14:17:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 14:17:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.24 13:21:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.24 13:21:33 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.23 17:01:34 | 000,001,544 | ---- | M] () -- C:\Users\Raphael\AppData\Local\ljnmjpm_navps.dat
[2010.07.23 17:01:07 | 000,003,403 | ---- | M] () -- C:\Users\Raphael\AppData\Local\ljnmjpm.dat
[2010.07.23 17:00:54 | 004,194,304 | -HS- | M] () -- C:\Users\Raphael\NTUSER.DAT
[2010.07.23 17:00:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D762C80B-0833-4074-98C0-D5E095D75440}.job
[2010.07.23 16:54:39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Raphael\Desktop\OTL.exe
[2010.07.23 16:52:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.23 16:51:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.23 14:44:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.23 14:41:43 | 000,002,058 | ---- | M] () -- C:\Users\Raphael\AppData\Roaming\wklnhst.dat
[2010.07.23 14:21:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 14:21:48 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.23 12:27:33 | 001,568,228 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.23 12:27:33 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.23 12:27:33 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.23 12:27:33 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.23 12:27:33 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.23 12:27:06 | 000,000,092 | ---- | M] () -- C:\Users\Raphael\AppData\Local\gysuyww.bat
[2010.07.23 12:24:08 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.07.23 12:21:48 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.23 12:12:18 | 000,524,288 | -HS- | M] () -- C:\Users\Raphael\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.07.23 12:12:18 | 000,065,536 | -HS- | M] () -- C:\Users\Raphael\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.07.23 10:50:11 | 001,836,077 | -H-- | M] () -- C:\Users\Raphael\AppData\Local\IconCache.db
[2010.07.22 18:07:12 | 000,248,324 | ---- | M] () -- C:\Users\Raphael\AppData\Local\ljnmjpm_nav.dat
[2010.07.22 12:59:11 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 21:16:08 | 000,000,000 | -H-- | M] () -- C:\Users\Raphael\Documents\Default.rdp
[2010.07.21 20:06:34 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.07.20 15:07:51 | 000,007,592 | ---- | M] () -- C:\Users\Raphael\AppData\Local\d3d9caps.dat
[2010.07.20 14:34:58 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.07.20 13:00:02 | 000,001,659 | ---- | M] () -- C:\Users\Raphael\Desktop\Command Prompt.lnk
[2010.07.20 10:38:13 | 000,009,728 | ---- | M] () -- C:\Users\Raphael\Documents\COD Server.wps
[2010.07.18 17:50:37 | 000,516,096 | ---- | M] () -- C:\Users\Raphael\AppData\Local\ljnmjpm.exe
[2010.07.12 17:30:32 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2010.07.12 17:30:32 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2010.07.12 17:30:32 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2010.07.06 16:56:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.04 13:01:55 | 000,001,597 | ---- | M] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2010.07.04 12:59:45 | 000,000,218 | ---- | M] () -- C:\Windows\SIERRA.INI
[2010.06.27 14:20:54 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.26 14:11:32 | 000,008,379 | ---- | M] () -- C:\Windows\BricoPackFoldersDelete.cmd
[2010.06.26 14:11:28 | 000,118,071 | ---- | M] () -- C:\Windows\BricoPackUninst.cmd
[2010.06.26 13:48:43 | 003,936,310 | ---- | M] () -- C:\Windows\BricoPack Wallpaper.bmp
 
========== Files Created - No Company Name ==========
 
[2010.07.22 12:59:11 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.21 21:16:08 | 000,000,000 | -H-- | C] () -- C:\Users\Raphael\Documents\Default.rdp
[2010.07.20 14:34:58 | 000,001,696 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.07.20 13:00:02 | 000,001,659 | ---- | C] () -- C:\Users\Raphael\Desktop\Command Prompt.lnk
[2010.07.19 20:37:59 | 000,009,728 | ---- | C] () -- C:\Users\Raphael\Documents\COD Server.wps
[2010.07.18 17:50:38 | 000,248,324 | ---- | C] () -- C:\Users\Raphael\AppData\Local\ljnmjpm_nav.dat
[2010.07.18 17:50:38 | 000,003,403 | ---- | C] () -- C:\Users\Raphael\AppData\Local\ljnmjpm.dat
[2010.07.18 17:50:38 | 000,001,492 | ---- | C] () -- C:\Users\Raphael\AppData\Local\ljnmjpm_navps.dat
[2010.07.18 17:50:37 | 000,516,096 | ---- | C] () -- C:\Users\Raphael\AppData\Local\ljnmjpm.exe
[2010.07.06 16:56:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.07.04 13:22:12 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010.07.04 13:22:12 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010.07.04 13:22:12 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010.07.04 13:01:55 | 000,001,597 | ---- | C] () -- C:\Users\Public\Desktop\Empire Earth.lnk
[2010.06.27 20:56:22 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010.06.27 14:20:54 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.26 14:11:31 | 000,118,071 | ---- | C] () -- C:\Windows\BricoPackUninst.cmd
[2010.06.26 13:48:43 | 003,936,310 | ---- | C] () -- C:\Windows\BricoPack Wallpaper.bmp
[2010.06.26 13:44:18 | 000,008,379 | ---- | C] () -- C:\Windows\BricoPackFoldersDelete.cmd
[2010.05.11 20:32:38 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.04.27 13:43:11 | 000,204,857 | ---- | C] () -- C:\Windows\System32\InstallHelp.dll
[2010.04.21 16:18:36 | 000,000,211 | ---- | C] () -- C:\Windows\Muma2000.INI
[2010.04.21 16:16:49 | 000,000,094 | ---- | C] () -- C:\Windows\MAGIX.ini
[2010.04.07 17:25:44 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2009.10.20 10:22:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.06.10 06:31:04 | 000,089,088 | ---- | C] () -- C:\Windows\System32\nvimage.dll
[2009.05.08 14:20:08 | 000,000,271 | ---- | C] () -- C:\Windows\mousing.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.20 20:05:13 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.08.20 19:54:03 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2008.08.07 17:54:54 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.04.01 15:13:07 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.04.01 15:13:06 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.03.31 12:55:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.08.06 13:49:23 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\AlcaTech
[2010.06.26 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Any Video Converter
[2008.08.08 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Atari
[2010.05.14 12:28:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Audio Record Edit Toolbox
[2010.07.04 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Audio Recorder for Free
[2008.08.06 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Buhl Data Service GmbH
[2010.05.22 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\CoSoSys
[2010.04.07 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\COWON
[2010.01.22 14:19:35 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Desktopicon
[2010.06.29 15:32:08 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.20 20:38:07 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\EPSON
[2010.07.21 08:48:39 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Fighters
[2010.07.23 16:58:08 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\ICQ
[2010.06.06 16:26:21 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Mount&Blade Warband
[2010.04.07 17:32:01 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\NCH Swift Sound
[2010.03.23 15:44:49 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Opera
[2010.04.07 17:37:26 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Sony
[2009.09.04 18:27:07 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\streamripper
[2010.07.20 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\TeamViewer
[2009.05.18 19:00:57 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Teeworlds
[2008.10.03 09:48:50 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Template
[2010.06.28 18:33:58 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Ulead Systems
[2009.10.20 11:23:56 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Uniblue
[2010.01.15 21:20:52 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Warsow 0.5
[2010.05.03 19:08:18 | 000,000,000 | ---D | M] -- C:\Users\Raphael\AppData\Roaming\Youtube Downloader HD
[2010.07.23 12:12:14 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.07.23 17:00:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D762C80B-0833-4074-98C0-D5E095D75440}.job
 
========== Purity Check ==========
 
 
< End of report >
         

--- --- ---



Logfile 2:
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 23.07.2010 17:00:14 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Raphael\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,66 Gb Total Space | 304,92 Gb Free Space | 68,42% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 17,56 Gb Free Space | 87,86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RAPHAEL-PC
Current User Name: Raphael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF82C00-183E-476C-80DC-ABF80635FF4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3B9FF56C-35FA-4248-8B86-18B350E8A201}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{450DB06B-31CA-4BB3-A840-8BE291F959E5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{56FC21CC-9E24-4E34-902C-60A13C9353A8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6ED3E88E-A4DE-4564-942E-D744A52C7876}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8E6402A8-D69F-4F1F-AB3A-0C10338D6776}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{990A6A6B-95CB-4FE4-83F7-EF46E98D6C49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{B982E647-4D2F-409F-845F-593B5C3BE563}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C28FCB17-C284-430A-AD61-31A1E10B6C12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E52881EB-0DEF-4C84-8F7E-093F9B512932}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{116073AF-7FF3-484B-8D36-6F59BF357B8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1273786A-FCF3-4065-B03E-5FEE4F721CCD}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | 
"{15DF92F9-6C72-4CAB-9B7A-B7BFAEC8C2FC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{1906FC9B-4D17-439B-9186-FD9685991CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{19899320-0796-4271-ACC4-DF5F06C21B44}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{1A1D9FCA-396B-4F65-A980-D83153016B44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{213A84AD-B1D4-43F6-9874-00A89AF1131C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{28DA01B3-32D2-493B-A07D-C85189EF36D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{28F16DB3-A334-4C06-841D-222D058E0FAD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{303E5D0F-41C3-489A-A52C-C6E1EF74DAD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{36BF0AB8-EFA2-41A1-826A-E542DC44DA97}" = protocol=6 | dir=out | app=system | 
"{37B01B91-0FBA-4E04-A69A-D37D2478A79B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3935B333-5845-459D-978F-47553D15D184}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4F21FFF4-B2B2-4FDE-87F7-F8264B7D643E}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{508819EE-8C0E-4811-9F81-19BFA18281EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{52BF1346-DFD5-4529-8779-796C68D56579}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{55C2F5AD-C40A-4CED-A818-F9AF0CBFC5C2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{56019E20-0275-4696-9E16-5B9248FE97D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{66C9D839-B9E3-4A05-8724-91638AC17EA4}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{6E7A2EA3-D2AF-4FAD-AF80-A5D8AA4B6F06}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7FAA4A7E-470F-4775-91FE-E4CC35BE89C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83176666-185A-4014-8152-2B23C109B985}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{897802FC-C0E6-4A4F-B552-F60FB947091A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8FAB9E00-1AF7-4EDD-AEA0-66135BB09B53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A299DBD5-E2D4-4753-9F6A-FDD2CD253F8A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{A325A5D2-B5CA-4501-A298-943F901991F7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{BD5EAEA5-2B2F-49AA-A1D0-E1F02CD70996}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C4A8006A-C1CE-4DE4-8D43-3E8BD419A76E}" = protocol=17 | dir=in | app=c:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe | 
"{CD4ECBAD-F00A-4296-BB23-AD7620860DFA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D51B741C-B7F5-4FC3-BCB8-47FFCAAC9247}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{E23F131B-05CA-4B44-933E-BEA8E3CE1634}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E3F65D02-9549-4DA5-9640-02904530F758}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EAA65814-557C-4970-A2E9-47124A062E4E}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe | 
"{EE4A4D74-FE7A-41B7-AA8E-FBF4920FAEE2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F66A24D0-580F-4394-A9D0-ED853879C2D4}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FC3CC0A6-F80B-4603-A847-330DAA9BE3C8}" = protocol=6 | dir=in | app=c:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe | 
"{FFEAF8AC-9460-4579-BA76-F0B2F257E8E8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{0912E483-7484-4DC8-B57E-D577DEA516C3}C:\program files\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=c:\program files\cs\cts bots\cstrike.exe | 
"TCP Query User{14B91DBE-E5B6-465D-A7A5-54605E35BC97}I:\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=i:\cs\cts bots\cstrike.exe | 
"TCP Query User{291CC19B-D056-402A-8DBF-EF0A59D1BFBD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{2C58B56E-4B39-4BE1-9795-B28BAC513E6C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{3C2778A5-EB20-4DC7-A51C-2CEEC56C335F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{3C8BBA1B-9ABD-4D32-8C79-CBDDD18E4838}C:\users\raphael\cs\cts bots\hlds.exe" = protocol=6 | dir=in | app=c:\users\raphael\cs\cts bots\hlds.exe | 
"TCP Query User{42A633BF-BDC5-407F-A9F9-41C7335534AC}C:\users\raphael\cs\cts bots\hltv.exe" = protocol=6 | dir=in | app=c:\users\raphael\cs\cts bots\hltv.exe | 
"TCP Query User{455F41DD-9A32-4419-B4D0-18C37A51A199}C:\users\raphael\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{4A040D6A-DE29-4DEE-9ABE-F4FE60E1C3AA}C:\users\raphael\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe | 
"TCP Query User{5AE4511B-FAD6-44E7-9F88-11692065E16F}C:\users\raphael\saved games\microsoft games\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=c:\users\raphael\saved games\microsoft games\cs\cts bots\cstrike.exe | 
"TCP Query User{6407E3D9-04C9-4198-BCF9-D835F8EC599F}C:\program files\safari\safari.exe" = protocol=6 | dir=in | app=c:\program files\safari\safari.exe | 
"TCP Query User{679FF2A2-8802-47A0-912A-9EE9D8BFF10B}C:\program files\warsow 0.5\warsow_x86.exe" = protocol=6 | dir=in | app=c:\program files\warsow 0.5\warsow_x86.exe | 
"TCP Query User{6F0A5EAD-6F41-4096-A8A0-5B2BC99731B0}C:\users\raphael\desktop\hd dvd-rom-laufwerk\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=c:\users\raphael\desktop\hd dvd-rom-laufwerk\cs\cts bots\cstrike.exe | 
"TCP Query User{77DEED52-698D-4CFF-931B-9053F98854E8}C:\users\raphael\saved games\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=c:\users\raphael\saved games\cs\cts bots\cstrike.exe | 
"TCP Query User{79A6605C-17B7-40D7-80FD-A06491E4E07E}C:\users\raphael\saved games\cs\cts bots\hltv.exe" = protocol=6 | dir=in | app=c:\users\raphael\saved games\cs\cts bots\hltv.exe | 
"TCP Query User{826DC100-9803-4F2A-9140-62BE2B49DD90}C:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe" = protocol=6 | dir=in | app=c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe | 
"TCP Query User{865EECAF-15E9-401A-927F-BD5B99719192}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe | 
"TCP Query User{9A2672E4-918B-498E-9257-8EB41ED027AD}C:\users\raphael\saved games\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\users\raphael\saved games\call of duty\codmp.exe | 
"TCP Query User{9E50E19D-F3FB-4059-841D-CC214B35546B}C:\users\raphael\downloads\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\raphael\downloads\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"TCP Query User{A0F4529F-C18D-4947-A6AC-194641797D8F}C:\program files\pyro studios\imperial glory\imperialglory.exe" = protocol=6 | dir=in | app=c:\program files\pyro studios\imperial glory\imperialglory.exe | 
"TCP Query User{A5AABFD1-4287-4A82-A00E-B18D1D42262E}C:\program files\jowood\spellforce\spellforce.exe" = protocol=6 | dir=in | app=c:\program files\jowood\spellforce\spellforce.exe | 
"TCP Query User{AF4BA39A-3EA9-438E-BC45-718E9FFCAE1F}C:\users\raphael\cs\cts bots\cstrike.exe" = protocol=6 | dir=in | app=c:\users\raphael\cs\cts bots\cstrike.exe | 
"TCP Query User{B80B45AA-219F-4DCC-9D28-07E596034081}C:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe | 
"TCP Query User{B8255CED-12EF-48A3-A99F-CFCC10C84120}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{BB0BF5EA-40A5-490E-A573-7C3A0C77063E}I:\call of duty\codmp.exe" = protocol=6 | dir=in | app=i:\call of duty\codmp.exe | 
"TCP Query User{E049D464-F11D-4F19-BE61-F403F4B570D1}C:\program files\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=6 | dir=in | app=c:\program files\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"TCP Query User{E213119F-00EC-4F00-898A-2EE3585E3559}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe | 
"TCP Query User{EA041DED-B5E8-4FC6-AC10-68E0CF5396B3}I:\cs\cts bots\hltv.exe" = protocol=6 | dir=in | app=i:\cs\cts bots\hltv.exe | 
"TCP Query User{ED2F2597-3420-4622-BECF-6C352A3205AB}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{FB88CD83-1E26-4C16-A180-1DD43961C694}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{0A4A766D-E729-456B-9B5E-62FD09309D00}C:\users\raphael\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\teeworlds-0.5.2-win32\teeworlds_srv.exe | 
"UDP Query User{1278010B-2DF1-4E6D-BA61-63F4CC89A2F5}C:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\blue byte\die siedler - das erbe der könige - gold edition\bin\settlershok.exe | 
"UDP Query User{2CDA3F0B-9B23-4FED-8238-F40FD1AD7168}C:\program files\jowood\spellforce\spellforce.exe" = protocol=17 | dir=in | app=c:\program files\jowood\spellforce\spellforce.exe | 
"UDP Query User{2E9323FF-7EE7-4311-8110-921AFDA97CCE}C:\users\raphael\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{330BB61C-0614-4BDF-BB1D-9366270C83D7}C:\users\raphael\desktop\hd dvd-rom-laufwerk\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=c:\users\raphael\desktop\hd dvd-rom-laufwerk\cs\cts bots\cstrike.exe | 
"UDP Query User{43D0B491-46CA-47A0-94B4-D00CFB399031}C:\users\raphael\saved games\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\users\raphael\saved games\call of duty\codmp.exe | 
"UDP Query User{4534A116-5B66-44D2-BF4A-AC180E8369EE}C:\program files\warsow 0.5\warsow_x86.exe" = protocol=17 | dir=in | app=c:\program files\warsow 0.5\warsow_x86.exe | 
"UDP Query User{524423BA-0FB1-431C-8DB5-4A0865E714C2}C:\users\raphael\saved games\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=c:\users\raphael\saved games\cs\cts bots\cstrike.exe | 
"UDP Query User{84C16C15-023D-478B-8D8E-5FC9A1CCAF26}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{919952EB-DBF6-4367-A1A7-EF81252750A2}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{A053D51E-30ED-4093-A3BB-32B8B43E7F15}C:\users\raphael\saved games\microsoft games\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=c:\users\raphael\saved games\microsoft games\cs\cts bots\cstrike.exe | 
"UDP Query User{A9925B4A-351A-4F10-A7B1-7FB0294D28D5}I:\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=i:\cs\cts bots\cstrike.exe | 
"UDP Query User{ADA7DA9B-D424-4AE6-A6B0-2837B33123EE}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{BFADD87A-4F42-4C1D-A060-56291DE4E60F}C:\users\raphael\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=c:\users\raphael\cs\cts bots\cstrike.exe | 
"UDP Query User{C120C1DD-BA48-4D4F-8E8F-737921B4EC3D}C:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe" = protocol=17 | dir=in | app=c:\program files\sixteen tons entertainment\gotcha! demo\gotchademo.exe | 
"UDP Query User{C8C6CB61-62F4-4679-AB8D-A4ED6D5497AC}I:\cs\cts bots\hltv.exe" = protocol=17 | dir=in | app=i:\cs\cts bots\hltv.exe | 
"UDP Query User{C9091D58-584F-4380-85B9-1E37C457C622}C:\users\raphael\downloads\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\raphael\downloads\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe | 
"UDP Query User{C9A3A05D-F537-490D-B8D5-0277D653618B}C:\users\raphael\cs\cts bots\hltv.exe" = protocol=17 | dir=in | app=c:\users\raphael\cs\cts bots\hltv.exe | 
"UDP Query User{D6E8112F-3E5C-4C81-B001-B63C5558DBE9}C:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\raphael\saved games\call of duty 4 an heeke (simon)\iw3mp.exe | 
"UDP Query User{D971E3C5-BE81-4086-B213-ECFDBF997A77}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D9FF76EF-51F1-4C50-A308-565B7CB2F372}C:\program files\safari\safari.exe" = protocol=17 | dir=in | app=c:\program files\safari\safari.exe | 
"UDP Query User{DC587643-0C4D-4A9D-80A3-AD1D4861BFA7}C:\program files\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe" = protocol=17 | dir=in | app=c:\program files\phenomedia\moorhuhn kart 3 demo\game\moorhuhn_kart3.exe | 
"UDP Query User{DD950AF7-A413-45B0-B112-82E57547A608}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{E7200818-FBA8-417D-BBB8-1372EAE2F294}C:\program files\cs\cts bots\cstrike.exe" = protocol=17 | dir=in | app=c:\program files\cs\cts bots\cstrike.exe | 
"UDP Query User{E939D663-0539-4DC6-8B13-225FA48D14AD}C:\users\raphael\saved games\cs\cts bots\hltv.exe" = protocol=17 | dir=in | app=c:\users\raphael\saved games\cs\cts bots\hltv.exe | 
"UDP Query User{EECC93B4-240E-4487-8C85-21036FAEBBC6}C:\program files\pyro studios\imperial glory\imperialglory.exe" = protocol=17 | dir=in | app=c:\program files\pyro studios\imperial glory\imperialglory.exe | 
"UDP Query User{EF1F5584-F154-4C3C-96B9-A0AFD61B1A4E}C:\program files\wolfenstein - enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\etded.exe | 
"UDP Query User{F871DB41-51DD-4345-ACE0-88CDE7D79F26}C:\users\raphael\cs\cts bots\hlds.exe" = protocol=17 | dir=in | app=c:\users\raphael\cs\cts bots\hlds.exe | 
"UDP Query User{FA7B66D5-91CC-4E3E-9CB0-0ACA8BBD500A}I:\call of duty\codmp.exe" = protocol=17 | dir=in | app=i:\call of duty\codmp.exe | 
"UDP Query User{FD5354B9-2D31-41F8-9842-0CF3E38BDF79}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{75E607CF-7BAE-4B88-84B3-97F3DF44BA28}" = FEARCombat
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9919E625-F1EC-4945-AC40-83BEE74B78CC}" = 
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FFFDEC7F-B24F-4C40-8639-7702671B8D67}_is1" = NS Virtual DJ 6.0 Full
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gysuyww" = Favorit
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.12.2009 13:25:59 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2009 01:44:55 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2009 09:06:29 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2009 14:02:35 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.12.2009 14:14:15 | Computer Name = Raphael-PC | Source = Application Hang | ID = 1002
Description = Programm FreeYouTubeToMP3Converter.exe, Version 3.2.3.67 arbeitet 
nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf
 im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
 über das Problem zu suchen.  Prozess-ID: 145c  Anfangszeit: 01ca737a65c9a2b0  Zeitpunkt
 der Beendigung: 62
 
Error - 03.12.2009 01:39:35 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2009 09:07:56 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2009 12:43:49 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2009 13:38:27 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.12.2009 14:24:22 | Computer Name = Raphael-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 20.07.2010 02:31:51 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 20.07.2010 10:57:16 | Computer Name = Raphael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 20.07.2010 um 16:29:16 unerwartet heruntergefahren.
 
Error - 20.07.2010 14:00:15 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.07.2010 02:27:47 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 21.07.2010 14:14:49 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.07.2010 03:57:06 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.5 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.07.2010 12:05:03 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 22.07.2010 15:21:27 | Computer Name = Raphael-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.07.2010 um 20:07:35 unerwartet heruntergefahren.
 
Error - 22.07.2010 15:21:32 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.3 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 23.07.2010 04:02:47 | Computer Name = Raphael-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 001D92B5B81B wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >
         

--- --- ---

Hallo

Löschen mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - C:\Users\Raphael\AppData\Local\ljnmjpm.exe ()
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (AVFSFilter) -- C:\Windows\System32\DRIVERS\avfsfilter.sys File not found
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - I:\LeopardXP\FindeXer.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [ljnmjpm] c:\users\raphael\appdata\local\ljnmjpm.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = C:\Windows\Resources\Themes\LeopardXP\LeopardXP.msstyles File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O33 - MountPoints2\{758231ab-87fd-11dd-ba34-0015af726fcd}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{a6dad563-a500-11dd-a77d-0015af726fcd}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{d4721310-5fea-11de-bafe-001d92b5b81b}\Shell\AutoRun\command - "" = I:\avira.exe -- File not found


:services
:files
C:\Users\Raphael\AppData\Local\gysuyww.bat
C:\Users\Raphael\AppData\Local\ljnmjpm_nav.dat
C:\Users\Raphael\AppData\Local\d3d9caps.dat
C:\Users\Raphael\AppData\Local\ljnmjpm.exe
C:\Users\Raphael\AppData\Local\ljnmjpm.dat
C:\Users\Raphael\AppData\Local\ljnmjpm_navps.dat


:reg
:Commands
[purity]
[emptytemp]
[reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• Klick auf .
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Anschließend versuche erneut Malwarebytes laufen zu lassen, sollte das nicht funktionieren versuche es nach dieser Anleitung.

MFG

All processes killed
========== OTL ==========
No active process named ljnmjpm.exe was found!
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File C:\Windows\System32\DRIVERS\ipinip.sys File not found not found.
Error: No service named AVFSFilter was found to stop!
Service\Driver key AVFSFilter not found.
File C:\Windows\System32\DRIVERS\avfsfilter.sys File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ljnmjpm not found.
File c:\users\raphael\appdata\local\ljnmjpm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SetVisualStyle not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CDAFD956-97BE-443D-8EF7-F4F094EB5766}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDAFD956-97BE-443D-8EF7-F4F094EB5766}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{758231ab-87fd-11dd-ba34-0015af726fcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{758231ab-87fd-11dd-ba34-0015af726fcd}\ not found.
File I:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6dad563-a500-11dd-a77d-0015af726fcd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6dad563-a500-11dd-a77d-0015af726fcd}\ not found.
File I:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4721310-5fea-11de-bafe-001d92b5b81b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4721310-5fea-11de-bafe-001d92b5b81b}\ not found.
File I:\avira.exe not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Users\Raphael\AppData\Local\gysuyww.bat moved successfully.
File\Folder C:\Users\Raphael\AppData\Local\ljnmjpm_nav.dat not found.
File\Folder C:\Users\Raphael\AppData\Local\d3d9caps.dat not found.
File\Folder C:\Users\Raphael\AppData\Local\ljnmjpm.exe not found.
File\Folder C:\Users\Raphael\AppData\Local\ljnmjpm.dat not found.
File\Folder C:\Users\Raphael\AppData\Local\ljnmjpm_navps.dat not found.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Raphael
->Temp folder emptied: 97368 bytes
->Temporary Internet Files folder emptied: 2252801 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 10166272 bytes
->Flash cache emptied: 29227 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08082010_105436

Files\Folders moved on Reboot...

Registry entries deleted on Reboot..





Malwarebytes funktioniert immer noch nicht.