Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internetexplorer öffnet sich permanent mit Werbung...

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.04.2010, 16:18   #1
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Hallo an das Forum,

nachdem ich - den hier erwähnten Rat - alles "abgegoogelt" habe, mir diverse Tools heruntergeladen habe, z.B. Trojan Remover, hijackthis, einen Virusscan durchgeführt, einen weiteren Onlinescan bei Panda durchgeführt habe, bleibt mir nur noch die Möglichkeit... mich der am häufigsten gefundenen Antwort hinzugeben... ich bin hier gelandet!

Mich plagt seit heute der Internetexplorer der mir ständig Seiten mit irgendwelchen Werbungen öffnet... ich nutze aber ausschließlich Firefox...

Hier mein hoffentlich nicht hoffnungsloses hijackfile...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:40:52, on 09.04.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Users\JRGCLS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\My Mobile\MyMobiler\MyMobiler.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Windows\system32\rundll32.exe
C:\Users\JRGCLS~1\AppData\Local\Temp\Hfk.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool - {10945114-b19f-4614-8450-b25e444a1020} - mscoree.dll (file missing)
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_S390A.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Canaveral] rundll32.exe C:\Users\JRGCLS~1\AppData\Local\Temp\sshnas21.dll,BackupReadW
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Eintrag öffnen - C:\Program Files\PRMT8\PRMTIE\addentry.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite übersetzen - C:\Program Files\PRMT8\PRMTIE\page.htm
O8 - Extra context menu item: Themenvorlage automatisch bestimmen - C:\Program Files\PRMT8\PRMTIE\aot.htm
O8 - Extra context menu item: Unbekannte Wörter - C:\Program Files\PRMT8\PRMTIE\infopanel.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Übersetzen - C:\Program Files\PRMT8\PRMTIE\translat.htm
O8 - Extra context menu item: Übersetzungsoptionen anpassen - C:\Program Files\PRMT8\PRMTIE\options.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm (file missing)
O9 - Extra 'Tools' menuitem: Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm (file missing)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm (file missing)
O9 - Extra 'Tools' menuitem: Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - hxxp://www.o2c.de/cms/de/uploads/_files/O2CSetupOCX.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - Unknown owner - C:\Program Files\Common Files\AVM\de_serv.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: vtigercrmApache510 - Apache Software Foundation - C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe
O23 - Service: vtigercrmMysql510 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--
End of file - 15995 bytes

Ist da noch was zu machen, oder gehört meinem Notebook der Gnadenschuss???

Beste Grüße aus dem Dorf an der Düssel

Alt 09.04.2010, 18:32   #2
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



1. Deinstalliere Spybot. Das Teil wird versuchen, Systemänderungen rückgängig zu machen, was bei einer Bereinigung problematisch ist. Kannst ihn später wieder installieren, wobei das Programm heutzutage relativ nutzlos ist.

Alle Progs mit Rechtsklick "Als Administrator ausführen" starten.


2. http://www.trojaner-board.de/51187-a...i-malware.html
Log posten.

3. http://www.trojaner-board.de/74908-a...t-scanner.html
Log posten.

4. Hol dir OTL
Starte OTL
Kopiere unten in das Skript-Feld rein:

Zitat:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav

Schließe alle anderen Programme.
Klicke auf Quick Scan.
Poste die beiden Logs - OTL.txt und Extras.txt
__________________


Alt 09.04.2010, 19:05   #3
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Hallo Sion,

erst Mal vorab: Danke für die schnelle Hilfe...
Ich habe den ersten Schritt vollzogen, Spybot ist nicht mehr auf dem System.
der 2. Schritt läuft gerade - Logfile folgt wenn fertig, somit ist es aber schon einmal ein Dialog...

Bis gleich
Jörg

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3972

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

09.04.2010 19:53:11
mbam-log-2010-04-09 (19-53-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 109118
Laufzeit: 7 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jörg Cölsmann\AppData\Local\Temp\Hfj.exe (Trojan.FraudPack) -> No action taken.
C:\Users\Jörg Cölsmann\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
__________________

Geändert von coelsmann (09.04.2010 um 19:11 Uhr) Grund: Schritt 2 ist gelaufen

Alt 09.04.2010, 20:35   #4
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



... und hier der 2. Teil...

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-09 20:36:02
Windows 6.0.6002 Service Pack 2
Running: w0ncch14.exe; Driver: C:\Users\JRGCLS~1\AppData\Local\Temp\fgkyykog.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\emmj.sys Das System kann den angegebenen Pfad nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1688] ntdll.dll!LdrLoadDll 77A39390 5 Bytes JMP 002013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74667817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [746BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7466BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7465F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [746675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7465E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74698395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7466DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7465FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7465FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [746ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7468C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7465D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74656853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7465687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4884] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74662AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-6 hcmon.sys
Device \Driver\usbhub \Device\00000064 hcmon.sys
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys
Device \Driver\usbhub \Device\00000065 hcmon.sys
Device \Driver\usbhub \Device\00000066 hcmon.sys
Device \Driver\usbhub \Device\00000067 hcmon.sys
Device \Driver\usbhub \Device\00000068 hcmon.sys
Device \Driver\usbhub \Device\00000069 hcmon.sys
Device \Driver\usbhub \Device\0000006a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-6 hcmon.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Alt 09.04.2010, 20:44   #5
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Hast du die Funde von Malwarebytes entfernen lassen?


Alt 09.04.2010, 21:17   #6
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



... und hier das OLT Logfile


OTL logfile created on: 09.04.2010 20:38:28 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 18,70 Gb Free Space | 26,80% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 49,25 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,05 Gb Total Space | 249,80 Gb Free Space | 83,81% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JÖRGCÖLSMANN-PC
Current User Name: Jörg Cölsmann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.04.09 20:38:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010.03.16 16:36:29 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010.01.22 23:13:08 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-tray.exe
PRC - [2010.01.22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010.01.22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.05.08 16:41:34 | 005,750,784 | ---- | M] () -- C:\Programme\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe
PRC - [2009.05.08 16:41:34 | 000,020,541 | ---- | M] (Apache Software Foundation) -- C:\Programme\vtigercrm-5.1.0\apache\bin\Apache.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.01.06 10:42:03 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.25 22:15:57 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\JRGCLS~1\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2007.08.29 11:35:38 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.07.24 11:21:26 | 000,450,560 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.06.13 16:56:18 | 000,765,952 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.06.11 14:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe
PRC - [2007.05.10 11:10:00 | 004,468,736 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007.04.19 14:49:52 | 000,064,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE
PRC - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.02.09 06:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe


========== Modules (SafeList) ==========

MOD - [2010.04.09 20:38:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (de_serv)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010.03.16 16:36:29 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.01.22 23:13:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 23:13:02 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 23:12:46 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 22:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.10.12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009.05.08 16:41:34 | 005,750,784 | ---- | M] () [Auto | Running] -- C:\Program Files\vtigercrm-5.1.0\mysql\bin\mysqld-nt.exe -- (vtigercrmMysql510)
SRV - [2009.05.08 16:41:34 | 000,020,541 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\vtigercrm-5.1.0\apache\bin\Apache.exe -- (vtigercrmApache510)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.01.06 10:42:03 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.01.06 10:41:59 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008.10.16 17:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.10.16 16:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.04 20:20:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.28 18:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.06.13 16:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.06.13 11:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.04.25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.04.23 09:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007.02.12 15:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.01.26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006.11.24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Orbit Downloader Start
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&SearchSource=3&q="
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: sipgateffx@michael.rotmanov:0.6.7
FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9


FF - HKLM\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008.01.05 15:54:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 20:12:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.02 20:12:14 | 000,000,000 | ---D | M]

[2008.07.11 08:53:14 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Extensions
[2010.04.08 08:48:40 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions
[2009.07.15 21:56:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.07 11:09:53 | 000,000,000 | ---D | M] (dict.cc Toolbar) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
[2010.01.08 13:49:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.07 11:09:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.03.27 09:59:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.02.13 18:06:25 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2008.07.11 11:06:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009.10.03 15:20:47 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.03.03 16:09:51 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\foxmarks@kei.com
[2010.01.28 14:53:44 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\mozilla\Firefox\Profiles\n6lye8di.default\extensions\sipgateffx@michael.rotmanov
[2008.07.13 11:10:22 | 000,001,459 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Mozilla\FireFox\Profiles\n6lye8di.default\searchplugins\dictcc-ende.xml
[2008.01.05 23:11:30 | 000,001,998 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Mozilla\FireFox\Profiles\n6lye8di.default\searchplugins\xing.xml
[2010.03.27 09:59:26 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.03.02 15:17:24 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPAPIX.dll
[2007.01.17 13:18:04 | 000,095,200 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
[2007.07.02 17:42:20 | 000,103,064 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPMPDRM.dll
[2010.03.12 10:21:51 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 10:21:51 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 10:21:51 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 10:21:51 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 10:21:51 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Programme\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.DLL ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\Jörg Cölsmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Schnellstart.lnk = C:\Programme\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} hxxp://www.o2c.de/cms/de/uploads/_files/O2CSetupOCX.exe (O2C-Player (ELECO Software GmbH))
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\BG\bg1.jpg
O24 - Desktop BackupWallPaper: C:\BG\bg1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell - "" = AutoRun
O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.04.25 22:04:57 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010.04.09 19:43:37 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Malwarebytes
[2010.04.09 19:43:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.09 19:43:23 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.09 19:43:23 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.09 19:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.09 15:28:45 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Simply Super Software
[2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Simply Super Software
[2010.04.09 15:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.04.09 15:06:14 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.04.09 15:05:41 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security
[2010.04.09 14:51:41 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.08 20:35:07 | 000,000,000 | ---D | C] -- C:\Programme\PocketRAR
[2010.04.08 09:39:19 | 000,000,000 | ---D | C] -- D:\Eigene Dokumente\Dokumente auf Jörg Cölsmanns Smartphone
[2010.04.07 11:16:17 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Local\Microsoft Corporation
[2010.04.07 11:14:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Windows 7 Upgrade Advisor
[2010.03.30 14:13:41 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!DSL
[2010.03.30 13:38:26 | 000,131,072 | ---- | C] (AVM Berlin) -- C:\Windows\_detmp.2
[2010.03.29 08:45:59 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\MySQL
[2010.03.29 08:44:50 | 000,000,000 | ---D | C] -- C:\Programme\MySQL
[2010.03.27 00:29:06 | 000,000,000 | ---D | C] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Avira
[2010.03.26 22:38:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.03.26 22:38:13 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2009.09.11 11:17:35 | 003,315,954 | ---- | C] (Marx Softwareentwicklung ) -- C:\Users\Jörg Cölsmann\AppData\Local\TempRCSetup2k8_upd.exe
[2008.06.11 16:25:09 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\LMUD06BC.dll
[2008.06.11 16:25:09 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\LMUD05BC.dll
[2008.06.11 16:25:09 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2007.09.17 06:31:37 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.09.17 06:31:37 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007.08.14 14:51:31 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007.08.14 07:11:40 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.04.09 20:42:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.04.09 20:42:51 | 000,524,288 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.09 20:42:51 | 000,065,536 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.09 20:42:47 | 005,265,738 | -H-- | M] () -- C:\Users\Jörg Cölsmann\AppData\Local\IconCache.db
[2010.04.09 20:38:35 | 005,767,168 | -HS- | M] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT
[2010.04.09 20:35:43 | 001,462,502 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.09 20:35:43 | 000,634,632 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.09 20:35:43 | 000,598,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.09 20:35:43 | 000,129,284 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.09 20:35:43 | 000,104,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.09 20:31:31 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.09 20:31:30 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.09 20:31:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.09 20:31:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.09 20:31:12 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.09 19:43:29 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.09 14:51:41 | 000,001,878 | ---- | M] () -- C:\Users\Jörg Cölsmann\Desktop\HijackThis.lnk
[2010.04.07 11:14:41 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010.04.06 11:39:43 | 000,072,520 | ---- | M] () -- C:\Users\Jörg Cölsmann\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.06 10:50:34 | 001,645,824 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.30 14:14:06 | 000,076,368 | ---- | M] () -- C:\Windows\_detmp.1
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.09 19:43:29 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.09 15:28:35 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.04.09 15:28:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.04.09 15:28:35 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.04.09 15:28:35 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.04.09 14:51:41 | 000,001,878 | ---- | C] () -- C:\Users\Jörg Cölsmann\Desktop\HijackThis.lnk
[2010.04.07 11:14:41 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2010.03.30 13:48:33 | 000,000,312 | ---- | C] () -- C:\Users\Jörg Cölsmann\DesktopStCenter.txt
[2010.03.30 13:38:26 | 000,076,368 | ---- | C] () -- C:\Windows\_detmp.1
[2009.09.13 18:05:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 11:57:07 | 000,003,072 | ---- | C] () -- C:\Windows\System32\CNCFLaNL.DLL
[2009.06.17 20:29:48 | 000,038,434 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\Microsoft Access.ADR
[2009.06.16 08:51:19 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.06.10 17:37:43 | 000,000,373 | ---- | C] () -- C:\Windows\WebAng32.INI
[2009.01.28 14:26:58 | 000,016,404 | ---- | C] () -- C:\Windows\System32\msdx92.dll
[2008.12.06 10:59:39 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008.11.20 14:44:55 | 000,000,887 | ---- | C] () -- C:\Windows\uninst.ini
[2008.10.29 13:09:57 | 000,223,875 | ---- | C] () -- C:\Users\Jörg Cölsmann\Krankenkasse_BKK.pdf
[2008.09.30 12:24:02 | 000,000,532 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.09.30 12:24:02 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.09.30 12:23:16 | 000,000,904 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008.09.30 12:23:16 | 000,000,168 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008.09.30 12:19:40 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2008.09.30 12:19:40 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2008.09.30 12:19:39 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008.09.04 11:40:08 | 000,058,880 | ---- | C] () -- C:\Users\Jörg Cölsmann\Fax_britta_Bausparvertrag.doc
[2008.09.04 10:54:46 | 000,020,365 | ---- | C] () -- C:\Users\Jörg Cölsmann\Bausparvertrag_kündigung.pdf
[2008.09.04 10:07:19 | 000,924,674 | ---- | C] () -- C:\Users\Jörg Cölsmann\Ueberweisung_Mobilkom_03_09_08.pdf
[2008.09.04 09:43:50 | 000,060,065 | ---- | C] () -- C:\Users\Jörg Cölsmann\Fax_Mobilcom_04_09_08.pdf
[2008.08.29 09:26:38 | 000,053,069 | ---- | C] () -- C:\Users\Jörg Cölsmann\M818949937_08_2008.pdf
[2008.05.16 13:38:24 | 000,088,632 | ---- | C] () -- C:\Windows\System32\drivers\snsntfy.dll
[2008.05.04 18:08:55 | 000,020,480 | ---- | C] () -- C:\Windows\System32\CPUINFO2.DLL
[2008.03.18 11:39:56 | 000,464,142 | ---- | C] () -- C:\Users\Jörg Cölsmann\misslungene_kinder.mp3
[2008.03.07 01:29:00 | 000,466,944 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2008.03.07 01:29:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2008.03.05 11:27:19 | 000,015,639 | ---- | C] () -- C:\Windows\AGVIP5.INI
[2008.03.05 11:27:19 | 000,000,047 | ---- | C] () -- C:\Windows\BTI.INI
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.22 02:20:07 | 000,001,359 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Roaming\XING-Plugin Update Log.txt
[2008.01.19 22:51:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.10 16:15:49 | 000,004,096 | -H-- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\keyfile3.drm
[2008.01.06 04:34:11 | 000,000,101 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\fusioncache.dat
[2008.01.05 19:53:43 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.01.05 10:34:45 | 000,000,039 | ---- | C] () -- C:\Windows\MB.ini
[2008.01.05 01:06:40 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.01.05 00:23:13 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.01.04 16:06:45 | 000,023,552 | ---- | C] () -- C:\Users\Jörg Cölsmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.04 13:17:22 | 005,767,168 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT
[2008.01.04 13:17:22 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.01.04 13:17:22 | 000,524,288 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2008.01.04 13:17:22 | 000,262,144 | -H-- | C] () -- C:\Users\Jörg Cölsmann\ntuser.dat.LOG1
[2008.01.04 13:17:22 | 000,065,536 | -HS- | C] () -- C:\Users\Jörg Cölsmann\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2008.01.04 13:17:22 | 000,000,020 | -HS- | C] () -- C:\Users\Jörg Cölsmann\ntuser.ini
[2008.01.04 13:17:22 | 000,000,000 | -H-- | C] () -- C:\Users\Jörg Cölsmann\ntuser.dat.LOG2
[2008.01.02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.01.02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.01.02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007.10.18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007.10.18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.09.17 16:27:13 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2007.09.17 16:26:58 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.09.17 06:31:01 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.08.14 17:19:28 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.08.14 14:51:39 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.14 14:51:39 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007.08.14 14:51:31 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.08.14 14:49:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.14 07:17:30 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.08.14 07:17:30 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.08.14 07:16:50 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.08.14 07:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.08.14 06:19:33 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.16 08:58:14 | 000,086,016 | ---- | C] () -- C:\Windows\System32\aspolyzt.dll
[2005.07.06 12:59:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\asdrawli.dll
[2005.07.04 15:17:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\ASDRAWMA.DLL
[2004.08.17 17:34:52 | 000,036,864 | ---- | C] () -- C:\Windows\System32\AS_SORT.DLL
[2003.05.22 12:31:44 | 000,033,792 | ---- | C] () -- C:\Windows\System32\ASDRAW32.DLL
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002.07.12 16:29:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AS_MDB32.DLL
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008.01.04 13:23:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Acer
[2008.07.11 12:36:28 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ASCON Installer
[2008.07.11 12:45:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ASCON Programme
[2009.02.07 15:26:18 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Canon
[2008.01.17 12:34:45 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\eDocPrintPro
[2009.08.27 20:05:50 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\EPSON
[2010.04.08 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\FileZilla
[2010.01.06 16:48:10 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\GrabPro
[2009.02.01 10:24:35 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\KWorld Multimedia
[2008.06.11 15:55:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Monotype Imaging Inc
[2010.04.06 10:53:27 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\MySQL
[2010.02.20 12:00:22 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Orbit
[2008.02.06 21:51:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Password Guard
[2008.10.30 10:44:01 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PC-FAX TX
[2008.09.30 12:25:39 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PhonerLite
[2008.08.15 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\PROject MT
[2009.10.10 13:25:30 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\ROUTE 66 Sync
[2010.04.09 15:28:31 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Simply Super Software
[2009.01.28 14:26:56 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Software4u
[2009.04.02 08:09:40 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\SPAMfighter
[2009.01.19 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Teleca
[2008.01.06 14:28:29 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\TuneUp Software
[2010.01.31 23:27:19 | 000,000,000 | ---D | M] -- C:\Users\Jörg Cölsmann\AppData\Roaming\Zukunftscheck
[2010.04.09 20:43:05 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.03.22 12:32:20 | 000,000,714 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Email Reminder.job
[2010.03.22 12:32:20 | 000,000,580 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Notification Scheduler.job
[2010.03.22 12:32:20 | 000,000,614 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM Recurring Invoice.job
[2010.03.22 12:32:20 | 000,000,586 | ---- | M] () -- C:\Windows\Tasks\vtigerCRM WorkFlow.job
[2009.06.28 22:08:45 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{DF987E38-EEA4-4D2E-BAC3-16B8B844B2FB}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.01.19 07:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 06:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: ENETHOOK.DLL >
[2007.06.13 16:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007.06.13 16:53:50 | 000,090,112 | R--- | M] (acer) MD5=B6A1D439109F7294C1BE14D5DC0C41AC -- C:\Windows\System32\eNetHook.dll

< MD5 for: IASTOR.SYS >
[2007.02.12 15:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\SATA\iastor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DRV\SATA\iastor.sys
[2007.02.12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\iaStor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.02.12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007.02.12 07:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRAID.SYS >
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.19 09:43:01 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\drivers\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2007.08.14 14:52:33 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.08.14 14:52:31 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.08.14 14:52:33 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.08.14 14:52:42 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.08.14 14:52:44 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
< End of report >

Alt 09.04.2010, 21:20   #7
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



last but not least - the OLT Extras logfile

OTL Extras logfile created on: 09.04.2010 20:38:28 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = D:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 18,70 Gb Free Space | 26,80% Space Free | Partition Type: NTFS
Drive D: | 66,27 Gb Total Space | 49,25 Gb Free Space | 74,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 298,05 Gb Total Space | 249,80 Gb Free Space | 83,81% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JÖRGCÖLSMANN-PC
Current User Name: Jörg Cölsmann
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06225B20-ABD0-451B-A4C3-35BBA6B47F1E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06FF827C-45E8-4529-8DD8-A3107290AF22}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2ADA8332-1BF8-4F3F-824A-7D2B38382392}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F2429F9-2D51-454F-8149-F6A66490CDDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3AB4FDA5-D84E-4C24-97C5-CA94874731EC}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4266A43C-7F9D-4E47-9E44-51CFE6E301FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{508767C8-1009-41FC-A737-E5DBB72C76F7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5383E02D-923F-487C-8781-28BFFDBB008C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59788C4A-ABA4-4CD8-84EA-60EB782745EE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B16DAFA-4FF6-4C88-BC64-A0FC9EF7EB25}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6200F753-59CF-4588-9FFF-6283755F70E0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{621CAFEE-7A33-4020-8A6C-8D1974CEAD77}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{68B1FB29-C546-42E7-90B6-39E169BE62EA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6FA3C2F7-0C3F-42E1-8A1F-DB8ACDADFBE5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{750165A6-D99B-4E6F-BCB3-D1ECE055A7C9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7A74C507-D587-4095-80B8-60B165C91B36}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7DBC0B42-D954-4579-A4CE-84A532F5D0CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{807A483E-69B4-4774-AF0E-9779D332A811}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{884274D5-1AAE-4EE8-A9B7-BCD95C03B04D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{89709111-6568-4983-A265-974A51D0F481}" = rport=10243 | protocol=6 | dir=out | app=system |
"{91AB4FD2-7E37-4196-8EBD-1D5E00B6C5F3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{957BED44-EB74-470A-BEEF-A91030AD3487}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A7FE289D-B0E8-455A-8976-3C32FE9FE31C}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{ABF1E576-CA8F-4F79-A0D5-C9879460C95D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B78EDD97-C80A-45A2-B2BC-54C9BD303D4F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF0C11D2-8358-4776-B205-02A13F26EBD3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF77C955-5C0F-41D6-B97C-26BD22F2F0F3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D527B4FA-FE84-44CE-857B-5398525046F7}" = lport=3306 | protocol=6 | dir=in | name=sql |
"{D742607D-0CA2-48FB-8220-8E792F58FC04}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{D8B701D3-92E0-4089-8A4C-719B6B6E4E8F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DB85E179-6CA0-4F0D-8344-C8C24A25B7D2}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{E1A0971E-C683-45E2-875E-F08F1946A295}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E37B2271-7DFB-4029-A429-1E580E9C0AA9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F95F6344-3870-4052-9CA7-8F92420D7AC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF0453D6-615E-481F-93E4-6EA3637E7B37}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FF99D05A-E1EB-4327-8616-AF61AB0A2D59}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0083FBD9-ABB8-49C7-B362-8B57896E5A41}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{01D93850-9A76-4E3C-A83F-828D1C9DDAEF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{043FE377-B634-4611-991B-8F9E908A4A01}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{05CD6DBC-23A1-4141-B897-92833E687D1F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08C01C15-965C-477B-82CC-B2AB60FDAF35}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C498448-3AE2-44A7-95CA-7ED5D4D609D8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0D73F2A6-210E-4654-A216-D4C77B5FE7E9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0FE0B9DF-4075-4192-A55B-ED4B3F6EF6B9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{13AA7CA9-7FAB-4058-AF86-96252276C99B}" = protocol=6 | dir=in | app=c:\program files\network stumbler\netstumbler.exe |
"{13DED48A-35A6-4FA1-84F8-D0E0062F06E7}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlsystemtraymonitor.exe |
"{13F19559-8D0D-402E-900D-A0F4949670CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{15CC9BB7-CE47-4D34-A407-74E97D832336}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{175583FE-6A3A-4191-9B40-1FF1CC7FF070}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqladministrator.exe |
"{1C907B15-66CE-4CF3-B631-17FE4B5EFBBB}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqladministrator.exe |
"{1E12CFE3-704E-4FCE-9D65-293FD197C3F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{20AE549F-57F7-4B26-B10F-CA5FE555BDC6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{211590FB-5876-42E8-9176-32A554819DDE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25BC50C9-8672-4929-AB14-384CCEDEA0C4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{279605B2-0F32-41B0-BF6C-7C814A633321}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2809475B-2A89-4A3B-A42A-2A471614C72C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2A4FD413-595F-4321-A32C-1E4F6A9A5AF7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2D782DE4-D203-4762-A873-03E71644B9FB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{34B4A5C5-2AC7-4211-9788-DE684C4EA2A1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3E1A22C5-1531-427E-B14C-E54C2E63A8DB}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlsystemtraymonitor.exe |
"{40138ADE-47ED-4B6F-B99D-D0B6DCCAF594}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{47246E00-C672-4A6D-BF11-6D73B0BD512C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{524412A4-0D8D-4E5A-91D0-603FB2A6522D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{55B54BEC-C57C-4420-B3D5-061A8563BB58}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{58B06A9A-4BE4-4C77-A131-E14CB06A5566}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{686F6251-34D7-4403-A31D-2C425DFBEC14}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{69D39B3C-18AD-468D-A83B-DD506D2125AA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6C41FD63-4671-44C0-B9F6-E41465B46783}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EC2194E-86E8-4BCD-819D-A23B9BA0C1C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6FF7844C-E740-42E5-B362-5D42E15CEFDD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{730894C3-44DD-496F-B90B-016156C3CFCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{749190DA-239F-4E8B-ABD9-FECD338F270B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7B471D37-FF56-4BE4-B92D-E12814D35022}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7BDE5D79-2E02-4A18-97C1-ACADCC554224}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{821249B5-C149-4582-AAC4-6722482B46DA}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{86850D70-1A2A-48E5-8E63-75B8565B2E98}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8A99DA74-04AD-4B56-B8D3-CFD044C59104}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{940C5545-FC76-409D-8275-9F713F323F26}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95714331-7AAD-464F-9ACB-9BAC4320AC63}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9682460E-66CF-4580-BCF7-0894F94DD243}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98441B64-C8CC-4868-98E4-C29E99C2511A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{98821BB3-92A2-42B7-9668-E09A7D1A1574}" = protocol=6 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlquerybrowser.exe |
"{9B4A5B77-602B-4B4D-B61A-1F8AE8984783}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9BC487ED-52E5-4F9C-8458-E2A34EF73A95}" = protocol=17 | dir=in | app=c:\program files\mysql\mysql tools for 5.0\mysqlquerybrowser.exe |
"{A086EECE-517D-4373-99B0-CFD90824C21D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD228070-501E-409E-94C1-790D400D824F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADC9BE8E-64E5-4AAA-AF39-3D62F668715C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AF425D0D-7D2D-4324-8303-BE8871EE67F8}" = protocol=6 | dir=out | app=system |
"{B3FDA212-4F8E-44D6-A3D6-DAFCD6A11A90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B69D2394-4D81-4A3B-80CF-2AFD94262B56}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B7B60855-22AA-4029-93D5-23213456F2DB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B81FEA86-3D6E-4DD3-8080-5719A5614553}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB1A84BD-C55D-4518-917D-C426EBE024CF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BBB482F0-5AFE-4A66-9773-100B7F096B9D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BD70A6BA-8959-4E04-8786-184890CE9293}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BFC9C2C9-8573-495A-B074-82A7C375B77D}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{C501AB15-17E4-4505-8C84-AC8EDB558583}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5E1D401-428F-400E-95B7-442E9AD06D74}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CB73A828-844E-4B40-8158-C4D034E3842F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CC512354-AA1C-4E4D-BD3C-F994111B18B2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC61654A-402C-4141-8E23-98FF5246E080}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{CE1B7D07-0F6F-4FB8-B4A8-D8A79961B74D}" = protocol=17 | dir=in | app=c:\program files\network stumbler\netstumbler.exe |
"{D4C9E2D7-B586-4EF6-8D58-22E86DF1E8D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9AB4A62-1221-48DC-95D7-4DF8C1F670EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DED17252-E892-4D6A-88B4-CC8618CAA773}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E0E2562F-DDDD-4E73-A481-9233471A4365}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E5798044-4B78-413A-BEE8-7CE1C93D9D99}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E61CC44D-7A4C-4BA0-9BD5-0C995AC5C4B6}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E723DC0C-BD9C-4164-AA63-832E902D47C9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8AE5FF1-F48F-42A7-8A67-1DDFD78AD472}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F00DD4EF-99C6-478E-A358-C8838E79EE3C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F23927D3-BDA8-4EC5-9B50-5501868DBDCA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2ACE5B0-ECCA-4EBA-8826-204208902638}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F8B06521-B4BC-4676-A23A-C4BAAF361E99}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FA93B8DF-65B2-495E-A7F1-7C5F84DB08DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB154475-75D6-4458-AA68-A9381678A6B5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB512D42-8C8B-41D4-9BB6-82782857423D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FE587AEC-B3E0-4D58-8D50-F6104B9372F1}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FF159794-81B0-4E87-B4FB-7242A344D531}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFD8AF3B-6EA8-4F16-8095-50A6AE30973E}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"TCP Query User{092ED76C-358F-4C7B-A368-B8C3CDC92629}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1DD1124B-F3D4-4C02-92ED-0253E6D08D59}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{509D8606-B52A-42FE-B171-67D24DEAC2B8}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe |
"TCP Query User{5912ECC9-5379-4BE9-9FB6-632D1AB86E7E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{616601B9-6337-4B04-8A99-9B8E77E2C2E8}C:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{64BB8E54-A5C8-4775-809C-D5D4F3169AAE}C:\program files\phonerlite\phonerlite.exe" = protocol=6 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"TCP Query User{7014636D-2684-49B1-9DF4-1BC4C66BA2A2}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe |
"TCP Query User{9622DAC5-DEC3-496D-A572-12BE06D97E3C}C:\xampplite\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampplite\apache\bin\apache.exe |
"TCP Query User{96C4D517-A2E9-48AA-8D1B-1E6A859AF65D}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9A20332B-8428-481F-BF92-4797C43A9FB7}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe |
"TCP Query User{A06CC374-BF49-4C06-89F4-C6FB6B6EC273}C:\program files\kworld multimedia\liveupdate\liveupdate.exe" = protocol=6 | dir=in | app=c:\program files\kworld multimedia\liveupdate\liveupdate.exe |
"TCP Query User{A20266BC-2A79-446A-BC1C-7C99BEF3BD62}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe |
"TCP Query User{A4B96700-7E56-402F-B645-A4BB5C2BC471}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{A4EBA697-AA6F-44D7-893A-5B6EC95D5BA3}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe |
"TCP Query User{AF433AA2-DB42-4C45-B96C-932C08F56A44}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"TCP Query User{B7635359-115C-40CC-AC2A-1FAF7EBCF29A}C:\xampplite\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\xampplite\apache\bin\apache.exe |
"TCP Query User{BBBBFD5B-22C1-4BCA-A1A0-016F3D03DCDC}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{BF4D81A1-36EA-4978-A55A-923B4A2B0CC5}C:\program files\route 66\route 66 sync\route66sync.exe" = protocol=6 | dir=in | app=c:\program files\route 66\route 66 sync\route66sync.exe |
"TCP Query User{D7518DAF-8D68-4F3C-8B99-F0AD9C0B57E4}C:\xampplite\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe |
"TCP Query User{ED405F84-DC97-4276-8259-FEE1D3786777}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{FF0DF9F9-6CCD-49AE-AEE3-DABB545F271A}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=6 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe |
"UDP Query User{05199BC5-1EBE-4A69-85C6-A0581FFF0BEF}C:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe |
"UDP Query User{0E505E76-5520-462B-9A24-99262C529079}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{189EB48A-9D1B-408D-A529-9D48B4445360}C:\program files\kworld multimedia\liveupdate\liveupdate.exe" = protocol=17 | dir=in | app=c:\program files\kworld multimedia\liveupdate\liveupdate.exe |
"UDP Query User{26413F70-605E-4268-995F-0377D4BBADF7}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{280D9E5F-D507-4438-8B0C-366AD7F07E27}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe |
"UDP Query User{3D9FCF47-DFD6-4F34-9571-ED48BA90EF85}C:\program files\vtigercrm-5.1.0\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\vtigercrm-5.1.0\apache\bin\apache.exe |
"UDP Query User{415E4E89-A8B1-4952-885B-84AD56B5B93D}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{4852C383-9918-404E-88D4-2AD049300980}C:\xampplite\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampplite\apache\bin\apache.exe |
"UDP Query User{4F3DB012-C60C-44CB-AABC-4ACC3BA277BB}C:\program files\route 66\route 66 sync\route66sync.exe" = protocol=17 | dir=in | app=c:\program files\route 66\route 66 sync\route66sync.exe |
"UDP Query User{7444D2E1-D2E4-416B-9958-A3FA66D72D7C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{74656602-E2A4-4A24-8E48-3E3110267266}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{74B20FEC-976A-430E-9DFA-0EC90B051A2E}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe |
"UDP Query User{80DBCBD1-1F0A-4AC5-8732-BAE54C5BCBF9}C:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe |
"UDP Query User{871EDD7E-F753-4645-B8EC-DDD01C053764}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{8CFB3C0D-70FA-4754-B1B2-37D149A30DFC}C:\program files\my mobile\mymobiler\mymobiler.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mymobiler.exe |
"UDP Query User{90BF4C35-9798-48D1-B59B-9868CE339D04}C:\xampplite\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\xampplite\apache\bin\apache.exe |
"UDP Query User{9624B742-F989-4C83-BA33-712F35CBB6D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{980DCF1E-882D-479F-B251-7C223A114431}C:\program files\phonerlite\phonerlite.exe" = protocol=17 | dir=in | app=c:\program files\phonerlite\phonerlite.exe |
"UDP Query User{B3515F40-F535-4A2B-9A04-F9B4C835B8A9}C:\program files\my mobile\mymobiler\mexplorer.exe" = protocol=17 | dir=in | app=c:\program files\my mobile\mymobiler\mexplorer.exe |
"UDP Query User{C4992376-BB01-43C2-BE16-2911F7F7AAA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F2596165-5050-40F8-B8F7-9D724409BC35}C:\xampplite\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampplite\mysql\bin\mysqld.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{008F9A3A-24A0-408B-AD7F-95C414219A00}" = Adobe Setup
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07E78C07-ECEF-4AEF-9581-2C31A5BDA6C0}" = sipgate Faxdrucker
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{194D92D9-8A52-4C0D-8C3F-0D12B0DE28D7}" = vtiger CRM Office Plug-in 5.0.4
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1C43709D-713C-46C3-97CC-5B31F09ACA5E}_is1" = Deutschland Patente PDF Downloader Trial 1.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel(R) PROSet/Wireless WiFi-Software
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye webcam
"{3FF55F91-4296-46D0-B045-1429CD46AF99}" = Adobe Setup
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{427967BF-09F8-46D5-9275-37001CCBBA5D}" = Winbond CIR Drivers
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.1
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{913B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91A10407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{9252E63C-2BFF-415B-97D6-8507E8648F64}" = ROUTE 66 Sync
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE585DDE-7230-4B57-926B-428C94AA5850}" = Adobe Setup
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9FA0B1B-4136-4159-BD7B-17E62738F388}" = Sydatec Datashredder
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB489CA9-7546-4D4A-8064-E560D824B34D}" = Password Guard
"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}" = Canon MP450
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E358634B-F124-46FD-8618-C00D0E92B0D3}" = BMWi-Softwarepaket 9.3
"{E3DC29BB-8F6F-4034-89B2-E317391F804F}" = BMWi Zukunftscheck Mittelstand
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9745BC1-93BD-49B9-A6C8-C005E7E92F3C}" = NTI CD & DVD-Maker
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"964DE571-3F1E-45CB-829D-648AACF33A52_is1" = Registry CleanUP 2008
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.2.1 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_821" = Adobe Acrobat 8.2.1 - CPSID_50570
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2225677e524ae91efb80c700be972bf" = Adobe Flash CS3 Professional
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Adobe_6c7ed6c08f4acf68bf0512885eec384" = Adobe Fireworks CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_8fbf74eb27c84640370f87306e8981b" = Adobe InDesign CS3
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"eDocPrintPro" = eDocPrintPro
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.2.1
"fring" = fring
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HyperMedia_is1" = HyperMedia Software
"HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5
"InstallShield_{9252E63C-2BFF-415B-97D6-8507E8648F64}" = ROUTE 66 Sync
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein Büro_is1" = Mein Büro
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PocketRAR" = Pocket RAR documentation
"ProInst" = Intel PROSet Wireless
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 2.5
"Spb Mobile Shell" = Spb Mobile Shell
"Streamripper.Plugin" = Streamripper Plugin 1.62.1 (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TweakVI" = TweakVI
"Uninstall_is1" = Uninstall 1.0.0.0
"VLC media player" = VLC media player 1.0.3
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack v5.35
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XJ!_is1" = XJ! Version 1.0 [Aralon]
"xp-AntiSpy" = xp-AntiSpy 3.97-2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CRM Outlook Plugin" = CRM Outlook Plugin
"vtigercrm-5.1.0" = vtigercrm-5.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.05.2009 08:14:14 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 20.05.2009 07:43:55 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 20.05.2009 10:00:20 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 21.05.2009 07:24:45 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 22.05.2009 05:12:21 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 22.05.2009 07:38:00 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

Error - 25.04.2007 18:02:51 | Computer Name = JörgCölsmann-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 26.05.2009 06:10:20 | Computer Name = JörgCölsmann-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26.05.2009 06:10:20 | Computer Name = JörgCölsmann-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 26.05.2009 06:44:01 | Computer Name = JörgCölsmann-PC | Source = RapiMgr | ID = 8
Description = Windows Mobile-based device failed to connect due to communication
(0x8007274a) failure (see data for failure code).

[ System Events ]
Error - 07.04.2010 23:04:19 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 08.04.2010 01:44:34 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287
Description =

Error - 08.04.2010 09:44:38 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 09.04.2010 02:22:46 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 09.04.2010 02:44:24 | Computer Name = JörgCölsmann-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.2.103 über die
Netzwerkkarte mit der Netzwerkadresse 001B7776D68B ist verloren gegangen.

Error - 09.04.2010 13:24:27 | Computer Name = JörgCölsmann-PC | Source = DCOM | ID = 10010
Description =

Error - 09.04.2010 13:26:42 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 13:28:48 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287
Description =

Error - 09.04.2010 14:31:34 | Computer Name = JörgCölsmann-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 09.04.2010 14:33:36 | Computer Name = JörgCölsmann-PC | Source = WMPNetworkSvc | ID = 866287
Description =

[ TuneUp Events ]
Error - 09.04.2010 02:29:32 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2010-04-09 08:29:32', 0, Resumed FROM ActiveApps WHERE ProcID=='7404';DELETE
FROM ActiveApps WHERE ProcID=='7404';

Error - 09.04.2010 02:31:07 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2010-04-09 08:31:07', 0, Resumed FROM ActiveApps WHERE ProcID=='2400';DELETE
FROM ActiveApps WHERE ProcID=='2400';

Error - 09.04.2010 02:41:08 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09
08:41:08', '\device\harddiskvolume2\windows\system32\control.exe','7012',0)

Error - 09.04.2010 02:41:08 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09
08:41:08', '\device\harddiskvolume2\windows\system32\rundll32.exe','7592',0)

Error - 09.04.2010 02:41:13 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09
08:41:13', '\device\harddiskvolume2\windows\system32\consent.exe','7780',0)

Error - 09.04.2010 02:41:13 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2010-04-09 08:41:13', 0, Resumed FROM ActiveApps WHERE ProcID=='7012';DELETE
FROM ActiveApps WHERE ProcID=='7012';

Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09
09:29:55', '\device\harddiskvolume2\windows\system32\dllhost.exe','7628',0)

Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-09
09:29:55', '\device\harddiskvolume2\windows\system32\dllhost.exe','6172',0)

Error - 09.04.2010 03:29:55 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, '2010-04-09 09:29:55', 0, Resumed FROM ActiveApps WHERE ProcID=='7780';DELETE
FROM ActiveApps WHERE ProcID=='7780';

Error - 09.04.2010 03:29:58 | Computer Name = JörgCölsmann-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing
SQL: INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe,
Started, Ended, State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT
INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-04-09
09:29:58', 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps


< End of report >

Alt 09.04.2010, 22:17   #8
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



1. Starte OTL.
Kopiere unten in das Skript-Feld rein:

Zitat:
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (de_serv)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O9 - Extra 'Tools' menuitem : Übersetzungsoptionen anpassen - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.htm File not found
O9 - Extra 'Tools' menuitem : Übersetzen - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\prmtie5.htm File not found
O33 - MountPoints2\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell - "" = AutoRun
O33 - MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell - "" = AutoRun
O33 - MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2009.06.28 22:08:45 | 000,000,186 | ---- | M] () -- C:\Windows\Tasks\{DF987E38-EEA4-4D2E-BAC3-16B8B844B2FB}.job

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00

:Commands
[emptytemp]
Klicke auf Run Fix.
Neustart zulassen, wenn gefragt.
Poste das Fix Log. Zu finden unter c:\_OTL

2. http://www.trojaner-board.de/51871-a...tispyware.html

3. http://www.trojaner-board.de/59299-a...eb-cureit.html

Alt 10.04.2010, 09:19   #9
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Hallo Sion,

Hier das Logfile, welches OLT produziert hat... ich werde jetzt die 2 Programme installieren und hoffe dann auf RUHE;-)


All processes killed
========== OTL ==========
Service de_serv stopped successfully!
Service de_serv deleted successfully!
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a6fd39b-cdbe-11dd-8f50-c83fbc4e0fb8}\ not found.
File E:\StartPortableApps.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e14dd8-94af-11dd-a854-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccbac159-4be3-11de-ad88-c9e7e1d93e0c}\ not found.
File E:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f7fd8-8c0d-11dd-8f7c-806e6f6e6963}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f802a-8c0d-11dd-8f7c-9fc4030657cb}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d71f8034-8c0d-11dd-8f7c-db220417fba3}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fab45032-027a-11de-8f7a-c5c9fc00d2da}\ not found.
File G:\LaunchU3.exe not found.
C:\Windows\Tasks\{DF987E38-EEA4-4D2E-BAC3-16B8B844B2FB}.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jörg Cölsmann
->Temp folder emptied: 39510666 bytes
->Temporary Internet Files folder emptied: 2143706 bytes
->Java cache emptied: 17685956 bytes
->FireFox cache emptied: 54883773 bytes
->Google Chrome cache emptied: 26044929 bytes
->Flash cache emptied: 5767 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 1114066 bytes
RecycleBin emptied: 49744724 bytes

Total Files Cleaned = 183,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04102010_095944

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2488.log moved successfully.

Registry entries deleted on Reboot...

Alt 10.04.2010, 10:21   #10
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Nicht nur installieren - auch scannen lassen und Logs posten, falls was gefunden wird

Alt 10.04.2010, 10:33   #11
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Zitat:
Zitat von Sion Beitrag anzeigen
Nicht nur installieren - auch scannen lassen und Logs posten, falls was gefunden wird
Yep, SUPERAntiSpyware läuft und läuft und läuft......

und hat auch schon was gefunden....AdwareTraking Cookie

Bis gleich

Alt 10.04.2010, 10:37   #12
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Cookies sind nicht so schlimm.

Alt 10.04.2010, 10:44   #13
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Zitat:
Zitat von Sion Beitrag anzeigen
Cookies sind nicht so schlimm.
ich bin aber schon soooooooooooo zufrieden, denn der IE ist nicht mehr aktiv - und wird spätestens mit meinem neuen Rechner kein Bestandteil des Betriebssystems sein

see U

Alt 10.04.2010, 16:54   #14
coelsmann
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Zitat:
Zitat von coelsmann Beitrag anzeigen
Yep, SUPERAntiSpyware läuft und läuft und läuft......

und hat auch schon was gefunden....AdwareTraking Cookie

Bis gleich
... und läuft
nur so als Zwischenbericht, mittlerweile 40 AdwareTraking Cookie's und 1 Rogue.Agent/Gen-Nullo[DLL] Logfile folgt dann wenn fertig Bit für Bit

Alt 10.04.2010, 17:04   #15
Sion
 
Internetexplorer öffnet sich permanent mit Werbung... - Standard

Internetexplorer öffnet sich permanent mit Werbung...



Dr.Web wird wohl auch dauern. Dafür wird's gründlich.

Antwort

Themen zu Internetexplorer öffnet sich permanent mit Werbung...
adobe, antivir, antivir guard, avg, avira, bho, browser, desktop, excel, hijack, hijackthis, internet explorer, internetexploer, local\temp, monitor, mozilla, object, pdf-datei, pop-up-blocker, registry, rundll, safer networking, skype.exe, software, symantec, system, temp, trojan, usb, vista, werbung internet explorer, windows, wörter



Ähnliche Themen: Internetexplorer öffnet sich permanent mit Werbung...


  1. In Browsern öffnen sich permanent Fenster mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 23.04.2015 (9)
  2. Google Chrome (auf Mac!) öffnet permanent automatisch Werbung in neuen Tabs
    Alles rund um Mac OSX & Linux - 03.03.2015 (3)
  3. InternetExplorer Öffnet fenster bzw. ist von werbung verdeckt.
    Log-Analyse und Auswertung - 06.11.2014 (3)
  4. Internetexplorer öffnet sich selbst mit Werbung
    Diskussionsforum - 27.04.2014 (1)
  5. http://rvzr-a.akamaihd.net öffnet sich permanent
    Log-Analyse und Auswertung - 19.11.2013 (9)
  6. Google fehlleitungen; IE öffnet sich permanent mit werbung
    Plagegeister aller Art und deren Bekämpfung - 18.03.2011 (11)
  7. InternetExplorer öffnet dauernd Werbung
    Log-Analyse und Auswertung - 04.02.2011 (3)
  8. Internetexplorer öffnet Werbung & Ton geht aus
    Log-Analyse und Auswertung - 17.10.2010 (1)
  9. Internetexplorer öffnet Werbung (nach Anti Malware Infizierung)
    Log-Analyse und Auswertung - 01.09.2010 (3)
  10. Firefox öffnet Tabs mit Werbung / Anstelle einer verlinkten URL öffnet sich Werbung
    Plagegeister aller Art und deren Bekämpfung - 08.08.2010 (4)
  11. Internetexplorer ständig im Hintergrund aktiv und öffnet manchmal Werbung
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (31)
  12. Internetexplorer öffnet Werbung
    Log-Analyse und Auswertung - 21.02.2010 (6)
  13. Internetexplorer öffnet sich von selbst -> Werbung
    Log-Analyse und Auswertung - 05.02.2010 (1)
  14. Internetexplorer öffnet sich mit Werbung
    Log-Analyse und Auswertung - 22.09.2009 (5)
  15. Internetexplorer öffnet selbstständig Werbung
    Log-Analyse und Auswertung - 13.09.2009 (17)
  16. Registerkarten öffnen sich permanent mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 26.03.2009 (21)
  17. Internetexplorer öffnet sich
    Log-Analyse und Auswertung - 28.02.2008 (1)

Zum Thema Internetexplorer öffnet sich permanent mit Werbung... - Hallo an das Forum, nachdem ich - den hier erwähnten Rat - alles "abgegoogelt" habe, mir diverse Tools heruntergeladen habe, z.B. Trojan Remover, hijackthis, einen Virusscan durchgeführt, einen weiteren Onlinescan - Internetexplorer öffnet sich permanent mit Werbung......
Archiv
Du betrachtest: Internetexplorer öffnet sich permanent mit Werbung... auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.