Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus Backdoor

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.12.2010, 18:51   #1
bugbugbug
Gesperrt
 
Virus Backdoor - Ausrufezeichen

Virus Backdoor



Hallo ich habe eine problem bei mir öffen sich ständig der Internet explorer
mein pc stürzt einfach ab ich habe was runtergeladen und danach hatte ich den virus

Hier mein Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:32, on 20.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Users\*****\AppData\Local\Temp\Omx.exe
C:\Windows\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Onyhab.exe
C:\Users\*****\AppData\Local\Temp\Rar$EX00.524\HijackThis.exe
C:\Users\*****\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} -

C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -

C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file

missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: (no name) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program

Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program

Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program

Files\Stopzilla!\Toolbar\SZSG.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll

(file missing)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -

C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search

Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\*****\AppData\Local\Temp\Omx.exe
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKLM\..\Policies\Explorer\Run: [9rogj] C:\Users\*****\AppData\Local\Temp\8k95w6t.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User

'Default user')
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -

hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3

\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program

Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-

2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D59A61CF-2D8B-4DE7-B383-8AD9D9114525}: NameServer =

213.73.91.35,62.2.100.201
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: juaw98rajewifhausihuggdd - {B1B220C1-A503-59BD-F413-02B53A2C8954}

- (no file)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner -

C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application

Updater\ApplicationUpdater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!

DSL\IGDCTRL.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -

C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common

Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation -

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 11178 bytes

Alt 20.12.2010, 20:46   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Schon wieder ein anderer Rechner?

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.12.2010, 16:13   #3
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



HIER DIE OTL LOGS: Nr 1OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.12.2010 16:02:16 - Run 3
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,91 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\AppData\Local\Temp\Om2.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Windows\Onyhab.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Users\****\AppData\Local\Temp\Omx.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.20 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.07.19 12:46:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.18 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com-trash
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.20 18:40:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.20 00:36:37 | 000,000,068 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\****\AppData\Roaming\Myoq\ywyhp.exe (Avira GmbH)
O4 - HKCU..\Run: [JP595IR86O] C:\Users\****\AppData\Local\Temp\Omx.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {B1B220C1-A503-59BD-F413-02B53A2C8954} - juaw98rajewifhausihuggdd - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Myoq
[2010.12.20 20:15:40 | 000,163,840 | ---- | C] (Avira GmbH) -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:33:51 | 000,223,744 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhab.exe
[2010.12.20 00:28:14 | 000,223,744 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhaa.exe
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\updates
[2010.12.20 00:27:51 | 000,325,632 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\sshnas21.dll
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.21 16:06:17 | 009,699,328 | -HS- | M] () -- C:\Users\****\ntuser.dat
[2010.12.21 16:04:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.21 16:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.21 15:57:24 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.21 15:57:16 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.21 15:57:16 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.21 15:57:16 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.21 15:57:16 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.21 15:57:16 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.21 15:55:05 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.21 15:50:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.21 15:50:48 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 15:50:48 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 15:50:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.21 15:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.21 15:50:28 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.21 15:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 15:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 15:49:18 | 003,004,107 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.12.21 15:25:42 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.21 15:25:42 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:15:40 | 000,163,840 | ---- | M] (Avira GmbH) -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ****.job
[2010.12.20 19:48:19 | 000,082,944 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\****\AppData\Local\Uwami.bin
[2010.12.20 00:36:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.20 00:28:10 | 000,223,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhab.exe
[2010.12.20 00:27:52 | 000,325,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\sshnas21.dll
[2010.12.20 00:27:52 | 000,223,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhaa.exe
[2010.12.20 00:27:49 | 000,030,000 | ---- | M] () -- C:\Windows\System32\if86lp.dll
[2010.12.20 00:27:46 | 000,064,000 | ---- | M] () -- C:\Windows\System\dwm.exe
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.12.04 00:15:57 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.04 00:15:50 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.04 00:15:09 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,752,192 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\Uwami.bin
[2010.12.20 00:33:48 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.20 00:27:59 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.20 00:27:57 | 000,000,248 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.20 00:27:49 | 000,030,000 | ---- | C] () -- C:\Windows\System32\if86lp.dll
[2010.12.20 00:27:48 | 000,064,000 | ---- | C] () -- C:\Windows\System\dwm.exe
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
         
--- --- ---
__________________

Alt 21.12.2010, 16:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Ich wollte erst den Vollscan mit mbam sehen...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.12.2010, 16:16   #5
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



OTL LOG : Nr 2OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.12.2010 16:02:16 - Run 3
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,91 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3150804105-3559284404-3918947858-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059F915C-36DD-4900-ABDB-7C3368EB49A3}" = lport=51970 | protocol=6 | dir=in | name=51970 | 
"{09B0FCC5-BA96-4AD5-819D-20426DC3861D}" = lport=3889 | protocol=6 | dir=in | name=3889 | 
"{0C0F902B-BFFE-42AA-8244-63A4FEBD94A3}" = lport=6883 | protocol=6 | dir=in | name=6883 | 
"{0D7DD56A-3021-4D39-914E-217C0E00CA37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{1F1AE682-A9BB-4B25-90F4-EC0C353F663C}" = lport=52525 | protocol=6 | dir=in | name=52525 | 
"{21922F4E-46F8-4623-BBE2-771BB2C298D4}" = lport=6886 | protocol=6 | dir=in | name=6886 | 
"{2820386C-5AE1-4CD2-8AD2-0DC8E9B2FCB9}" = lport=3882 | protocol=6 | dir=in | name=3882 | 
"{2D343DC1-C2BC-412C-BEE9-CC69B3A01E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{32781735-DE82-4D50-AEAD-E049A881E636}" = lport=3883 | protocol=6 | dir=in | name=3883 | 
"{34FCB130-2A06-41D9-88B4-A405DDAE2757}" = lport=20843 | protocol=6 | dir=in | name=20843 | 
"{372F5F79-FB58-43E9-9BB5-28C89231BB58}" = lport=6969 | protocol=6 | dir=in | name=6969 | 
"{380F9240-FAB8-4FBA-A84B-D6171D08330D}" = lport=3885 | protocol=6 | dir=in | name=3885 | 
"{3CED33EB-9125-46E8-87C1-401BEEF54C13}" = lport=6800 | protocol=6 | dir=in | name=sacred2 192.168.178.28 6800  | 
"{475B13D6-835E-4678-B033-C7D038FEFA61}" = lport=119 | protocol=6 | dir=in | name=119 | 
"{4C7479D1-286C-429B-9922-F11670B3F394}" = lport=3886 | protocol=6 | dir=in | name=3886 | 
"{4F8CEA56-8CFB-444C-820D-0A7C189F735A}" = lport=119 | protocol=17 | dir=in | name=119 | 
"{5414442F-CC5B-4C27-B938-DE68EC3B08B5}" = lport=3881 | protocol=6 | dir=in | name=3881 | 
"{6AD82A48-3A52-45F4-82E1-5DA6797229BE}" = lport=7011 | protocol=6 | dir=in | name=7011 | 
"{6E632DC8-2F4A-440D-AE49-D2BBDF5A21AF}" = lport=49152 | protocol=6 | dir=in | name=49152 | 
"{73727A79-255C-4F61-A9E2-6D9CC6FB2FC2}" = lport=3884 | protocol=6 | dir=in | name=3884 | 
"{84B4C29B-66C0-4BD1-8D30-99BE66E26FB0}" = lport=3887 | protocol=6 | dir=in | name=3887 | 
"{89462D0C-C474-4AFD-8434-CB75BA8CCA21}" = lport=6884 | protocol=6 | dir=in | name=6884 | 
"{A0671457-EAF9-4652-B620-EDA43D0AE158}" = lport=3888 | protocol=6 | dir=in | name=3888 | 
"{A0836C36-3F50-4544-9824-ADE04B10F05D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A2E5912A-F13E-42ED-ABC9-103AA342DA47}" = lport=6800 | protocol=17 | dir=in | name=sacred2 | 
"{A7C86D55-F4B3-4F7A-A443-0F8119B41471}" = lport=6889 | protocol=6 | dir=in | name=6889 | 
"{AC58AAAE-0AE3-42CA-AE06-BDD2568890DC}" = lport=443 | protocol=6 | dir=in | name=usenext | 
"{B2F0C6A8-EB65-468A-84E2-8F0740D6374D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B3389A1F-52DE-4B14-A1E1-BAB24544F65F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B47CE0E3-6F06-47D6-9D89-9DD6735664D5}" = lport=6882 | protocol=6 | dir=in | name=6882 | 
"{B58310DA-5D09-418D-B9F7-FE388FB267EC}" = lport=7011 | protocol=17 | dir=in | name=192.168.178.28 7011  | 
"{B79271F7-F7A8-4808-81F1-18D73661435B}" = lport=6887 | protocol=6 | dir=in | name=6887 | 
"{BCD222B2-4060-483E-BC76-ACC58CE3D67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C1E9DFC5-F541-4CFB-8F9F-0CAC495330C9}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | 
"{C213CEB1-F984-4B8F-AE4A-0DC4FB048C4F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CB7B40D3-E901-4E77-A634-E671EF8AC810}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CC6590F8-2002-481C-9D70-C11CC7D7E16A}" = lport=6881 | protocol=6 | dir=in | name=6881 | 
"{CF3B30C8-4505-4364-992B-1DF122BE4BFE}" = lport=6888 | protocol=6 | dir=in | name=6888 | 
"{DC8EC2BA-0C81-4FAC-92C1-CB8993317EED}" = lport=6885 | protocol=6 | dir=in | name=6885 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01797C0D-7CD1-452F-BED3-3CF4145E99E2}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{01FB15C3-77CC-4BB3-8056-5BE78EF4D062}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{05097E66-1213-48A9-928A-C3F80DC1F947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{052DD755-25CB-40C7-A41A-6B2D68FF6B0B}" = protocol=6 | dir=in | app=h:\fsetup.exe | 
"{0C1BDEB8-8F35-43E4-BF83-FE9D24D370E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{0C930D68-7D5A-4BEB-907B-CCB8778BCDBC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{0CC0990D-5957-4ECF-A5D8-F7556CA7DAFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{0DC047B8-8FC5-4E3E-9627-10A31D42286F}" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe | 
"{0E2CC395-A972-4408-9FD2-6CC61BE33948}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{0E6FBDCD-1056-49AF-975A-B5CD5BEAECCE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{0F223D9F-30EA-4920-878D-391EBC650F43}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{0F9DC035-D875-4570-8C0F-BAD3B52DF030}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{0FE25207-7147-4114-8C8B-BFBDF4C141CD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{1032B914-E96E-4FCF-8D13-47802A8F447A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{1385EAB8-3770-4FA6-8D24-787F70A04D71}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{143AD7FB-53CB-4DF8-A570-7936D2C22F0C}" = protocol=6 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe | 
"{14D574BB-20E2-4F92-842D-34044DD3125F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{177773E1-D11A-4E3E-AED6-F128B9E62A1D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{1AE1DD15-9F0C-4DBC-98A1-1DAE8EBED4D3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{1BD962DE-C26A-42E7-BF4A-F8CE6E3B7A94}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{1CD1CE4D-DEA7-4FB1-9AD3-B4033583B122}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{1DA2158A-4CDB-4656-BFF8-FD10293E5177}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | 
"{20918BC8-ED22-4DDA-8139-7BD39214D2AD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{2139558A-5D0E-4957-AC89-FF0BE8D1B1F5}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe | 
"{24E9F2B3-AA8B-4409-A73D-E397E5FBAD63}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | 
"{2DE0E0F5-E745-426E-B699-961E7C5E7107}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{2F96EAD0-9F56-436F-A705-C972A057DF5B}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe | 
"{314938D5-5521-4174-81B6-3885C1CE6FEF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"{36A1A113-6FAD-4A5C-BC39-C23064BC76D5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{392163A3-E5AA-4E59-A719-CAECE2BBB21B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{3D17F957-FAB3-484B-95CF-7639C02EB052}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{417896F0-27DA-4819-953F-FB060A68DD1B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{42B07EF2-78B3-400B-8198-0A32FA7748CD}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe | 
"{46833256-8126-4282-9E6A-392DD5D43FB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{47575330-50D8-4ECD-9DC9-D4B04D0941B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{48344705-46FD-4CF4-8906-9EDB572ADBE5}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe | 
"{4A269245-E4C8-4FCD-B3A4-732DF659AD39}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{4B218E1F-1CB2-4F99-95F9-FBD3A26C8B1C}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{4D13031E-AB13-4474-86D7-DC4E66464B5E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{4E9E3A47-4516-41DB-8D45-9E53B13F514B}" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe | 
"{516B3692-9B54-4290-B4C2-51EC873F879F}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe | 
"{520847CD-9EFB-4209-BB79-710C181FE644}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe | 
"{5561A96D-6D8F-4107-8556-C51C1B3F27E1}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe | 
"{56E5AB82-C460-4042-9B80-2D823A351642}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{5863ADD9-5F0A-4E5B-B7B9-489E9F313BDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{58EE5D40-1AE1-4F10-B914-E6BC05FE632F}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{5986533A-F73A-4AAE-8C2D-ADD49F7DE9D9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5DEB8D39-CF64-4DC9-A616-94F80009A37F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5F5714A0-88B7-4EE4-993E-E0DFC2084192}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5FFA1E17-2AFE-4B7F-AB79-6F33DA43FCEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{615A4083-3442-4DB1-8B83-C7904221A603}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6677AE2E-1765-4265-834E-E26A4A415693}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{694FA893-FA3A-4E00-9F18-514B680B3222}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{6A2277BE-BCE6-43D3-AF8B-6AD4B55D5CB8}" = protocol=17 | dir=in | app=c:\program files\thehunter\game\thehunter.exe | 
"{6F2EF067-AAF7-46B6-B311-3F73A44C9837}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{71A86CE6-948C-40F1-BA6F-63D508910F66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{737D8D37-E40F-4D60-90F7-40EE3689B42F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{7D1B1D5A-EB74-47F0-8930-743940E40D30}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{80709898-868C-4F14-B1ED-F6223977D370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | 
"{81B9F5A7-E4BF-439D-B279-D406A3404A77}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys | 
"{82DA41A6-FBC5-4901-A683-16773E5805C1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{84749D83-4391-40E1-84F0-8A4612E7F696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{85F9E1C8-5A40-45B2-82BB-64C0C1B603CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys | 
"{87343C82-E9EB-4C8A-A0AE-9E0E6597BFCE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{876E63F4-CD1F-4880-9956-FD9C928519E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{895B82C8-8962-459C-B602-7EF9A7675D0A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{8DC82DAC-F43D-44C2-8B2A-9B8CEB700E94}" = protocol=6 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe | 
"{8F48CF1E-1A82-44FD-8F93-03E40D81885B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8F636BAC-2E6C-40D0-BE63-641B5B952FCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{91738D1D-B510-477E-9BAD-89400964ABBA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{94179E3B-68F7-47F2-AB44-5EF9755C6E56}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{97C0E6E5-9F29-4E95-BD51-8F6CE72E7259}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{989B908C-B249-4DBE-ABA0-676E021334C8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{99D91D7A-8D4B-4F4D-B7AF-37EB4596F852}" = protocol=17 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe | 
"{9C288235-2EE2-4B70-ACB5-2FCC2E38ABEB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{9DA1AE38-B8BA-4B64-B2F6-7F6FC747586D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{A149813B-7F15-4515-A882-A16CEAA8C417}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{A29CDCF2-44B4-4433-9F96-95C60470F3C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{A4159EFD-C652-4959-BC7E-BF4E4E54791B}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{A954C762-FAFB-4F6E-B5EC-E172DB296DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{B0B80788-C5E3-4814-9C05-77461B2F8972}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{B0C834B5-CF99-4D79-A7A0-E7600FECA952}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{B14EB4B4-0797-4E15-9D09-654F8E05D53F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{BA217FB3-AB08-44F9-9368-EC6D871D0A2A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{BC020374-0A46-4E5E-9EE8-03724407540F}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe | 
"{BD99DB92-4FED-4A48-97D0-198266E66945}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe | 
"{C16A1AB9-DC9A-43FF-88C5-5DD1DF7D98EE}" = protocol=17 | dir=in | app=h:\fsetup.exe | 
"{C3573122-D9DA-4D6A-A78A-024F03574B6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{C3E63CA2-2458-4522-9953-9B2544578DA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{C4448901-98FC-4CE6-B5E1-4903FB9AF676}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{C73AF844-090D-457E-8F2D-65C4C7AA9100}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | 
"{C85E5F7F-F2A4-4A1A-BE1E-1D15F2385B30}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{D0621E23-B4A2-4D49-A12A-D887FCB4CC45}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys | 
"{D16EFA52-2162-4A3D-9C8F-E6D55623160E}" = protocol=6 | dir=in | app=c:\program files\thehunter\game\thehunter.exe | 
"{D204465E-5F24-4CEB-A17F-E41571FB41B8}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{D2C29F4F-06E0-47C4-848D-07A22F8FC44E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{D2ED27D8-1AF3-4067-9E97-F6149CCD1004}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"{D2F63111-54A2-4EF3-9E4A-C5F8149DC9BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{D45B6BD1-B1D2-4C53-87D1-F78450D7AB77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D645D8A6-2AD7-495E-8CE3-A425735C3426}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys | 
"{D9775EDC-E3B3-4EAD-B11A-7968CB8CC321}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{DA1448AB-781E-4A48-BB58-BF0C26B70A56}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe | 
"{DA745B1D-1479-47AB-AD52-931C8AF4AC12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{DC09C0AB-D335-4ECA-B51B-567085898FF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DFF50DAC-4E2D-44FD-89A1-DF39BCC7038B}" = protocol=17 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe | 
"{E56A9860-5886-47B3-A63C-74B84E177CA0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{EBAA9131-05F1-4BEE-8AE4-5287C4F45311}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{EEE4D6D7-5060-447C-BCA1-9BE73CC302D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{F0D5BC82-AB77-44BC-ABC0-007B30D7D333}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | 
"{F14B46AE-CEE3-4FB1-B474-9C01ECF677D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{F99A4917-42AA-4AA3-9AD3-C1CCE066A06E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{FAACD65D-192A-4D77-86A9-3D94347DF20E}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe | 
"{FE45AC75-B5C5-4BB4-9D6A-7EF10B1337D1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | 
"{FE4A7BC7-10D0-447C-B6A3-B3EC8C483BF7}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe | 
"{FF267BCD-8D21-4A8C-9D89-A36ABD7AB71E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"TCP Query User{10E85D8B-931D-4F82-B6E6-34F3013CEFE2}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | 
"TCP Query User{3BCD04D0-EBC2-4887-8B3C-E38ACDA98F2E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{3E831DE0-46B3-4826-B793-048D8D785B1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{3F9ADF29-51E3-4A0D-906B-C37EBD512EC6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{4181C1C6-AB2E-4D55-A83D-4D1D4C386B69}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{45781EB7-B2CF-49A8-B53B-5FABD69991B2}C:\users\*****\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\*****\program files\dna\btdna.exe | 
"TCP Query User{5336B6CE-05A2-42B3-A0DD-2317C813BC42}C:\windows\system32\winupdateman.exe" = protocol=6 | dir=in | app=c:\windows\system32\winupdateman.exe | 
"TCP Query User{6BF59FC7-C270-48FA-BFBA-821DBFAF0355}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"TCP Query User{7DB0D180-02EA-487A-A5D9-97FEC87BF2BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{824D0ECB-AE5C-4CF8-8796-C3738B49DB26}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{8D881CE4-B387-4513-9BD0-3C99984C7DF3}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{AB9202E6-AD7F-46EC-A9C6-776BB547A68B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{CB0BD445-F604-4B15-A819-E553D7483392}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{CFEEF620-5A34-42FF-BBC5-3C9062D77D85}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{D43E42BB-CD09-4177-B670-522B8A78BED2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{E1B034EA-EEB8-4FF6-B8CE-B0BD6C85AE18}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{0534A750-77BB-49CF-9BF1-EF7C0C31A981}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | 
"UDP Query User{1FB4E85F-4D61-40CD-B59A-B6E9B04FE08C}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{2D8672B7-6175-41C8-9CCD-8D8121A4242B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{348735B3-2C89-4C3A-AEA6-D7CF8A5719F7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{358CFED0-A205-46E7-B5E8-C4F30BB605A8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{35E469E5-1177-4013-B6B6-B73E1198A71F}C:\users\*****\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\*****\program files\dna\btdna.exe | 
"UDP Query User{386144F2-9BA6-4D5F-AEDF-E373AF754F02}C:\windows\system32\winupdateman.exe" = protocol=17 | dir=in | app=c:\windows\system32\winupdateman.exe | 
"UDP Query User{4263C516-1200-4458-8E8B-2B8DBE239016}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{66D48D9F-B863-476F-B712-FC5F8447625C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{6C9F507A-4A89-479D-A9FD-8A07D167DD44}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{800F7015-1309-4893-B67E-17C78B38533F}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | 
"UDP Query User{8C18A901-E37E-4832-A247-D5437300A82A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{9B82C92F-B853-4655-9928-7C13F791B09B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A33A3619-FFF2-4628-8E7B-D63FE7D9EE59}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{D24DDB0B-5E7D-4855-B876-34234695230E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{F0C3F17D-8B6E-4F27-8270-05B2982B0476}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{156E82CB-20F2-46cf-BCEA-40E4F23DC4A3}" = YouTube Downloader Toolbar v4.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CBBEAC-4F50-4839-A5AF-58D5D6D46D4A}_is1" = Spyhunter Compact OS 1.0b
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80B6EB72-3C0C-47BF-B337-2D46988A58C5}" = EXP Viewer 6.0
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = iS3 STOPzilla Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Fraps" = Fraps
"GESO Ernährungsberater_is1" = GESO Ernährungsberater
"Google Chrome" = Google Chrome
"GoogleBAE" = Google BAE
"GoogleToolbar" = Google Toolbar
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KaloMa_is1" = KaloMa 4.76
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero8" = Nero 8 Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OFF2k7_GE" = Microsoft® Office Home and Student 2007
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Security Task Manager" = Security Task Manager 1.7h
"SETUPMYPC_DE" = SetUp My PC
"Shop for HP Supplies" = Shop for HP Supplies
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"theHunter" = theHunter (remove only)
"Two Worlds II" = Two Worlds II
"Unlocker" = Unlocker 1.8.7
"Updator" = Packard Bell Updator
"UseNeXT_is1" = UseNeXT
"VIDEO_NVIDIA" = Video NVIDIA v174.90
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"works9" = Microsoft Works 9
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2009 11:44:35 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0x1424, Anwendungsstartzeit
 01ca151a7271c3c6.
 
Error - 04.08.2009 11:45:09 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0xe60, Anwendungsstartzeit
 01ca151a869afd36.
 
Error - 04.08.2009 12:47:26 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x1590, Anwendungsstartzeit 01ca151a9d4f0806.
 
Error - 04.08.2009 20:38:35 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0x1114, Anwendungsstartzeit
 01ca156508d32446.
 
Error - 04.08.2009 22:17:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x1294, Anwendungsstartzeit 01ca15651c08e596.
 
Error - 05.08.2009 09:50:44 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x15e0, Anwendungsstartzeit 01ca15cbe381be66.
 
Error - 05.08.2009 11:21:00 | Computer Name = *****-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 05.08.2009 18:00:24 | Computer Name = *****-PC | Source = VSS | ID = 12310
Description = 
 
Error - 05.08.2009 18:00:26 | Computer Name = *****-PC | Source = VSS | ID = 12298
Description = 
 
Error - 06.08.2009 02:26:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Fallout3ng.exe, Version 1.0.0.12, Zeitstempel
 0x48d194b3, fehlerhaftes Modul Fallout3ng.exe, Version 1.0.0.12, Zeitstempel 0x48d194b3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00044163,  Prozess-ID 0x1544, Anwendungsstartzeit
 01ca1659ea97ebf6.
 
[ Media Center Events ]
Error - 08.12.2009 11:26:50 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 20.12.2010 13:44:21 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 20.12.2010 13:47:46 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 20.12.2010 16:04:59 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 20.12.2010 23:15:09 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 21.12.2010 01:40:59 | Computer Name = TamTampc | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.12.2010 um 06:38:26 unerwartet heruntergefahren.
 
Error - 21.12.2010 01:42:18 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.12.2010 10:22:37 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 21.12.2010 10:48:06 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 21.12.2010 10:48:06 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 21.12.2010 10:52:10 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


Alt 21.12.2010, 20:09   #6
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



OK Hier ist der Maleware bytes log :

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5366

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.12.2010 20:08:09
mbam-log-2010-12-21 (20-08-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 371515
Laufzeit: 2 Stunde(n), 47 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 38

Infizierte Speicherprozesse:
c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> 1412 -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> 2644 -> No action taken.
c:\Windows\Onyhab.exe (Rootkit.Agent) -> 6012 -> No action taken.

Infizierte Speichermodule:
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Rootkit.Agent) -> Value: JP595IR86O -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E07C3A02-5DE0-949B-1612-45C6271678C4} (Trojan.Dropper) -> Value: {E07C3A02-5DE0-949B-1612-45C6271678C4} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> No action taken.
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken.
c:\Windows\Onyhab.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe (Trojan.Dropper) -> No action taken.
c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\niul.exe (Trojan.Dropper) -> No action taken.
c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\uvsyyd.exe (Trojan.Dropper) -> No action taken.
c:\Users\*****\AppData\Local\mesnSqc.dll (Trojan.Hiloti) -> No action taken.
c:\Users\*****\AppData\Local\Temp\hywgxge.exe (Trojan.Dropper) -> No action taken.
c:\Users\*****\AppData\Local\Temp\ifdla.exe (Trojan.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\19792079 (Spyware.Passwords.XGen) -> No action taken.
c:\Users\*****\AppData\Local\Temp\okyqih.exe (Backdoor.Bot) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om0.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om1.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omv.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omw.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omy.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omz.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\sshnas21.dll (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\tmvspdwr.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Users\*****\AppData\Local\Temp\cw69l3b7x9i9o6.exe (Trojan.Ertfor) -> No action taken.
c:\Users\*****\AppData\Local\Temp\xt.exe (Adware.FlvTube) -> No action taken.
c:\Users\*****\AppData\Local\Temp\BA24.tmp (Trojan.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\nsmABA4.tmp\_tbp.exe (Trojan.Hiloti) -> No action taken.
c:\Users\*****\AppData\Local\Temp\vtorjfuji\kgomopaaffm.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Users\*****\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\xouv.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Onyhaa.exe (Rootkit.Agent) -> No action taken.
c:\Windows\system\dwm.exe (Backdoor.Bot) -> No action taken.
c:\Windows\System32\if86lp.dll (Trojan.Ertfor) -> No action taken.
c:\Windows\System32\sshnas21.dll (Rootkit.Agent) -> No action taken.
c:\Windows\Temp\E48D.tmp (Trojan.Agent) -> No action taken.
c:\Windows\Temp\xclw\setup.exe (Backdoor.Bot) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\dealio toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken.
c:\program files\youtube downloader toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.

Alt 21.12.2010, 22:49   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Zitat:
-> No action taken.
Wieso löscht du die Funde denn nicht
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.12.2010, 23:55   #8
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



Hab sie jetzt gelöscht

Alt 22.12.2010, 00:00   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Dann brauch ich jetzt neue OTL-Logs.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.12.2010, 21:41   #10
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



OTL LOG EXTRAS:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.12.2010 21:36:05 - Run 4
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,57 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.21 21:57:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2010.12.21 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\quickstores@quickstores.de
[2010.12.21 21:57:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 20:27:05 | 000,000,313 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.21 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\JBG ALBUM
[2010.12.21 16:14:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VIRUSLAN
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\*****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 21:38:11 | 009,699,328 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2010.12.22 21:24:00 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.22 21:24:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.22 21:06:42 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.22 21:06:42 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.22 21:06:42 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.22 21:06:42 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.22 21:06:42 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 21:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 21:00:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.22 21:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 21:00:05 | 3487,789,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 17:51:26 | 256,961,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.21 20:38:18 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.21 20:38:10 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.21 20:36:52 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.21 20:28:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 20:28:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 20:28:00 | 002,999,843 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.12.21 20:27:05 | 000,000,313 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.21 20:21:02 | 000,086,016 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\*****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:51:26 | 256,961,193 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,789,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\*****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
         
--- --- ---

Alt 22.12.2010, 21:41   #11
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



OTL LOG NR 2:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.12.2010 21:36:05 - Run 4
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,57 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.21 21:57:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2010.12.21 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\quickstores@quickstores.de
[2010.12.21 21:57:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 20:27:05 | 000,000,313 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.21 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\JBG ALBUM
[2010.12.21 16:14:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VIRUSLAN
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\*****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 21:38:11 | 009,699,328 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2010.12.22 21:24:00 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.22 21:24:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.22 21:06:42 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.22 21:06:42 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.22 21:06:42 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.22 21:06:42 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.22 21:06:42 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 21:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 21:00:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.22 21:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 21:00:05 | 3487,789,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 17:51:26 | 256,961,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.21 20:38:18 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.21 20:38:10 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.21 20:36:52 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.21 20:28:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 20:28:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 20:28:00 | 002,999,843 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.12.21 20:27:05 | 000,000,313 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.21 20:21:02 | 000,086,016 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\*****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:51:26 | 256,961,193 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,789,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\*****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
         
--- --- ---

Alt 22.12.2010, 21:49   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.12.2010, 23:01   #13
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



Ok hab ich gemacht:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{E07C3A02-5DE0-949B-1612-45C6271678C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E07C3A02-5DE0-949B-1612-45C6271678C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\9rogj deleted successfully.
C:\Users\hannes\AppData\Roaming\Pynyk folder moved successfully.
C:\Users\hannes\AppData\Roaming\Myoq folder moved successfully.
C:\found.001 folder moved successfully.
C:\Users\hannes\AppData\Roaming\updates folder moved successfully.
C:\Users\hannes\AppData\Local\Windows folder moved successfully.
C:\Users\hannes\AppData\Local\Server folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 13903317 bytes
->Temporary Internet Files folder emptied: 210319 bytes
->Java cache emptied: 12119233 bytes
->FireFox cache emptied: 18633729 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hannes
->Temp folder emptied: 759527566 bytes
->Temporary Internet Files folder emptied: 43355833 bytes
->Java cache emptied: 71651052 bytes
->FireFox cache emptied: 101647112 bytes
->Flash cache emptied: 19793 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1224704 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4857095 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 981,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 12222010_225623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 22.12.2010, 23:12   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus Backdoor - Standard

Virus Backdoor



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.12.2010, 18:30   #15
bugbugbug
Gesperrt
 
Virus Backdoor - Standard

Virus Backdoor



wenn ich ComboFix ausführe bekomme ich einen blauer Bildschirm wo steht
a problem has been detected on your computer und mein computer macht neustart

Antwort

Themen zu Virus Backdoor
antivir, antivir guard, avira, backdoor, bho, desktop, downloader, dsl, enigma, firefox, google, hijack, hijack this, hijackthis, hkus\s-1-5-18, internet, limewire, locker, mozilla, object, plug-in, problem, senden, software, spigot, svchost.exe, system, virus, vista, windows, youtube downloader



Ähnliche Themen: Virus Backdoor


  1. Backdoor-Virus?
    Log-Analyse und Auswertung - 20.07.2012 (1)
  2. Mediashifting.com Virus / Backdoor.Agent
    Log-Analyse und Auswertung - 31.12.2011 (1)
  3. Facebook Virus (Backdoor)
    Plagegeister aller Art und deren Bekämpfung - 13.08.2011 (2)
  4. Backdoor Virus
    Log-Analyse und Auswertung - 31.07.2010 (2)
  5. Verdacht auf Backdoor Virus.
    Log-Analyse und Auswertung - 01.08.2009 (8)
  6. MSN Virus (Backdoor.Win32.SdBot.ihf)
    Mülltonne - 22.11.2008 (0)
  7. N>virus (backdoor) killer
    Mülltonne - 10.08.2008 (1)
  8. Backdoor + Virus.Autorun
    Log-Analyse und Auswertung - 02.08.2008 (2)
  9. msn Virus Backdoor.Agent.ZCN
    Plagegeister aller Art und deren Bekämpfung - 10.02.2008 (1)
  10. Abhilfe bei MSN Virus Backdoor hier
    Plagegeister aller Art und deren Bekämpfung - 03.08.2007 (5)
  11. Backdoor Virus
    Plagegeister aller Art und deren Bekämpfung - 18.09.2006 (8)
  12. Backdoor Virus!
    Plagegeister aller Art und deren Bekämpfung - 17.05.2006 (1)
  13. backdoor darkmoon virus
    Log-Analyse und Auswertung - 08.10.2005 (12)
  14. Backdoor Virus!
    Log-Analyse und Auswertung - 05.08.2005 (6)
  15. Backdoor Virus "BDC/Ruledor.C
    Plagegeister aller Art und deren Bekämpfung - 26.10.2004 (17)
  16. Backdoor.Jeem Virus
    Plagegeister aller Art und deren Bekämpfung - 01.02.2004 (5)
  17. BACKDOOR.SINIT - VIRUS
    Plagegeister aller Art und deren Bekämpfung - 23.10.2003 (1)

Zum Thema Virus Backdoor - Hallo ich habe eine problem bei mir öffen sich ständig der Internet explorer mein pc stürzt einfach ab ich habe was runtergeladen und danach hatte ich den virus Hier mein - Virus Backdoor...
Archiv
Du betrachtest: Virus Backdoor auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.