Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Suchanfrgen werden zu Ad-seiten umgeleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2010, 14:19   #1
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Hallo,

schon etwas länger habe ich das "Problem" das Suchanfragen in der Adresszeile nicht mehr per Google bearbeitet werden.
Zuerst war es eine T-Online Seite die angezeigt wurde, ok dachte ich der Provider hat wohl was an DNS oder so geändert und will wohl Geld dadurch verdienen. (Kann ja nieee mals ein Virus sein oder so, ich doch nicht)

Seit neusten wird auf h**p://allpurposeresults.com/error.php?q=test umgeleitet, wobei "test" die Suchanfrage ist. zusätzlich kam zufällig Werbung "Powered by LoudMo", klassisches Anzeichen von AdWare, also schnell mit Malwarebytes alles gescannt, gut das es eine Log-Sammlung gibt:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3915
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

26.03.2010 12:26:53
mbam-log-2010-03-26 (12-26-53).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|Q:\|)
Durchsuchte Objekte: 540174
Laufzeit: 3 hour(s), 19 minute(s), 16 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 8
Infizierte Dateien: 46

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fzb01g8ec-z (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Rapid AntiVirus (Rogue.RapidAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e5e75b7e-410d-9ac4-8c78-89ebbd49c2ba} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e5e75b7e-410d-9ac4-8c78-89ebbd49c2ba} (Adware.AdRotator) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\Jens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y0DH695R\setup[1].exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\Fzb01g8EC-Z.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
D:\Downloads\Neuer Ordner (2)\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.
D:\Program Files\Wireshark\uninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
D:\xampp\Uninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Windows\System32\HPFL15C1Wv_2.dll (Adware.AdRotator) -> Quarantined and deleted successfully.
         
teilweise etwas merkwürdig, die installation des FLV-Players passt ungefähr mit der Umstellung überein, was mit XAMPP ist weiß ich nicht, vermute mal eine Falschmeldung.

Die plötzlichen Ads von "LoudMo" sind jetzt weg, allerdings ist immer noch die Suchumleitung nach "allpurposeresults.com" vorhanden.

Dann bin ich die allgemeine Liste durchgegangen, habe den CCleaner benutzt, einige Altlasten entfernt, allerdings alles noch unverändert.

Neustart durchgeführt und RSIT gestartet, jedoch nur eine Fehlermeldung erhalten:

Code:
ATTFilter
Line -1:
Error Subscript used with non-Array variable
         
Werde nun die vorletzte Version und so durchprobieren und hoffen das eine geht

Da ich erst unabhängi von diesem Forum auf der Suche war entspricht die Reihenfolge nicht ganz der Anleitung.
Über weitere Vorgehensweisen würde ich mich freuen.

Alt 26.03.2010, 14:32   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Hallo und

RSIT solltest Du mal im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen

Alternative zu RSIT => Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 26.03.2010, 15:09   #3
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Hier die OTL-Logs:
Code:
ATTFilter
OTL logfile created on: 26.03.2010 14:41:30 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 1,98 Gb Free Space | 5,87% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 11,48 Gb Free Space | 14,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - Q:\140062.deu\Office14\ONENOTEM.EXE File not found
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - D:\Downloads\Miranda\Miranda IM\miranda32.exe ( )
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Programme\COMODO\Firewall\cfp.exe ()
PRC - C:\Programme\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - d:\xampp\mysql\bin\mysqld.exe ()
PRC - D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - d:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - D:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
PRC - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (SIEMENS AG)
PRC - D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe (SIEMENS AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - D:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lkads.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (jhguv) --  File not found
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UpekSrvc) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (XAMPP) -- D:\xampp\service.exe ()
SRV - (s7oiehsx) -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
SRV - (IGDCTRL) -- D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (S7TraceServiceX) -- C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
SRV - (s7asysvx) -- D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
SRV - (almservice) -- D:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NIDomainService) -- D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
SRV - (OpcEnum) -- C:\Windows\System32\OPCENUM.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\Windows\System32\drivers\SNTIE.SYS (SIEMENS AG)
DRV - (s7snsrtx) -- C:\Windows\System32\drivers\s7snsrtx.sys (SIEMENS AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CamFilter) -- C:\Windows\System32\drivers\Camfilter.sys (Compal Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (TVicPort) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (fwkbd) -- C:\Windows\System32\drivers\FwKbd.sys ()
DRV - (dpmcslv) -- C:\Windows\System32\drivers\dpmcslv.sys (Siemens AG)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 58 7E FE 29 C2 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.7
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6
FF - prefs.js..extensions.enabledItems: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {f8316a1e-0745-5b69-6437-bbcc0d88bfaa}:4.6.6.4
FF - prefs.js..network.proxy.backup.ftp: "yolno.infp"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "yolno.infp"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "yolno.infp"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "yolno.infp"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "74.222.8.26"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "74.222.8.26"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "74.222.8.26"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "74.222.8.26"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "74.222.8.26"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.26 19:49:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox 3\components [2010.03.24 16:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3\plugins [2010.03.24 16:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.26 19:49:32 | 000,000,000 | ---D | M]
 
[2008.06.18 07:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.26 07:15:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions
[2009.08.20 21:25:04 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.01.27 19:58:15 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2009.09.15 21:24:10 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.02.11 21:51:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009.04.21 21:01:15 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.03.21 15:37:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.08 15:03:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.08.29 09:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{E2082660-5330-49e6-BD84-9978CE15BA72}
[2009.10.20 11:43:33 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2009.08.21 16:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\avg@script.1
[2010.02.18 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\check4change-owner@mozdev.org
[2010.02.13 11:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 19:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\elemhidehelper@adblockplus.org
[2008.05.04 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.03.14 23:41:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firebug@software.joehewitt.com
[2010.01.13 22:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firecookie@janodvarko.cz
[2009.12.13 00:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pencil@evolus.vn
[2010.03.18 21:54:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\personas@christopher.beard
[2010.02.08 19:52:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2010.01.27 16:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\smarterwiki@wikiatic.com
[2009.05.09 08:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\sqlime@security.compass
[2009.05.28 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\xssme@security.compass
[2010.03.14 23:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\youtube2mp3@mondayx.de
 
O1 HOSTS File: ([2010.01.24 18:09:46 | 000,000,901 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 	 pro_001.mirrow.loc
O1 - Hosts: 192.168.2.103   root.loc
O1 - Hosts: 192.168.2.103   live.loc
O1 - Hosts: 192.168.2.103   phpBB.loc
O1 - Hosts: 192.168.2.103   pma.loc
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] D:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S7UB Start] D:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG)
O4 - HKLM..\Run: [SMBTray] C:\Programme\Compal\Smart Battery\SMBTray.exe (Compal Electronics, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Zend Studio - Debug current page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O8 - Extra context menu item: Zend Studio - Debug next page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{70a5fedc-8029-11dd-941f-001b3868aa49}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell - "" = AutoRun
O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell - "" = AutoRun
O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.26 13:26:26 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.03.26 13:26:25 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.26 08:18:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.03.26 08:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.26 08:18:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 08:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.25 08:00:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.03.24 16:00:45 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2010.03.17 03:01:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.11 16:36:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.11 16:36:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.08 20:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper
[2010.03.03 20:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ManyCam
[2010.03.02 16:34:36 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx
[2010.02.27 10:56:00 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.02.26 19:48:11 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.02.26 19:47:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.02.25 12:44:09 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.02.25 12:44:08 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.02.25 12:07:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FRITZ!
[2010.02.25 09:13:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\AVM
[2009.08.27 15:43:40 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Common Files\dao350.dll
[2008.03.25 16:58:16 | 000,081,920 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.03.25 16:58:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2006.01.20 13:11:59 | 000,253,952 | ---- | C] (XtraLogiX GbR) -- C:\Programme\Graph_Pro.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.26 14:41:57 | 010,223,616 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.03.26 14:35:39 | 001,575,692 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.26 14:35:39 | 000,676,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.26 14:35:39 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.26 14:35:39 | 000,147,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.26 14:35:39 | 000,121,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.26 14:32:59 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.03.26 14:31:05 | 000,123,808 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.26 14:27:28 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.26 14:27:27 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.26 14:27:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.26 14:26:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.26 13:19:04 | 000,000,232 | ---- | M] () -- C:\Windows\win.ini
[2010.03.26 13:01:58 | 000,000,708 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.03.26 12:29:06 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.03.26 12:28:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TMContainer00000000000000000001.regtrans-ms
[2010.03.26 12:28:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TM.blf
[2010.03.26 12:28:04 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.03.26 08:18:14 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.25 23:43:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A522CF25-CAAB-4EAB-85D9-A6991B693371}.job
[2010.03.25 14:19:45 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.03.25 08:00:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.03.24 16:00:28 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2010.03.17 22:26:54 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx
[2010.03.17 22:26:46 | 000,887,725 | ---- | M] () -- C:\Users\***\Documents\FormelSammlung_ET.docx
[2010.03.17 21:57:25 | 000,001,355 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.06 21:01:29 | 000,001,426 | ---- | M] () -- C:\List.conf
[2010.03.06 15:25:12 | 000,000,316 | ---- | M] () -- C:\Users\***\cinderella2-user.properties
[2010.03.04 15:21:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010.03.03 11:42:02 | 000,002,464 | ---- | M] () -- C:\Windows\netdet.ini
[2010.02.27 20:57:43 | 000,000,650 | ---- | M] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk
[2010.02.27 19:35:40 | 000,001,393 | ---- | M] () -- C:\Users\***\Documents\#newfile2.lyx#
[2010.02.27 12:45:57 | 000,020,598 | ---- | M] () -- C:\Users\***\Documents\Kalender von ***.ics
[2010.02.26 09:29:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.26 13:01:58 | 000,000,708 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.03.26 08:18:14 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.25 08:00:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.03.24 16:00:28 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2010.03.17 22:26:54 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx
[2010.03.17 22:25:13 | 000,887,725 | ---- | C] () -- C:\Users\***\Documents\FormelSammlung_ET.docx
[2010.03.17 21:57:25 | 000,001,355 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.06 15:25:12 | 000,000,316 | ---- | C] () -- C:\Users\***\cinderella2-user.properties
[2010.03.03 20:06:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010.02.27 19:30:40 | 000,001,393 | ---- | C] () -- C:\Users\***\Documents\#newfile2.lyx#
[2010.02.27 12:45:57 | 000,020,598 | ---- | C] () -- C:\Users\***\Documents\Kalender von ***.ics
[2010.02.27 10:44:25 | 000,001,426 | ---- | C] () -- C:\List.conf
[2010.02.26 09:29:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.02.26 09:24:22 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.01.16 15:01:13 | 000,002,593 | ---- | C] () -- C:\Windows\SE.INI
[2010.01.05 18:40:21 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2009.12.25 19:53:12 | 000,002,770 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.23 21:05:41 | 000,000,227 | ---- | C] () -- C:\Windows\FTRUN32.INI
[2009.12.23 20:20:53 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI
[2009.11.19 16:31:52 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.10.18 16:11:32 | 000,000,165 | ---- | C] () -- C:\Users\***\AppData\Local\rahistory.xml
[2009.10.07 14:58:16 | 000,000,133 | ---- | C] () -- C:\Windows\Dialux.ini
[2009.09.25 15:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.05 10:26:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.09.05 10:26:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.09.05 10:26:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.09.05 10:22:18 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.08.27 15:55:10 | 000,000,000 | ---- | C] () -- C:\Windows\FwSim.INI
[2009.08.27 15:44:58 | 000,104,633 | ---- | C] () -- C:\Windows\System32\drivers\fwDH485.sys
[2009.08.27 15:44:58 | 000,002,976 | ---- | C] () -- C:\Windows\System32\drivers\FwKbd.sys
[2009.08.27 15:44:56 | 000,031,232 | ---- | C] () -- C:\Windows\System32\s7200L2.dll
[2009.03.28 13:11:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.25 17:39:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.13 19:40:55 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2009.03.13 19:27:51 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2009.03.13 19:27:50 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll
[2009.02.11 16:48:52 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2009.01.18 20:09:20 | 000,000,146 | ---- | C] () -- C:\Windows\Capture.INI
[2008.12.23 16:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.11.01 14:25:03 | 000,000,728 | ---- | C] () -- C:\Users\***\AppData\Local\RAExpertHistory.xml
[2008.11.01 14:05:56 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.10.10 19:40:40 | 000,471,161 | ---- | C] () -- C:\Programme\Mozilla Firefox 3__inst.jar
[2008.10.10 16:09:20 | 000,006,783 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2008.10.10 16:09:14 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2008.10.10 16:09:14 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2008.10.10 16:09:14 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2008.10.10 16:09:14 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2008.10.10 16:09:14 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2008.10.10 16:09:14 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2008.10.10 16:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2008.10.10 16:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2008.10.10 16:09:14 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2008.10.10 16:09:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2008.10.10 16:09:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2008.10.10 16:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2008.10.10 16:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2008.10.10 16:09:14 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2008.10.10 16:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2008.10.10 16:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2008.09.14 13:52:48 | 000,000,057 | ---- | C] () -- C:\Windows\System32\FORM.INI
[2008.09.13 11:53:50 | 000,000,613 | ---- | C] () -- C:\Users\***\AppData\Roaming\UCO.cache
[2008.04.15 17:33:53 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.04.06 17:50:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008.03.27 21:02:08 | 000,138,920 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.27 12:42:30 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.03.27 12:38:32 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.03.27 09:26:20 | 000,034,304 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.26 20:52:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.26 08:48:02 | 000,156,160 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2008.03.26 08:48:02 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2008.03.26 08:39:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.03.26 06:24:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.25 22:09:13 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008.03.25 17:25:54 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.03.25 17:19:23 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.03.25 16:58:16 | 009,599,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.03.25 16:58:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.03.25 16:19:31 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2008.03.25 16:14:28 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.06.01 10:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.04.17 09:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.07.27 10:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2005.06.10 07:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll
[1999.07.16 13:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll
[1998.03.11 22:15:52 | 000,025,600 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[1998.03.11 22:00:30 | 000,015,408 | ---- | C] () -- C:\Windows\System32\CB560WIN.DLL
[1997.01.29 17:53:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[1997.01.15 13:33:46 | 000,009,216 | ---- | C] () -- C:\Windows\System32\CBNVDD.DLL
[1996.12.19 13:37:38 | 000,103,360 | ---- | C] () -- C:\Windows\System32\S7OSC16X.DLL
[1996.12.19 13:36:48 | 000,014,848 | ---- | C] () -- C:\Windows\System32\S7OSC32X.DLL
< End of report >
         
__________________

Alt 26.03.2010, 15:10   #4
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Teil2
Extra.txt

Code:
ATTFilter
OTL Extras logfile created on: 26.03.2010 14:41:30 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 36,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 1,98 Gb Free Space | 5,87% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 11,48 Gb Free Space | 14,69% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation)
htmlfile [opennew] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" (Mozilla Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox 3\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C6366704-8839-4F57-AE54-92546807C22E}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{F12BA1AD-D48B-4AEC-B6B9-E55A479CAD44}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046D4E9D-E71A-431A-9CB8-56ADA5D997B3}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | 
"{04FCDA6A-6920-4F4A-8A90-1B339372750C}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | 
"{094ED8BB-7709-40FE-AE03-00648C0503A0}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | 
"{096BB17D-5DBB-48AF-9858-3DD4AF04C6F0}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0B527686-375F-4094-85C6-92EC371FA915}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | 
"{116C0881-F9D6-4AAC-8023-19D410095FFD}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | 
"{1307B176-B415-4209-B765-197B795AEE83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D363B59-A6ED-4A2C-A238-5099208A5EEE}" = protocol=17 | dir=in | app=d:\program files\tobit clipinc\player\clipinc-player.exe | 
"{3876BC76-260B-4F75-ADA2-2F9B0BA8CBDC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{3ACFBE09-99B4-49F8-B26D-E918C6A122CA}" = protocol=6 | dir=in | app=d:\program files\tobit clipinc\server\clipinc-server.exe | 
"{3BB299C6-1AFE-4138-96C2-984AB01BA050}" = protocol=6 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{3F0C64BB-EA8E-40FD-B3FC-EACB2207CB10}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{4AE83A2D-CEE7-405F-B9BC-5686D656C3C9}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | 
"{4D6F8DE6-0324-4785-8EBA-5C2DC2426DED}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_ds.exe | 
"{5759D9D9-E940-43F4-84B8-EA0A16429EDB}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{59C0E009-46BC-4247-AEBA-6F8EF06F810B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{5B702407-5B82-4684-A8FD-9657E352E75F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{600AACE7-C4CB-41BF-A658-36BE8F502098}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{613EA574-AACA-4B6A-989B-08466527F0A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{62190B61-064B-4771-B90F-4400A75E84C6}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{730F77C6-E3A0-4236-9B51-2F3868831831}" = protocol=6 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{76BCA1DE-3413-4BCB-8BA1-2D163D8F1DA6}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7bin\s7tgtopx.exe | 
"{8092A208-7B6D-4F35-9439-8DA320F1D6D2}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic_online.exe | 
"{80C2F7D5-D2F6-4AB0-B81D-4E35604F48D9}" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{8103C9F3-F620-44B5-93C7-3F47B62956AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{871825A5-D391-49E0-9DD5-6B2854D005EA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{92BB2EF4-188B-4207-9114-76A0CA0F8999}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{941DFA1F-5905-4503-9400-2790D817EB3B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95A8A7A8-A9BE-4A1C-8842-C809A61D4D91}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98B71910-0479-446A-89C6-680A0798FCB8}" = protocol=17 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{A38CD01C-E7AF-4FD1-80A0-39574A584669}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A84D1D47-BD43-4BBB-9E82-7E5899D29D28}" = protocol=6 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | 
"{AD0419DF-09C6-4809-AC08-CCF54FE25389}" = protocol=17 | dir=in | app=d:\program files\ultravnc\vncviewer.exe | 
"{B077F837-9C02-44DF-B7C4-9BA17BB55ABF}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | 
"{B1D74072-0D85-4EA4-9053-53FB944B443D}" = protocol=17 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | 
"{BC73845E-ACE2-47D4-A858-FD80262C077E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C75BDD61-CC0A-4A1F-ACD6-6B12CD97E5BA}" = protocol=17 | dir=in | app=d:\program files\fritz!dsl\fboxupd.exe | 
"{CC54CE45-7D51-48D5-964C-8FD46F6498CA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3B7DE90-DF10-457A-B339-8B5B3AECA0AD}" = protocol=6 | dir=in | app=d:\program files\sierra entertainment\world in conflict\wic.exe | 
"{E3D633CC-6B54-4B26-9074-0023B6516512}" = protocol=17 | dir=in | app=d:\program files\siemens\step7\s7inf\s7usiapx.exe | 
"{E445019D-14EC-4349-8CAA-283853AF4FA2}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\igdctrl.exe | 
"{E5EA6E74-9E28-4340-BA07-A6E7CC5C35AA}" = protocol=6 | dir=in | app=c:\windows\system32\s7otbxsx.exe | 
"{E6E93F5C-B4DF-4619-A24F-D2DA92073E14}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EA5716C3-360E-471D-9384-23993492A8C3}" = protocol=6 | dir=in | app=d:\program files\fritz!dsl\webwaigd.exe | 
"{F6AC6D78-E203-4CC8-B016-DA7834CACEDD}" = protocol=17 | dir=in | app=d:\program files\common files\siemens\sqlany\dbsrv9.exe | 
"{FA66DAE9-C8F1-4022-A450-ED2606FEA059}" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{FCF268E7-A31B-46CE-8B9A-F1563C613D5C}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"TCP Query User{0497A5D2-B143-466E-AA29-428FEC75254B}D:\program files\ultravnc\winvnc.exe" = protocol=6 | dir=in | app=d:\program files\ultravnc\winvnc.exe | 
"TCP Query User{0BA37633-9ABE-475A-BD61-428B8AAFAA78}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=6 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"TCP Query User{0C49B2C1-5AB9-4356-A222-8D14A58D3E2D}D:\xampp\apache\bin\apache.exe" = protocol=6 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"TCP Query User{11C6537F-3DFD-49F8-BEA1-4DC7615B6793}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{18120317-63D8-456B-8A0C-487CB952B06B}C:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe" = protocol=6 | dir=in | app=c:\downloads\enemy.engaged.2.desert.operations.german.proper-fas\zips\f-ee2d01\fas-ee2d\cohokum\ee2deopt.exe | 
"TCP Query User{3442E195-CABE-43DF-98C3-93672C6DFC15}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=6 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | 
"TCP Query User{509386DB-32B5-47BE-A7D8-3A75D885D847}D:\program files\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | 
"TCP Query User{53512855-EEE2-4693-8C6A-C6C4FB9CA3D4}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | 
"TCP Query User{7B5F2614-C853-409F-95DA-8DD58B1A89F7}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{A3C9332E-D029-43BD-91DA-912B745F316F}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=6 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | 
"TCP Query User{A6348E5E-C653-4324-933E-EC02713DAB98}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=6 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | 
"TCP Query User{B7BDF954-9D59-4642-B318-25F38EF7074A}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=6 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | 
"TCP Query User{B82B69D1-5953-4259-9C75-891DF3B3B3D6}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{C136951A-E876-412E-AE2B-DF493F75575E}D:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=d:\program files\azureus\azureus.exe | 
"TCP Query User{D806CFB0-1D10-4ACE-B67B-9D74AD998442}D:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=d:\program files\mirc\mirc.exe | 
"TCP Query User{E85BD8FF-E207-4791-9113-149A951F911F}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | 
"UDP Query User{0A8237EC-4142-4D3E-9A8B-542F411EA304}D:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\xampp\htdocs\fos\dateien\eclipse\eclipse\eclipse.exe | 
"UDP Query User{2E2E7EBB-0C5E-4F1D-9463-1586819C274A}D:\xampp\apache\bin\apache.exe" = protocol=17 | dir=in | app=d:\xampp\apache\bin\apache.exe | 
"UDP Query User{30E44775-63FF-4015-AF12-12520F5F8422}D:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=d:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{5D50CB67-B495-4D0A-B23B-0464EB49EB2B}D:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=d:\program files\azureus\azureus.exe | 
"UDP Query User{62F5FCE2-5ACD-435B-AAB1-1762EDD2F285}D:\downloads\ipcurve100win32\ipcurve\ipcurve.exe" = protocol=17 | dir=in | app=d:\downloads\ipcurve100win32\ipcurve\ipcurve.exe | 
"UDP Query User{70DCC22A-7076-4ED1-9F93-5373ABB73B2E}D:\program files\sixteen tons entertainment\emergency 4\em4.exe" = protocol=17 | dir=in | app=d:\program files\sixteen tons entertainment\emergency 4\em4.exe | 
"UDP Query User{9E11D23B-791D-4E74-BFE4-850E2B75C44C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{B1F7D733-6C78-40C8-A518-AB625029C2BF}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{B9EF8DDF-F28C-41B7-8208-356F2EEF1BD3}D:\downloads\editoren\ecipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=d:\downloads\editoren\ecipse\eclipse\eclipse.exe | 
"UDP Query User{C36FD354-85CF-416F-8062-17B22843B3C9}D:\program files\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=d:\program files\mirandafusion\miranda32.exe | 
"UDP Query User{C52CBF94-75E6-4BCD-BB59-927CDAEB4A77}D:\downloads\miranda\miranda im\miranda32.exe" = protocol=17 | dir=in | app=d:\downloads\miranda\miranda im\miranda32.exe | 
"UDP Query User{D87DAE0B-9B0E-4933-BF5A-E3D61153CBCB}D:\program files\ultravnc\winvnc.exe" = protocol=17 | dir=in | app=d:\program files\ultravnc\winvnc.exe | 
"UDP Query User{DFBD1E95-4937-462F-93D5-EC59F880553A}D:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe" = protocol=17 | dir=in | app=d:\program files\zend\zendstudio-5.5.0\jre\bin\javaw.exe | 
"UDP Query User{E0D5C698-CEB9-457E-83F3-829662C51E50}D:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=d:\program files\mirc\mirc.exe | 
"UDP Query User{F51869D0-4C5B-4E63-B97C-FDEFCE4BFDA9}D:\downloads\multimedia\cryptload_1.1.5\cryptload.exe" = protocol=17 | dir=in | app=d:\downloads\multimedia\cryptload_1.1.5\cryptload.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Bilder-CD Fachkunde Elektrotechnik"_is1" = Bilder-CD für Fachkunde Elektrotechnik, 25. Auflage - Einzelliz
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0168B3E7-393C-4749-B429-FD5B6FD50567}" = NI Circuit Design Suite Support and Upgrade Utility
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{046ED2B7-14D5-4F2C-A275-09D54CEFE757}" = GTactix
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4  
"{07E043CB-B1C1-48E3-B2AF-6BED957DF7CD}SCL" = SIMATIC S7-SCL V5.3 + SP4 Professional 2006 SR4  
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0BEA337D-71D0-44C7-A575-932612A00908}" = NI EULA Depot
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{1296CAF3-F007-4813-A95F-AD153F978DF1}" = AVRStudio4
"{15BD8E56-D41F-4496-8EA6-13D97AF3F35F}" = MP3Find pro v4.49
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16551E12-7EBB-4F63-9B6D-4AED6C2A6FB0}" = Ovi Files
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{20140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0407-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - Deutsch
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BBE45C-6296-488A-B7D5-37E692E71B3F}" = TortoiseSVN 1.6.5.16974 (32 bit)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{35ED8B97-897C-4BD1-AEAE-6FD3404BA082}" = Ovi Desktop Sync Engine
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F64982B-469A-4218-97D0-57B8B69CD1C6}" = Langenscheidt Vokabeltrainer 4.0 Englisch
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1" = BASCOM-AVR
"{481C9A00-91AC-4065-870C-BD4E28186E5A}" = PC Connectivity Solution
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4CDE9452-7BA2-46BC-9551-6A041F4A3B66}" = NI LabVIEW Run-Time Engine 8.2
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4E4E15DD-6CE6-4AAD-81EC-F8A9C0D83449}" = Vokabeltrainer-Update 4.0.19
"{53FE1175-1B37-4677-924C-62AFFCC83800}" = NI MDF Support
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B249FAC-DD1A-405F-A8A2-AA6A2252ED32}" = Eisenbahn.exe Professional 6.0
"{6CAB860B-CB68-462B-AF66-83AEF9BD6ED2}" = NI Circuit Design Suite 10 Pro
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{729518C0-BF90-4653-B1A2-CD0193D14CE6}}_is1" = Helium Music Manager 7 (build 7847)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738B0934-6676-44F6-AB52-32F4E60DCA7F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}" = Automation License Manager V3.0 + SP1 Professional  
"{78F08FD6-0606-4F8B-B16D-57758AEF7E9C}LicenseManager" = Automation License Manager V3.0 + SP1 
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{80F0B640-3A5E-45B6-ACA0-445AFF78CE85}" = Graphviz
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85B9124A-7EE0-4A60-B141-B233124E7DBD}" = Smart Meeting
"{889BF4A8-E783-46C4-8FB8-97A0B977C32A}" = NI LabWindows/CVI 8.0.1 Run-Time Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D6F5556-EB3C-420D-9B75-020DEF9AD0AC}" = NI Uninstaller
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}" = Nokia Ovi Suite
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.8
"{9BFCF52F-9ACE-4BFF-9265-4A83B48D5EED}" = PKZIP Server for Windows 8.60.0007
"{A0A623D9-C673-47B1-8FB1-9FF4A6C88D9C}" = NavyFIELD Europe (DE)
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F7BDF1-6D46-46FC-92D1-BC91202251DD}" = NI Service Locator
"{A2DC3907-B0A3-484F-9677-A16F1D58BF60}" = NI TDMS
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B440401C-4804-4F2D-998C-ACF5FC83DA5F}" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4  
"{B440401C-4804-4F2D-998C-ACF5FC83DA5F}PLCSim" = SIMATIC S7-PLCSIM V5.4 + SP1 Professional 2006 SR4  
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{BA63348B-143D-4CAC-A355-3879402ED781}" = Nokia Ovi Suite Software Updater
"{BAADD05A-8BDD-4C1B-BE38-94627C552A86}" = NI Logos 4.7
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BDE84BB7-8261-4787-8219-A5D60E70146C}" = TRILUX Daten-PlugIn für DIALux 06/2009
"{BE6A4401-F766-4706-97F0-A0332C51A3EE}" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4  
"{BE6A4401-F766-4706-97F0-A0332C51A3EE}S7GRAPH" = SIMATIC S7-GRAPH V5.3 + SP5 Professional 2006 SR4  
"{BE802A6E-7F0D-4333-B45E-80F06C4DC59C}}_is1" = MP3Test
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD094AFB-E5B0-4687-A3D2-358E04BCA172}" = NI Circuit Design Suite 10 Core
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D8B7A9C5-7ACE-4F9C-9788-77D08850AB4F}" = NI USI 1.3.0
"{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}" = Garmin POI Loader
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF316006-FA84-40B0-B9B0-880B6487D5D7}" = SIMATIC  STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4  
"{DF316006-FA84-40B0-B9B0-880B6487D5D7}STEP7" = SIMATIC  STEP 7 V5.4 + SP3 + HF1 Professional 2006 SR4  
"{DFD456BA-8C23-4AAD-AF46-E41CE89D022C}" = ThinkVantage Fingerprint Software
"{E040012F-A895-482E-87EF-D747ABB0F1D6}" = CADdy++ - SEE Electrical
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EB026BC8-E00C-499D-BD87-89A0566BEB0E}" = AVRStudio4
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = WORLD IN CONFLICT
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F8D315CF-615E-3AAC-ABF6-C0FA91EDDDBA}" = Microsoft Visual C# 2008 Express Edition with SP1 - DEU
"{FA440BE8-EC2F-4478-A01A-077DA0606501}" = Microsoft SQL Server Compact 3.5 SP1 (Deutsch)
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDB8EF7A-4118-4B27-8892-4FBE82729340}" = NI License Manager
"{FE2A7490-32EA-47D1-BCB4-0705F73F4C24}" = WinFACT 7
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.14" = AFPL Ghostscript 8.14
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Audacity_is1" = Audacity 1.2.6
"AuthorsW" = SIMATIC AuthorsW V2.5 + ServicePack 1
"Calc 3D Pro_is1" = Calc 3D Pro Deutsch 2.1.7
"CCleaner" = CCleaner
"Cinderella 2.0" = Cinderella 2.0
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"COMODO Firewall Pro" = COMODO Firewall Pro
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EAGLE 5.2.0" = EAGLE 5.2.0
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.0.11
"FluidSIM 4.2h Pneumatik Demoversion" = FluidSIM 4.2h Pneumatik Demoversion
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Sound Recorder" = Free Sound Recorder
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"FWOCX" = SIMATIC ProTool/Pro V6.0 Gemeinsame Dateien
"Geo" = Geo
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HeidiSQL_is1" = HeidiSQL 3.2
"HijackThis" = HijackThis 2.0.2
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JabRef 2.5" = JabRef 2.5
"LHTTSGED" = L&H TTS3000 Deutsch
"LochMaster_30_Demo_is1" = LochMaster 3.0 (Demo)
"LyX" = LyX 1.6.4-1
"MAGIX Ringtone Maker 2 silver US" = MAGIX Ringtone Maker 2 silver (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual C# 2008 Express Edition with SP1 - DEU" = Microsoft Visual C# 2008 Express Edition mit SP1 - DEU
"MiKTeX 2.8" = MiKTeX 2.8
"Mirage Driver_is1" = Mirage Driver 1.1
"Miranda IM" = Miranda IM 0.8.9
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MusicBrainz Picard" = MusicBrainz Picard
"NI Uninstaller" = National Instruments-Software
"Nokia Ovi Suite" = Nokia Ovi Suite
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"PDF Passwort Knacker 1" = PDF Passwort Knacker 1
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"ProInst" = Intel(R) PROSet/Wireless Software
"PSpice Student" = PSpice Student 9.1
"Python2.2" = Python
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SIMATIC ProTool/Pro CS Demo V6.0" = SIMATIC ProTool/Pro CS Demo V6.0 + ServicePack 2
"SIMATIC ProTool/Pro RT V6.0" = SIMATIC ProTool/Pro RT V6.0 + ServicePack 2
"SMSERIAL" = Motorola SM56 Data Fax Modem
"sPlan_60_Demo_is1" = sPlan 6.0 (Demo)
"SystemRequirementsLab" = System Requirements Lab
"Target 3001! V14 discover" = Target 3001! V14 discover
"Target 3001! V14 pcb-pool" = Target 3001! V14 pcb-pool
"TightVNC_is1" = TightVNC 1.3.10
"TUGZip_is1" = TUGZip 3.4
"Ultravnc2_is1" = UltraVNC 1.0.5
"Uninstall_is1" = Uninstall 1.0.0.1
"uniquemagicmp3taggerappid_is1" = Magic MP3 Tagger 2.2.6
"VBSdoc" = VBScript-Dokumentation
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WibTeX_is1" = WibTeX 7.1a
"Winamp" = Winamp
"WinAVR-20090313" = WinAVR 20090313 (remove only)
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1 beta5
"Zend Studio - 7.0.0" = Zend Studio - 7.0.0
"ZendStudio-5.5.0" = ZendStudio-5.5.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bdb6cf26dd054a4b" = Youtube-Entferner
"GraphCalc" = GraphCalc
"IntelliAdmin_NetworkAdministrator" = IntelliAdmin Network Administrator - Remove
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 26.03.2010, 18:34   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Klappt RSIT im Kompatibilitätmodus? Würde mich mal interessieren.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.03.2010, 20:22   #6
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Nein hatte auch nicht geklappt, deshalb bin ich ja umgestiegen.

Alt 27.03.2010, 00:54   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Ok. Bitte mal den Avenger anwenden:

1.) Lade Dir von hier Avenger:
Swandog46's Public Anti-Malware Tools (Download, linksseitig)

2.) Entpack das zip-Archiv, führe die Datei "avenger.exe" aus (unter Vista per Rechtsklick => als Administrator ausführen). Die Haken unten wie abgebildet setzen:



3.) Kopiere Dir exakt die Zeilen aus dem folgenden Code-Feld:
Code:
ATTFilter
files to delete:
C:\Windows\System32\drivers\FwKbd.sys

drivers to delete:
FwKbd
jhguv
         
4.) Geh in "The Avenger" nun oben auf "Load Script", dort auf "Paste from Clipboard".

5.) Der Code-Text hier aus meinem Beitrag müsste nun unter "Input Script here" in "The Avenger" zu sehen sein.

6.) Falls dem so ist, klick unten rechts auf "Execute". Bestätige die nächste Abfrage mit "Ja", die Frage zu "Reboot now" (Neustart des Systems) ebenso.

7.) Nach dem Neustart erhältst Du ein LogFile von Avenger eingeblendet. Kopiere dessen Inhalt und poste ihn hier.

8.) Die Datei c:\avenger\backup.zip bei file-upload.net hochladen und hier verlinken
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2010, 09:41   #8
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



sry das hat jetzt eingabegeräte gekillt,externe Maus funktioniert tastertur nicht. Falsche Treiber gekillt? Oder nebenwirkungen? Rückgängig machen wenn ja wie?
Bin mit handy am tippen sry für rechtsch. Logs versuche ich mal zu kopieren

Alt 27.03.2010, 09:46   #9
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



so Bildschirmtastertur
wenn alles nix hilft werde ich morgen anfangen alles wichtige zu retten und dann wird neu aufgesetzt nur damit ihr wisst das es nicht das gleiche system bleiben muss

Geändert von boecki (27.03.2010 um 10:05 Uhr)

Alt 27.03.2010, 12:58   #10
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



sry wo ist der edit Button?

beim Firefox hat sich ein Add-in eingeschlichen, nun keine keine Umleitungen mehr, Werbung auch weg

bleibt die fehlende Tastatur

Alt 27.03.2010, 13:17   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Ups sry, hab Dir nen Keyboardtreiber weggescripted
Den Rechner bedienen kannst Du aber noch? Wenn ja:

1.) Navigiere zu c:\avenger und entpacke die backup.zip (Password ist infected )
2.) Kopiere die FwKbd.sys nach C:\Windows\System32\drivers
3.) Doppelklick auf die backup.reg und bestätige mit (Registrierungsinfos hinzufügen bestätigen)
4.) Neustart und die Tastatur sollte hoffentlich wieder gehen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2010, 14:21   #12
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



So die Tastatur funktioniert wieder

Nebenbei möchte ich noch diese Handy-Browser umbringen, das war ein absoluter Kampf. Dann hab ich die Bildschirmtastatur ausprobiert, die funktionierte. Die per USB angeschlossene Funkmaus funktionierte, die Tastatur nicht.

Nun nochmal eine Kurzzusammenfassung, mit der richtigen Tastatur schrieb es sich viel besser:
  • Firefox hatte ein zusätzliches Add-In, das hab ich deinstalliert, leider hab ich den Namen vergessen, seit dem sind die plötzlichen Werbebanner weg, auch die Suchanfragen landen wieder richtig bei Google
  • Werde nun noch mal HouseCall, Maleware und CCCleaner laufen lassen, dann noch OTL. anschließend wieder Berichte hier einstellen.

Alt 27.03.2010, 14:43   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Schön. Hat das so geklappt mit den vier Schritten die ich Dir gepostet hab, um die Tastatur wieder zu reanimieren?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2010, 19:11   #14
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Ja, hat es nur das die Zip Datei nicht mehr da war, obwohl ich sie aus dem Ordner hoch geladen hatte.
Naja und dann hab ich das hoch geladene wieder runter geladen

Zwischenstand Viren-Test:
2 Rootkits entfernt:
Datei: Q:\140062\Office14\ONENOTEM.exe
Threat: HIDDEN_FILE

Datei: Q:\140062\Office14\1031\ONINTL.DLL
Threat: HIDDEN_FILE

Q ist das Laufwerk welches von Office 2010 Beta angelegt wird wenn man die Click to Run Variante gewählt hat.
Da werde ich jetzt noch mal durchlaufen lassen.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3919
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

27.03.2010 19:00:56
mbam-log-2010-03-27 (19-00-56).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|Q:\|)
Durchsuchte Objekte: 527441
Laufzeit: 3 hour(s), 6 minute(s), 40 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
TrendMicroHouse hat schon 2 Infektionen gefunden, kann aber erst am Ende des Scanns nähere sagen.
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Geändert von boecki (27.03.2010 um 19:28 Uhr) Grund: Virenmeldungen hinzugefügt

Alt 28.03.2010, 10:01   #15
boecki
 
Suchanfrgen werden zu Ad-seiten umgeleitet - Standard

Suchanfrgen werden zu Ad-seiten umgeleitet



Virenscanner sagt nun virenfrei

Werde nun einmal neu starten und schauen was dabei raus kommt
OTL:
Code:
ATTFilter
OTL logfile created on: 28.03.2010 09:50:18 - Run 3
OTL by OldTimer - Version 3.1.37.3     Folder = D:\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
5,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): c:\pagefile.sys 3067 3067 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 33,66 Gb Total Space | 3,87 Gb Free Space | 11,51% Space Free | Partition Type: NTFS
Drive D: | 78,12 Gb Total Space | 11,46 Gb Free Space | 14,67% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-NOTEBOOK
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox 3\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\COMODO\Firewall\cfp.exe ()
PRC - C:\Programme\COMODO\Firewall\cmdagent.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - d:\xampp\mysql\bin\mysqld.exe ()
PRC - D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - D:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - d:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
PRC - D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe (SIEMENS AG)
PRC - D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
PRC - D:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe (SIEMENS AG)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - D:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lkads.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\guard32.dll ()
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (cvhsvc) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UpekSrvc) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksrvc.exe (UPEK Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (cmdAgent) -- C:\Program Files\COMODO\Firewall\cmdagent.exe ()
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (XAMPP) -- D:\xampp\service.exe ()
SRV - (s7oiehsx) -- D:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe (SIEMENS AG)
SRV - (IGDCTRL) -- D:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (S7TraceServiceX) -- C:\Programme\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe (SIEMENS AG)
SRV - (s7asysvx) -- D:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe (SIEMENS AG)
SRV - (almservice) -- D:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe (SIEMENS AG)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (NIDomainService) -- D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
SRV - (lkTimeSync) -- C:\Windows\System32\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\Windows\System32\lkads.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- D:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (LkCitadelServer) -- C:\Windows\System32\lkcitdl.exe (National Instruments, Inc.)
SRV - (niSvcLoc) -- C:\Windows\System32\nisvcloc.exe (National Instruments Corp.)
SRV - (OpcEnum) -- C:\Windows\System32\OPCENUM.EXE ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftplay) -- C:\Programme\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Programme\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (PnkBstrK) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (Inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNTIE) SIMATIC Industrial Ethernet (ISO) -- C:\Windows\System32\drivers\SNTIE.SYS (SIEMENS AG)
DRV - (s7snsrtx) -- C:\Windows\System32\drivers\s7snsrtx.sys (SIEMENS AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (CamFilter) -- C:\Windows\System32\drivers\Camfilter.sys (Compal Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (EMSC) -- C:\Windows\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (cvintdrv) -- C:\Windows\System32\drivers\cvintdrv.sys ()
DRV - (dfmirage) -- C:\Windows\System32\drivers\dfmirage.sys (DemoForge, LLC)
DRV - (TVicPort) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (Hardlock) -- C:\Windows\System32\drivers\hardlock.sys (Aladdin Knowledge Systems)
DRV - (FwKbd) -- C:\Windows\System32\drivers\FwKbd.sys ()
DRV - (dpmcslv) -- C:\Windows\System32\drivers\dpmcslv.sys (Siemens AG)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 58 7E FE 29 C2 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.7
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.3
FF - prefs.js..extensions.enabledItems: firecookie@janodvarko.cz:1.0.2
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.22
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.87.4
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: pixelperfectplugin@openhouseconcepts.com:1.5.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6
FF - prefs.js..extensions.enabledItems: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}:1.2
FF - prefs.js..network.proxy.backup.ftp: "yolno.infp"
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: "yolno.infp"
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "yolno.infp"
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: "yolno.infp"
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "74.222.8.26"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "74.222.8.26"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "74.222.8.26"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "74.222.8.26"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "74.222.8.26"
FF - prefs.js..network.proxy.ssl_port: 3128
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.02.26 20:49:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox 3\components [2010.03.27 19:43:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3\plugins [2010.03.24 17:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.02.26 20:49:32 | 000,000,000 | ---D | M]
 
[2008.06.18 08:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.03.28 00:49:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions
[2009.08.20 22:25:04 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.01.27 20:58:15 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2009.09.15 22:24:10 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010.02.11 22:51:31 | 000,000,000 | ---D | M] (Tamper Data) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009.04.21 22:01:15 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2010.01.08 16:03:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.08.29 10:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{E2082660-5330-49e6-BD84-9978CE15BA72}
[2009.10.20 12:43:33 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2009.08.21 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\avg@script.1
[2010.02.18 23:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\check4change-owner@mozdev.org
[2010.02.13 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.07.01 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\elemhidehelper@adblockplus.org
[2008.05.04 19:05:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.03.15 00:41:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firebug@software.joehewitt.com
[2010.01.13 23:34:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\firecookie@janodvarko.cz
[2009.12.13 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pencil@evolus.vn
[2010.03.18 22:54:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\personas@christopher.beard
[2010.02.08 20:52:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\pixelperfectplugin@openhouseconcepts.com
[2010.01.27 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\smarterwiki@wikiatic.com
[2009.05.09 09:07:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\sqlime@security.compass
[2009.05.28 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\xssme@security.compass
[2010.03.15 00:41:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3v0eu4xy.default\extensions\youtube2mp3@mondayx.de
 
O1 HOSTS File: ([2010.01.24 19:09:46 | 000,000,901 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 	 pro_001.mirrow.loc
O1 - Hosts: 192.168.2.103   root.loc
O1 - Hosts: 192.168.2.103   live.loc
O1 - Hosts: 192.168.2.103   phpBB.loc
O1 - Hosts: 192.168.2.103   pma.loc
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\Firewall\cfp.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S7UB Start] D:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe (SIEMENS AG)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Zend Studio - Debug current page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O8 - Extra context menu item: Zend Studio - Debug next page - D:\Program Files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c4ac2f5-fa73-11dc-9241-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{70a5fedc-8029-11dd-941f-001b3868aa49}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell - "" = AutoRun
O33 - MountPoints2\{b8e4ab6e-47a9-11de-a745-001b3868aa49}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell - "" = AutoRun
O33 - MountPoints2\{de79b896-1b91-11de-bbf3-001b3868aa49}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.03.27 15:09:50 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.26 14:26:26 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010.03.26 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.03.26 09:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.26 09:18:07 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.26 09:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.25 09:00:42 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Essentials
[2010.03.17 04:01:52 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.11 17:36:41 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.11 17:36:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.08 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\dwhelper
[2010.03.03 21:05:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ManyCam
[2010.03.02 17:34:36 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Tabctl32.ocx
[2010.02.27 11:56:00 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.02.26 20:48:11 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.02.26 20:47:43 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2009.08.27 16:43:40 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Programme\Common Files\dao350.dll
[2008.03.25 17:58:16 | 000,081,920 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008.03.25 17:58:16 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2006.01.20 14:11:59 | 000,253,952 | ---- | C] (XtraLogiX GbR) -- C:\Programme\Graph_Pro.exe
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.03.28 09:50:16 | 010,223,616 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.03.28 09:44:50 | 001,575,692 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.28 09:44:50 | 000,676,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.28 09:44:50 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.28 09:44:50 | 000,147,014 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.28 09:44:50 | 000,121,564 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.28 09:42:00 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2010.03.28 09:42:00 | 000,232,348 | ---- | M] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2010.03.28 08:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 08:46:03 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 02:05:39 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A522CF25-CAAB-4EAB-85D9-A6991B693371}.job
[2010.03.28 00:46:14 | 000,123,808 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.27 17:18:11 | 000,000,630 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2010.03.27 17:18:06 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.03.27 16:47:39 | 002,349,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.27 16:46:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.27 16:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.27 15:00:31 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.03.27 14:54:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TMContainer00000000000000000001.regtrans-ms
[2010.03.27 14:54:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{344485b2-1f31-11df-a36f-001b3868aa49}.TM.blf
[2010.03.27 14:54:51 | 002,073,722 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.03.27 10:03:30 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2010.03.26 23:32:50 | 000,000,732 | ---- | M] () -- C:\Users\***\Desktop\Defraggler.lnk
[2010.03.26 14:19:04 | 000,000,232 | ---- | M] () -- C:\Windows\win.ini
[2010.03.26 14:01:58 | 000,000,708 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.03.26 09:18:14 | 000,000,616 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.25 09:00:44 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.03.24 17:00:28 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2010.03.17 23:26:54 | 000,000,162 | -H-- | M] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx
[2010.03.17 23:26:46 | 000,887,725 | ---- | M] () -- C:\Users\***\Documents\FormelSammlung_ET.docx
[2010.03.17 22:57:25 | 000,001,355 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.06 22:01:29 | 000,001,426 | ---- | M] () -- C:\List.conf
[2010.03.06 16:25:12 | 000,000,316 | ---- | M] () -- C:\Users\***\cinderella2-user.properties
[2010.03.04 16:21:19 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Install_NSS.job
[2010.03.03 12:42:02 | 000,002,464 | ---- | M] () -- C:\Windows\netdet.ini
[2010.02.27 21:57:43 | 000,000,650 | ---- | M] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk
[2010.02.27 20:35:40 | 000,001,393 | ---- | M] () -- C:\Users\***\Documents\#newfile2.lyx#
[2010.02.27 13:45:57 | 000,020,598 | ---- | M] () -- C:\Users\***\Documents\Kalender von ***.ics
[2010.02.26 10:29:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.03.27 17:18:11 | 000,000,630 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk
[2010.03.27 17:18:03 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.03.27 14:53:15 | 000,002,976 | ---- | C] () -- C:\Windows\System32\drivers\FwKbd.sys
[2010.03.27 10:03:30 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2010.03.26 23:32:50 | 000,000,732 | ---- | C] () -- C:\Users\***\Desktop\Defraggler.lnk
[2010.03.26 14:01:58 | 000,000,708 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.03.26 09:18:14 | 000,000,616 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.25 09:00:44 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.03.24 17:00:28 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Local\housecall.guid.cache
[2010.03.17 23:26:54 | 000,000,162 | -H-- | C] () -- C:\Users\***\Documents\~$rmelSammlung_ET.docx
[2010.03.17 23:25:13 | 000,887,725 | ---- | C] () -- C:\Users\***\Documents\FormelSammlung_ET.docx
[2010.03.17 22:57:25 | 000,001,355 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2010.03.06 16:25:12 | 000,000,316 | ---- | C] () -- C:\Users\***\cinderella2-user.properties
[2010.03.03 21:06:30 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\Install_NSS.job
[2010.02.27 21:57:43 | 000,000,650 | ---- | C] () -- C:\Users\***\Desktop\CryptLoad.exe - Verknüpfung.lnk
[2010.02.27 20:30:40 | 000,001,393 | ---- | C] () -- C:\Users\***\Documents\#newfile2.lyx#
[2010.02.27 13:45:57 | 000,020,598 | ---- | C] () -- C:\Users\***\Documents\Kalender von ***.ics
[2010.02.27 11:44:25 | 000,001,426 | ---- | C] () -- C:\List.conf
[2010.02.26 10:29:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.02.26 10:24:22 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.01.16 16:01:13 | 000,002,593 | ---- | C] () -- C:\Windows\SE.INI
[2010.01.05 19:40:21 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2009.12.25 20:53:12 | 000,002,770 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.23 22:05:41 | 000,000,227 | ---- | C] () -- C:\Windows\FTRUN32.INI
[2009.12.23 21:20:53 | 000,000,032 | ---- | C] () -- C:\Windows\DVD_Start.INI
[2009.11.19 17:31:52 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.10.18 17:11:32 | 000,000,165 | ---- | C] () -- C:\Users\***\AppData\Local\rahistory.xml
[2009.10.07 15:58:16 | 000,000,133 | ---- | C] () -- C:\Windows\Dialux.ini
[2009.09.25 16:47:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.05 11:26:52 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.09.05 11:26:52 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.09.05 11:26:52 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.09.05 11:22:18 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.08.27 16:55:10 | 000,000,000 | ---- | C] () -- C:\Windows\FwSim.INI
[2009.08.27 16:44:58 | 000,104,633 | ---- | C] () -- C:\Windows\System32\drivers\fwDH485.sys
[2009.08.27 16:44:56 | 000,031,232 | ---- | C] () -- C:\Windows\System32\s7200L2.dll
[2009.03.28 14:11:00 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.25 18:39:04 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.13 20:40:55 | 000,002,464 | ---- | C] () -- C:\Windows\netdet.ini
[2009.03.13 20:27:51 | 000,100,352 | ---- | C] () -- C:\Windows\System32\pg32conv.dll
[2009.03.13 20:27:50 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll
[2009.02.11 17:48:52 | 000,000,026 | ---- | C] () -- C:\Windows\NeoSetup.INI
[2009.01.18 21:09:20 | 000,000,146 | ---- | C] () -- C:\Windows\Capture.INI
[2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008.11.01 15:25:03 | 000,000,728 | ---- | C] () -- C:\Users\***\AppData\Local\RAExpertHistory.xml
[2008.11.01 15:05:56 | 000,031,007 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2008.10.10 20:40:40 | 000,471,161 | ---- | C] () -- C:\Programme\Mozilla Firefox 3__inst.jar
[2008.10.10 17:09:20 | 000,006,783 | ---- | C] () -- C:\Windows\PSPICEEV.INI
[2008.10.10 17:09:14 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2008.10.10 17:09:14 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2008.10.10 17:09:14 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2008.10.10 17:09:14 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2008.10.10 17:09:14 | 000,043,008 | ---- | C] () -- C:\Windows\System32\ltfil60n.dll
[2008.10.10 17:09:14 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2008.10.10 17:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2008.10.10 17:09:14 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2008.10.10 17:09:14 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2008.10.10 17:09:14 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2008.10.10 17:09:14 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2008.10.10 17:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2008.10.10 17:09:14 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2008.10.10 17:09:14 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2008.10.10 17:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2008.10.10 17:09:14 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2008.09.14 14:52:48 | 000,000,057 | ---- | C] () -- C:\Windows\System32\FORM.INI
[2008.09.13 12:53:50 | 000,000,613 | ---- | C] () -- C:\Users\***\AppData\Roaming\UCO.cache
[2008.04.15 18:33:53 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2008.04.06 18:50:21 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2008.03.27 22:02:08 | 000,138,920 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.03.27 13:42:30 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2008.03.27 13:38:32 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.03.27 10:26:20 | 000,034,304 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.26 21:52:56 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.03.26 09:48:02 | 000,156,160 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2008.03.26 09:48:02 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2008.03.26 09:39:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.03.26 07:24:10 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.03.25 23:09:13 | 000,155,384 | ---- | C] () -- C:\Windows\System32\guard32.dll
[2008.03.25 18:25:54 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.001
[2008.03.25 18:19:23 | 000,232,348 | ---- | C] () -- C:\Users\***\AppData\Roaming\nvModes.dat
[2008.03.25 17:58:16 | 009,599,872 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008.03.25 17:58:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.03.25 17:19:31 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2008.03.25 17:14:28 | 000,001,356 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.06.01 11:58:40 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007.04.17 10:44:28 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.DLL
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.07.27 11:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\drivers\cvintdrv.sys
[2005.06.10 08:46:52 | 000,049,152 | R--- | C] () -- C:\Windows\System32\FDT100.dll
[1999.07.16 14:37:56 | 000,136,704 | ---- | C] () -- C:\Windows\System32\TDCTRL.dll
[1998.03.11 23:15:52 | 000,025,600 | ---- | C] () -- C:\Windows\System32\CBNDLL.DLL
[1998.03.11 23:00:30 | 000,015,408 | ---- | C] () -- C:\Windows\System32\CB560WIN.DLL
[1997.01.29 18:53:26 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[1997.01.15 14:33:46 | 000,009,216 | ---- | C] () -- C:\Windows\System32\CBNVDD.DLL
[1996.12.19 14:37:38 | 000,103,360 | ---- | C] () -- C:\Windows\System32\S7OSC16X.DLL
[1996.12.19 14:36:48 | 000,014,848 | ---- | C] () -- C:\Windows\System32\S7OSC32X.DLL
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >
         

Antwort

Themen zu Suchanfrgen werden zu Ad-seiten umgeleitet
adware, adware.adrotator, allpurposeresults, antivirus, appdatalow, bot, browser, content.ie5, dateien, dns, explorer, fehlermeldung, flv direct player, frage, geld, google, helper, hijack.system.hidden, install.exe, installation, loudmo, malwarebytes, malwarebytes' anti-malware, microsoft, ordner, problem, seite, setup, software, suche, system32, virus, weitere vorgehensweise, werbung, wireshark



Ähnliche Themen: Suchanfrgen werden zu Ad-seiten umgeleitet


  1. Windows 7: Webseiten werden auf andere Seiten umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (23)
  2. firefox lesezeichen werden sporadisch auf andere Seiten umgeleitet.
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (17)
  3. Im Firefox werden einige Seiten umgeleitet auf adf.ly
    Log-Analyse und Auswertung - 30.03.2013 (14)
  4. Google Redirect ? Suchergebnisse werden auf andere Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (7)
  5. Google Ergebnisse werden umgeleitet zu anderen Seiten
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (27)
  6. Seiten werden umgeleitet..google
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  7. Anti-Viren Seiten (avira.com, kaspersky.com) werden auf google.de umgeleitet
    Log-Analyse und Auswertung - 12.09.2012 (1)
  8. Google Links werden auf seiten wie 95p.com umgeleitet. (malware?)
    Log-Analyse und Auswertung - 29.12.2011 (2)
  9. Firefox und Internetexplorer werden auf fremde Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 07.12.2011 (8)
  10. Anfänger: Google ergebnisse werden auf andere seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (17)
  11. Google - Suchresultate werden auf Malware verseuchte Seiten umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 11.12.2010 (17)
  12. Google Suche - Seiten werden umgeleitet Security Tool
    Log-Analyse und Auswertung - 29.11.2010 (17)
  13. Google und Boardlinks werden auf schädliche Seiten umgeleitet
    Log-Analyse und Auswertung - 10.10.2010 (15)
  14. Google seiten werden auf verschiedene seiten umgeleitet oder nicht geladen
    Log-Analyse und Auswertung - 05.10.2010 (28)
  15. Google Suchergebnisse werden umgeleitet auf falsche Seiten
    Log-Analyse und Auswertung - 22.02.2010 (3)
  16. Links von Google und weiteren Seiten werden umgeleitet
    Log-Analyse und Auswertung - 05.01.2010 (3)
  17. Google: Links führen zu falschen Seiten oder werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 10.02.2009 (42)

Zum Thema Suchanfrgen werden zu Ad-seiten umgeleitet - Hallo, schon etwas länger habe ich das "Problem" das Suchanfragen in der Adresszeile nicht mehr per Google bearbeitet werden. Zuerst war es eine T-Online Seite die angezeigt wurde, ok dachte - Suchanfrgen werden zu Ad-seiten umgeleitet...
Archiv
Du betrachtest: Suchanfrgen werden zu Ad-seiten umgeleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.