| |
| |||||||
Log-Analyse und Auswertung: Wow Acount HackWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.05.2010, 18:04
| #1 |
| |  Wow Acount Hack Hallo, Experten Nun hat es mich auch erwischt. Mir wurde der WOW Account gehackt und ich habe definitiv keine Ahnung..wie !! Ich werde hier wohl irgendwo einen Keylogger oder sonstwas aus der chinesichen Giftküche auf dem Rechner haben. Ich scanne mir hier seit Tagen mit Avira, Hijack, Malware und OTL nen Wolf und ich find nix  1. Hijack Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:15:58, on 16.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe D:\Tobit ClipInc\Server\ClipInc-Server.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\AVG\AVG9\avgtray.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe D:\Tobit ClipInc\Server\ClipInc-Server.exe D:\Tobit ClipInc\Server\ClipInc-Server.exe C:\Windows\system32\svchost.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe D:\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Hagen\AppData\Local\Apps\2.0\ERA78QDD.ZHL\8EA5QHP4.6DV\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe C:\Program Files\Biet-O-Matic\Biet-O-Matic.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\WUDFHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\System32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Users\Hagen\Downloads\sdsetup-cnet.exe C:\Users\Hagen\AppData\Local\Temp\is-11SMS.tmp\sdsetup-cnet.tmp C:\Users\Hagen\AppData\Local\Temp\is-TMKU2.tmp\InnoMonitor.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Plus\Search Bar.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Program Files\Copernic 2001 Plus\Search Bar.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) R3 - URLSearchHook: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O1 - Hosts: ::1 localhost O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb124\Dealio.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Buyertools - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\PROGRA~1\BUYERT~1\IEBUTT~1.DLL O2 - BHO: amazon - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\PROGRA~1\PREISP~2\IEBUTT~2.DLL O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: eBay - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\PROGRA~1\PREISP~2\IEBUTT~1.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O2 - BHO: Preispiraten - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~1\PREISP~2\IEBUTT~3.DLL O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb124\Dealio.dll O3 - Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - (no file) O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Recordpad] "C:\Program Files\NCH Swift Sound\Recordpad\recordpad.exe" -logon O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe] "1&1 EasyLogin" HIDE O4 - HKCU\..\Run: [Wowhead_Client] "C:\Users\Hagen\AppData\Local\Temp\Temp1_Wowhead_Client.zip\Wowhead_Client.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: CurseClientStartup.ccip O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = ? O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Alle &Filme mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: amazon Suche - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm O8 - Extra context menu item: amazon Suche starten - C:\Program Files\Preispiraten\Preispiraten4\Searchamazon.htm O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Program Files\Copernic 2001 Plus\Search Extension.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Hagen\AppData\LocalLow\Dealio\kb124\res\DealioSearch.html O8 - Extra context menu item: eBay - Mein eBay - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaymein.htm O8 - Extra context menu item: eBay - Powersuche - C:\Program Files\Preispiraten\Preispiraten4\SearchEbaypower.htm O8 - Extra context menu item: eBay - Startseite - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm O8 - Extra context menu item: eBay Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchEbay.htm O8 - Extra context menu item: Google Suche - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm O8 - Extra context menu item: Google Suche starten - C:\Program Files\Preispiraten\Preispiraten4\SearchGoogle.htm O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Program Files\Buyertools Reminder\ReminderIE.exe O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe O9 - Extra 'Tools' menuitem: Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Plus\Copernic.exe O9 - Extra button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra 'Tools' menuitem: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files\Preispiraten6\preispiraten3ie.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Plus\Translate.htm O9 - Extra 'Tools' menuitem: Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Plus\Translate.htm O9 - Extra button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra 'Tools' menuitem: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - hxxp://webtip.ch/cgi-bin/amz_track/tracker_de.pl?loc=main&site=home (file missing) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing) O9 - Extra button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - hxxp://www.preispiraten.de/e/tr_ebdestart.pl?hxxp://www.ebay.de (file missing) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb124\Dealio.dll O13 - Gopher Prefix: O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{52D96AEC-7B69-4691-A7BA-DE855A972FDD}: NameServer = 0.0.0.0 O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O18 - Protocol: bw+0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O18 - Protocol: offline-8876480 - {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 002 (ClipInc002) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: ClipInc 003 (ClipInc003) - Unknown owner - D:\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 30632 bytes Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Mittwoch, 19. Mai 2010 18:53
Es wird nach 2136678 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 2) [6.0.6002]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : HAGEN-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.2010 15:50:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.2010 11:37:35
AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.2010 10:42:16
LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.2010 17:32:59
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.2010 15:51:28
VBASE006.VDF : 7.10.6.83 2048 Bytes 15.04.2010 15:51:28
VBASE007.VDF : 7.10.6.84 2048 Bytes 15.04.2010 15:51:28
VBASE008.VDF : 7.10.6.85 2048 Bytes 15.04.2010 15:51:28
VBASE009.VDF : 7.10.6.86 2048 Bytes 15.04.2010 15:51:28
VBASE010.VDF : 7.10.6.87 2048 Bytes 15.04.2010 15:51:28
VBASE011.VDF : 7.10.6.88 2048 Bytes 15.04.2010 15:51:28
VBASE012.VDF : 7.10.6.89 2048 Bytes 15.04.2010 15:51:28
VBASE013.VDF : 7.10.6.90 2048 Bytes 15.04.2010 15:51:29
VBASE014.VDF : 7.10.6.123 126464 Bytes 19.04.2010 15:51:30
VBASE015.VDF : 7.10.6.152 123392 Bytes 21.04.2010 15:51:31
VBASE016.VDF : 7.10.6.178 122880 Bytes 22.04.2010 15:51:32
VBASE017.VDF : 7.10.6.206 120320 Bytes 26.04.2010 15:51:33
VBASE018.VDF : 7.10.6.232 99328 Bytes 28.04.2010 15:51:34
VBASE019.VDF : 7.10.7.2 155648 Bytes 30.04.2010 15:51:35
VBASE020.VDF : 7.10.7.26 119808 Bytes 04.05.2010 15:51:36
VBASE021.VDF : 7.10.7.51 118272 Bytes 06.05.2010 15:51:37
VBASE022.VDF : 7.10.7.75 404992 Bytes 10.05.2010 15:51:41
VBASE023.VDF : 7.10.7.100 125440 Bytes 13.05.2010 15:51:42
VBASE024.VDF : 7.10.7.119 177664 Bytes 17.05.2010 15:51:43
VBASE025.VDF : 7.10.7.120 2048 Bytes 17.05.2010 15:51:43
VBASE026.VDF : 7.10.7.121 2048 Bytes 17.05.2010 15:51:43
VBASE027.VDF : 7.10.7.122 2048 Bytes 17.05.2010 15:51:44
VBASE028.VDF : 7.10.7.123 2048 Bytes 17.05.2010 15:51:44
VBASE029.VDF : 7.10.7.124 2048 Bytes 17.05.2010 15:51:44
VBASE030.VDF : 7.10.7.125 2048 Bytes 17.05.2010 15:51:44
VBASE031.VDF : 7.10.7.135 123392 Bytes 19.05.2010 16:04:59
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 18.05.2010 15:52:07
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 18.05.2010 15:52:07
AESCN.DLL : 8.1.6.1 127347 Bytes 18.05.2010 15:52:03
AESBX.DLL : 8.1.3.1 254324 Bytes 18.05.2010 15:52:08
AERDL.DLL : 8.1.4.6 541043 Bytes 18.05.2010 15:52:03
AEPACK.DLL : 8.2.1.1 426358 Bytes 19.03.2010 11:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 18.05.2010 15:52:00
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 18.05.2010 15:52:00
AEHELP.DLL : 8.1.11.3 242039 Bytes 01.04.2010 15:05:25
AEGEN.DLL : 8.1.3.9 377203 Bytes 18.05.2010 15:51:50
AEEMU.DLL : 8.1.2.0 393588 Bytes 18.05.2010 15:51:49
AECORE.DLL : 8.1.15.3 192886 Bytes 18.05.2010 15:51:48
AEBB.DLL : 8.1.1.0 53618 Bytes 18.05.2010 15:51:47
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:10
AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.2010 10:59:07
AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.2010 11:35:44
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.2010 11:39:49
AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.2010 11:22:11
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.2010 08:53:25
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:55
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.2010 13:14:28
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Beginn des Suchlaufs: Mittwoch, 19. Mai 2010 18:53
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'NOTEPAD.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'NOTEPAD.EXE' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'HijackThis.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '187' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWTray.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avp.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'StarWindService.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'avp.exe' - '188' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'AAWService.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1661' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
Beginne mit der Suche in 'D:\'
Ende des Suchlaufs: Mittwoch, 19. Mai 2010 20:10
Benötigte Zeit: 1:16:36 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
27734 Verzeichnisse wurden überprüft
475794 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
475794 Dateien ohne Befall
6379 Archive wurden durchsucht
0 Warnungen
0 Hinweise
723258 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
 |
|
20.05.2010, 18:37
| #2 |
| | Wow Acount HackCode:
ATTFilter OTL logfile created on: 20.05.2010 17:28:52 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Hagen\Downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 244,62 Gb Total Space | 130,29 Gb Free Space | 53,26% Space Free | Partition Type: NTFS Drive D: | 127,99 Gb Total Space | 89,60 Gb Free Space | 70,01% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 3,73 Gb Total Space | 0,14 Gb Free Space | 3,80% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: HAGEN-PC Current User Name: Hagen Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Hagen\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\Hagen\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (JLRM) -- File not found SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (LBTServ) -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI.SP3\RpcSandraSrv.exe (SiSoftware) SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XI.SP3\Win32\RpcDataSrv.exe (SiSoftware) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (StarWindService) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (NCHSSVAD) SoundTap Recorder (32 Bit) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (P17) -- C:\Windows\System32\drivers\P17.sys (Creative Technology Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Ultimate Edition\kerneld.wnt () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (HPNUHUB) -- C:\Windows\System32\drivers\hpnuhub.sys (Hewlett-Packard Development Company) DRV - (hpnuhst) -- C:\Windows\System32\drivers\hpnuhst.sys (Hewlett-Packard Development Company) DRV - (RTL8187) -- C:\Windows\System32\drivers\hpl8187.sys (Realtek Semiconductor Corporation ) DRV - (p17xfilt) -- C:\Windows\System32\drivers\p17xfilt.sys (Sensaura) DRV - (HPNUCMP) -- C:\Windows\System32\drivers\hpnucmp.sys (Hewlett-Packard Development Company) DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (PCAMp50) -- C:\Windows\System32\drivers\PCAMp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (P17xfi) -- C:\Windows\System32\drivers\P17xfi.SYS (Creative Technology Ltd.) DRV - (CTUSFSYN) -- C:\Windows\System32\drivers\CTUSFSYN.SYS (Creative Technology Ltd.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (LBeepKE) -- C:\Windows\System32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (LHidKe) -- C:\Windows\System32\drivers\LHidKE.Sys (Logitech, Inc.) DRV - (LMouKE) -- C:\Windows\System32\drivers\LMOUKE.sys (Logitech, Inc.) DRV - (cmudau32) -- C:\Windows\System32\drivers\cmudaxu.sys (C-Media Inc) DRV - (ossrv) -- C:\Windows\System32\drivers\CTOSS2K.SYS (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\Windows\System32\drivers\CTSFM2K.SYS (Creative Technology Ltd) DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKLM\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,# = %23 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,& = %26 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,? = %3F IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,+ = %2B IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,= = %3D IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\e,MenuText = eBay.de IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,# = %23 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,& = %26 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,? = %3F IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,+ = %2B IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,= = %3D IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eb,MenuText = eBay.de IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,# = %23 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,& = %26 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,? = %3F IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,+ = %2B IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,= = %3D IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\eba,MenuText = eBay.de IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay, = hxxp://www.preispiraten.de/e/tr_ebdeblitz.pl?%s IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,# = %23 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,& = %26 IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,? = %3F IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,+ = %2B IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,= = %3D IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\ebay,MenuText = eBay.de IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\p, = preispiratensearchurl %s|-A0| IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\pp2, = preispiratensearchurl %s|-A0| IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispirat, = preispiratensearchurl %s|-A0| IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\preispiraten, = preispiratensearchurl %s|-A0| IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {2bae58c2-79f9-45d1-a286-81f911301c3a} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {EC1B67CA-A2CD-4931-915A-63D5341D1285}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {144D1513-0819-4538-AD26-D515AF443AE7}:1.1.1.0 FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5 FF - prefs.js..extensions.enabledItems: {411F2F11-830F-4AB5-B7F0-FBC77B870B5A}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2 FF - prefs.js..extensions.enabledItems: {B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD}:1.0.0.9 FF - prefs.js..extensions.enabledItems: {BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.0.3 FF - prefs.js..extensions.enabledItems: {7A7EF87E-95DB-4A84-83E8-E0FE7B20017F}:1.0.0.6 FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.3.1 FF - prefs.js..extensions.enabledItems: {3F4D6A2C-841D-403C-8CD8-48E54192DDEB}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {2E6861CA-9A88-4B7B-B935-F810DE84D259}:1.2.1.0 FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.13 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 FF - prefs.js..extensions.enabledItems: {C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {D2A8BC29-8CA3-4C0A-A206-631C44E9620F}:1.0.0.5 FF - prefs.js..extensions.enabledItems: {A86278FF-6B63-446C-B109-DD4E1BAAC868}:1.0.5.0 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {a27007d0-bec0-4df7-abf8-54ae0b833ce8}:1.1 FF - prefs.js..extensions.enabledItems: {BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB}:1.3.2.10 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..keyword.URL: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.05.26 15:03:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.12 10:45:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.17 20:15:33 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.17 17:21:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.05.17 20:09:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.17 17:16:29 | 000,000,000 | ---D | M] [2008.12.14 13:16:17 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Extensions [2010.05.20 17:29:11 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions [2010.04.06 15:29:40 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2008.04.02 20:19:10 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A} [2009.07.03 18:29:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.02.21 12:16:33 | 000,000,000 | ---D | M] (Home Extension) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2009.10.28 18:32:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2009.07.25 15:28:59 | 000,000,000 | ---D | M] (Minimap Addon) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66} [2010.02.21 12:16:33 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2010.04.06 15:29:40 | 000,000,000 | ---D | M] (Buyertools) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2010.02.21 12:16:42 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2009.12.23 16:10:30 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088} [2009.11.29 19:58:44 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2010.02.21 12:16:34 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2010.04.25 10:16:15 | 000,000,000 | ---D | M] (Babylon Word Search) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{a27007d0-bec0-4df7-abf8-54ae0b833ce8} [2010.02.21 12:16:34 | 000,000,000 | ---D | M] (Preispiraten4) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{A86278FF-6B63-446C-B109-DD4E1BAAC868} [2010.04.06 15:29:40 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2010.04.06 15:29:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.04.25 10:16:15 | 000,000,000 | ---D | M] (Online Translator Toolbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{BD4B37E6-7AE7-48d7-A2D7-6FF5775924AB} [2010.04.06 15:29:40 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} [2010.02.21 12:16:42 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2010.02.21 12:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} [2010.02.21 12:16:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.04.20 11:08:42 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F} [2010.02.21 12:16:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.05 11:56:18 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2009.04.17 10:38:44 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2009.12.23 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\brief@mozdev.org [2009.11.05 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\Hagen\AppData\Roaming\mozilla\Firefox\Profiles\5t3r7cm1.default\extensions\netvideohunter@netvideohunter.com [2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Hagen\AppData\Roaming\Mozilla\FireFox\Profiles\5t3r7cm1.default\searchplugins\askcom.xml [2010.04.06 15:28:44 | 000,000,873 | ---- | M] () -- C:\Users\Hagen\AppData\Roaming\Mozilla\FireFox\Profiles\5t3r7cm1.default\searchplugins\conduit.xml [2010.05.18 17:24:32 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.12.22 18:03:14 | 000,000,000 | ---D | M] (Amazon Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{144D1513-0819-4538-AD26-D515AF443AE7} [2007.06.03 09:42:12 | 000,000,000 | ---D | M] (Home Extension) -- C:\Programme\Mozilla Firefox\extensions\{2E6861CA-9A88-4B7B-B935-F810DE84D259} [2009.12.22 18:03:18 | 000,000,000 | ---D | M] (Google Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{3F4D6A2C-841D-403C-8CD8-48E54192DDEB} [2007.11.11 11:08:07 | 000,000,000 | ---D | M] (Buyertools) -- C:\Programme\Mozilla Firefox\extensions\{411F2F11-830F-4AB5-B7F0-FBC77B870B5A} [2009.12.22 18:03:16 | 000,000,000 | ---D | M] (eBay-Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{4B4D630E-AAE2-4EA9-A0CB-5F045AAF2EC2} [2009.12.22 18:03:11 | 000,000,000 | ---D | M] (eBay-Startcenter) -- C:\Programme\Mozilla Firefox\extensions\{7A7EF87E-95DB-4A84-83E8-E0FE7B20017F} [2007.06.03 09:42:07 | 000,000,000 | ---D | M] (Preispiraten4) -- C:\Programme\Mozilla Firefox\extensions\{A86278FF-6B63-446C-B109-DD4E1BAAC868} [2009.12.22 18:03:03 | 000,000,000 | ---D | M] (eBay Statusbar Button) -- C:\Programme\Mozilla Firefox\extensions\{B1FC0AB8-EEDC-451A-9185-A0D5E308BBDD} [2007.06.03 09:42:09 | 000,000,000 | ---D | M] (eBay Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{BD5A19C7-FAD9-4D84-A0CB-F7241D6443D0} [2009.12.22 18:03:22 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Programme\Mozilla Firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C} [2010.05.17 20:15:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2007.06.03 09:42:08 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F} [2009.12.22 18:03:20 | 000,000,000 | ---D | M] (Amazon Kontextmenü) -- C:\Programme\Mozilla Firefox\extensions\{EC1B67CA-A2CD-4931-915A-63D5341D1285} [2010.05.17 17:21:14 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll [2010.05.17 20:15:13 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.27 19:03:49 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.27 19:03:49 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.27 19:03:49 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2007.04.20 19:32:00 | 000,004,292 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_ebay_de.xml [2007.01.08 14:48:12 | 000,009,095 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\SP_preispiraten_de.xml [2010.03.27 19:03:49 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.27 19:03:49 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.05.18 17:33:26 | 000,395,221 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 13649 more lines... O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Buyertools) - {7C7A8947-5935-4430-AC0E-E7D04697414E} - C:\Programme\Buyertools Reminder\IEButtonBuyertoolsInterface.dll () O2 - BHO: (amazon) - {84B94901-3645-4D80-A6B7-4D0050B19455} - C:\Programme\Preispiraten6\IEButtonAmazonInterface.dll () O2 - BHO: (eBay) - {CD9B7762-DFBC-42B1-BB30-02A78287B456} - C:\Programme\Preispiraten6\IEButtonEbayInterface.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\Programme\Preispiraten6\IEButtonPPInterface.dll () O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2BAE58C2-79F9-45D1-A286-81F911301C3A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files\\Preispiraten6\\preispiraten.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: amazon Suche - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm () O8 - Extra context menu item: amazon Suche starten - C:\Programme\Preispiraten\Preispiraten4\Searchamazon.htm () O8 - Extra context menu item: Benutzt Copernic zur Suche - C:\Programme\Copernic 2001 Plus\Search Extension.htm () O8 - Extra context menu item: eBay - Mein eBay - C:\Programme\Preispiraten\Preispiraten4\SearchEbaymein.htm () O8 - Extra context menu item: eBay - Powersuche - C:\Programme\Preispiraten\Preispiraten4\SearchEbaypower.htm () O8 - Extra context menu item: eBay - Startseite - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm () O8 - Extra context menu item: eBay Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchEbay.htm () O8 - Extra context menu item: Google Suche - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm () O8 - Extra context menu item: Google Suche starten - C:\Programme\Preispiraten\Preispiraten4\SearchGoogle.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Buyertools Reminder - {27914077-B4D6-4A0E-9763-76B6E9DD9A81} - C:\Programme\Buyertools Reminder\ReminderIE.exe () O9 - Extra 'Tools' menuitem : Starten 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe (Copernic Technologies Inc.) O9 - Extra Button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Programme\Copernic 2001 Plus\Copernic.exe (Copernic Technologies Inc.) O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Programme\Preispiraten6\preispiraten3ie.exe () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Übersetzen - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\Copernic 2001 Plus\Translate.htm () O9 - Extra 'Tools' menuitem : Überse&tzen mit Hilfe Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - C:\Program Files\Copernic 2001 Plus\Translate.htm () O9 - Extra Button: Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra 'Tools' menuitem : Amazon Startseite - {9E029088-432F-4EBF-9537-0171A4C37870} - File not found O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: eBay - {E79005A3-0F92-434B-9F7B-51131FC7168F} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bw+0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw+0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw00s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw-0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw10s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw20s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw30s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw40s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw50s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw60s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw70s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw80s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bw90s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwa0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwb0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwc0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwd0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwe0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwf0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwg0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwh0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwi0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwj0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwk0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwl0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwm0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwn0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwo0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwp0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwq0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwr0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bws0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwt0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwu0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwv0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bww0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwx0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwy0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0 {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\bwz0s {567d690f-7734-45ee-b95a-6cb9c35efc61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\offline-8876480 {567D690F-7734-45EE-B95A-6CB9C35EFC61} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. ) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.05.20 18:07:08 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6e300385-2acb-11df-bf7f-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Menu.exe -- File not found O33 - MountPoints2\{7555498e-28f8-11df-9083-0016e6dcf58b}\Shell\AutoRun\command - "" = H:\installer.exe -- File not found O33 - MountPoints2\{7555498e-28f8-11df-9083-0016e6dcf58b}\Shell\verb\command - "" = H:\installer.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Launch.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.19 22:05:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.19 22:05:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.19 17:36:41 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\TweakNow RegCleaner [2010.05.19 17:36:41 | 000,000,000 | ---D | C] -- C:\Programme\TweakNow RegCleaner [2010.05.18 18:38:01 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2010.05.18 18:37:55 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.18 18:31:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.05.18 18:06:39 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\Avira [2010.05.18 17:57:34 | 000,000,000 | ---D | C] -- C:\Programme\Recordings [2010.05.18 17:48:50 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.05.18 17:48:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.05.18 17:48:50 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010.05.18 17:48:50 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010.05.18 17:48:49 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.05.18 17:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.18 17:21:16 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.05.18 17:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010.05.17 20:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.05.17 20:15:33 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.17 20:15:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.17 20:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.17 20:15:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.17 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\Hagen\Documents\Downloads [2010.05.17 20:07:38 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.05.17 19:56:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.17 17:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.05.17 17:15:44 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.05.17 17:10:00 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.05.17 17:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010.05.16 13:43:36 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\Malwarebytes [2010.05.16 13:43:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.16 13:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.16 13:42:19 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Hagen\Desktop\mbam-setup-1.45.exe [2010.05.16 12:15:34 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.05.16 11:59:22 | 000,000,000 | ---D | C] -- C:\Users\Hagen\Documents\ForceField Shared Files [2010.05.16 11:59:19 | 000,000,000 | ---D | C] -- C:\Users\Hagen\AppData\Roaming\CheckPoint [2010.05.16 11:59:09 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2007.05.26 11:22:57 | 000,065,536 | R--- | C] ( ) -- C:\Windows\System32\A3D.DLL [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.20 17:29:55 | 007,864,320 | ---- | M] () -- C:\Users\Hagen\NTUSER.DAT [2010.05.20 17:28:28 | 000,000,584 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm [2010.05.20 17:28:28 | 000,000,584 | ---- | M] () -- C:\Windows\System32\settings.sfm [2010.05.20 17:14:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.05.20 17:13:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.20 17:13:31 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 17:13:31 | 000,004,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.20 17:13:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.20 17:13:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.20 17:13:16 | 3756,515,328 | -HS- | M] () -- C:\hiberfil.sys [2010.05.19 22:10:56 | 000,524,288 | -HS- | M] () -- C:\Users\Hagen\NTUSER.DAT{31d99dd7-b0c3-11de-bf36-0016e6dcf58b}.TMContainer00000000000000000001.regtrans-ms [2010.05.19 22:10:56 | 000,065,536 | -HS- | M] () -- C:\Users\Hagen\NTUSER.DAT{31d99dd7-b0c3-11de-bf36-0016e6dcf58b}.TM.blf [2010.05.19 22:10:53 | 003,724,042 | -H-- | M] () -- C:\Users\Hagen\AppData\Local\IconCache.db [2010.05.19 22:05:48 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 21:13:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.19 17:56:40 | 000,642,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.19 17:56:40 | 000,120,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.19 17:56:39 | 001,588,244 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.19 17:56:39 | 000,685,944 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.19 17:56:39 | 000,145,912 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.19 17:36:48 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2010.05.18 18:37:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys [2010.05.18 18:31:31 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.18 18:08:49 | 000,000,721 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2010.05.18 17:49:14 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.18 17:33:26 | 000,395,221 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010.05.18 17:21:29 | 000,001,055 | ---- | M] () -- C:\Users\Hagen\Desktop\Spybot - Search & Destroy.lnk [2010.05.17 20:15:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.05.17 20:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.05.17 20:15:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.05.17 20:15:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.05.17 20:10:09 | 000,001,432 | ---- | M] () -- C:\Users\Hagen\Desktop\DivX Movies.lnk [2010.05.17 20:09:04 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.17 20:08:15 | 000,000,957 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.17 20:04:32 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.05.17 18:19:00 | 007,845,830 | ---- | M] () -- C:\Users\Hagen\Documents\AutoRuns.arn [2010.05.17 17:34:43 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.05.17 17:34:39 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.05.17 17:15:44 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys [2010.05.16 13:43:10 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Hagen\Desktop\mbam-setup-1.45.exe [2010.05.16 12:15:35 | 000,001,892 | ---- | M] () -- C:\Users\Hagen\Desktop\HijackThis.lnk [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.20 17:14:47 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010.05.19 22:05:48 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.19 17:36:48 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\TweakNow RegCleaner.lnk [2010.05.18 18:31:31 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.05.18 17:49:14 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2010.05.18 17:21:29 | 000,001,055 | ---- | C] () -- C:\Users\Hagen\Desktop\Spybot - Search & Destroy.lnk [2010.05.17 20:10:09 | 000,001,432 | ---- | C] () -- C:\Users\Hagen\Desktop\DivX Movies.lnk [2010.05.17 20:09:04 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.05.17 20:08:15 | 000,000,957 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.05.17 20:04:32 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.05.17 20:00:16 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.17 19:59:27 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.17 18:18:59 | 007,845,830 | ---- | C] () -- C:\Users\Hagen\Documents\AutoRuns.arn [2010.05.17 17:21:07 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2010.05.17 17:21:07 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2010.05.16 12:53:07 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe [2010.05.16 12:15:35 | 000,001,892 | ---- | C] () -- C:\Users\Hagen\Desktop\HijackThis.lnk [2010.03.08 18:00:52 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.12.08 18:02:40 | 000,000,000 | ---- | C] () -- C:\Windows\AoADVDRipper.INI [2009.12.08 18:02:31 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.12.08 18:02:31 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.09.11 16:47:51 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL [2009.09.11 16:47:51 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL [2009.08.22 13:51:05 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI [2009.08.22 13:40:46 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.08.22 13:40:34 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.07.24 23:16:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.14 16:05:18 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.05.14 16:05:17 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.04.21 03:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini [2009.04.02 10:37:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.11.13 06:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini [2008.10.22 11:31:21 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.08.04 15:06:13 | 000,003,595 | ---- | C] () -- C:\Windows\cdplayer.ini [2008.03.21 12:05:57 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest [2008.01.27 13:31:10 | 000,000,038 | ---- | C] () -- C:\Windows\System32\w3url.dll [2008.01.26 14:01:21 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2008.01.26 13:59:49 | 000,000,140 | ---- | C] () -- C:\Windows\ODBC.INI [2007.12.29 14:11:01 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2007.12.29 14:11:01 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2007.10.27 10:26:34 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2007.10.07 15:02:46 | 000,001,053 | ---- | C] () -- C:\Windows\PStudio.ini [2007.10.07 15:02:46 | 000,000,032 | ---- | C] () -- C:\Windows\album.ini [2007.10.07 13:09:54 | 000,000,067 | ---- | C] () -- C:\Windows\StationRipper.INI [2007.10.07 13:09:48 | 000,000,205 | ---- | C] () -- C:\Windows\sripper.ini [2007.10.07 13:09:48 | 000,000,052 | ---- | C] () -- C:\Windows\StreamRipper32.INI [2007.10.07 13:05:37 | 000,000,022 | ---- | C] () -- C:\Windows\op70.ini [2007.10.07 11:39:49 | 000,000,352 | ---- | C] () -- C:\Windows\WINCMD.INI [2007.08.19 15:07:11 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2007.07.25 17:00:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dzcarrara.dll [2007.07.25 16:33:06 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dzwrapper.dll [2007.07.25 16:33:06 | 000,032,256 | ---- | C] () -- C:\Windows\System32\dzbryce6.dll [2007.07.25 16:29:50 | 007,921,664 | ---- | C] () -- C:\Windows\System32\dzcore.dll [2007.07.25 13:37:26 | 006,131,712 | ---- | C] () -- C:\Windows\System32\daz-qt-mt.dll [2007.07.25 13:37:26 | 001,785,856 | ---- | C] () -- C:\Windows\System32\daz-qsa.dll [2007.07.25 13:27:22 | 002,076,672 | ---- | C] () -- C:\Windows\System32\dz3delight.dll [2007.06.26 19:14:49 | 000,002,423 | ---- | C] () -- C:\Windows\WININIT.INI [2007.05.26 11:23:50 | 000,000,054 | R--- | C] () -- C:\Windows\System32\ctzapxx.ini [2007.05.26 11:22:58 | 000,008,251 | R--- | C] () -- C:\Windows\sfsyn.ini [2007.05.26 11:22:57 | 000,137,728 | R--- | C] () -- C:\Windows\System32\OemSpi.dll [2007.05.26 11:22:57 | 000,053,248 | R--- | C] () -- C:\Windows\System32\P17CPI.DLL [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:294A20C2ABB7650B @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:1048AE9D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:30FD0CBD @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
20.05.2010, 18:45
| #3 |
| | Wow Acount Hack OTL-Extras
__________________Code:
ATTFilter OTL Extras logfile created on: 20.05.2010 17:28:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\Hagen\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244,62 Gb Total Space | 130,29 Gb Free Space | 53,26% Space Free | Partition Type: NTFS
Drive D: | 127,99 Gb Total Space | 89,60 Gb Free Space | 70,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 3,73 Gb Total Space | 0,14 Gb Free Space | 3,80% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Computer Name: HAGEN-PC
Current User Name: Hagen
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MMonk\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MMonk\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MMonk\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27247ADD-FDA7-4493-A158-0639F11C7131}" = lport=25839 | protocol=17 | dir=in | name=bitcomet 25839 udp |
"{5BE20E6C-6C19-4F52-B999-C6275A800270}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{64E5094B-08CF-4BEC-A40C-606324BFE7F0}" = lport=25839 | protocol=6 | dir=in | name=bitcomet 25839 tcp |
"{8D726A82-A095-461D-83C5-353340EF4A0E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{C5D772F5-809E-4570-AE0D-F6D1B8790EF9}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{E1889971-E551-403B-806B-BD46808855B2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1162B006-3B69-44BA-A7A4-EABE04C3E06E}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{1198A007-EF5A-4E25-9BD1-CF925077B01E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1C65F4C9-C511-4850-B364-48E1C6D07689}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{1EC80E68-037A-48AF-8E7B-2F22EB62F1E3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{2206F623-6C95-4972-BC99-2D8A06EE556F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{23610657-DC5D-451E-BC04-5515183A825F}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{236D0299-BE49-4759-9128-DAD0EC36F867}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{24DA379F-D06F-4637-9325-62971BCC36B2}" = protocol=17 | dir=in | app=c:\program files\cyanide\loki\autorun\autorun.exe |
"{263828E3-0938-42CE-A2EE-0CED9C7D2334}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{29765821-CD20-47D6-9B3D-E8F0F3A9543B}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2A6F2C03-F5AA-4C63-8785-F502E0515018}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{33548D30-BDB4-4DCE-BB54-5B91C173B7B5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{366656B1-01AC-4643-A9F2-E50576D8E038}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager 1.0\mediamanager.exe |
"{3804EAAB-1092-4657-A2BA-DA168FF5EE89}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{39C962E5-06E5-460F-BDA6-26ABDA40F6DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{45B1B3BA-D1F3-4A67-968E-522531658A5E}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\rpcsandrasrv.exe |
"{47527BC6-367A-4C6B-915B-20F0A575C7D4}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{48A83424-9B74-488C-BBD0-FF422F92991F}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{4B8940C7-A23A-44E4-A716-8C3BFA33FD49}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{4E32935F-0997-467D-BBDE-5868DA4BFADB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{548C9FFE-92D3-42F9-A105-9317DDC41278}" = protocol=17 | dir=in | app=c:\program files\cyanide\loki\loki.exe |
"{58E54953-4838-4B6B-BD8F-2D53B068DE53}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe |
"{5F2AD5BA-530F-4264-97AF-C74203E57E80}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{640C57ED-70AC-4272-9FC5-5E6341BF11E3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{6680776A-C9F8-40EC-BFED-25274D546180}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{7388A654-58EE-4E46-9B60-6BAABFDBF92B}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{78161FD6-BA37-446F-BD6E-A45C47CDEFD3}" = protocol=6 | dir=in | app=c:\users\hagen\appdata\local\apps\2.0\era78qdd.zhl\8ea5qhp4.6dv\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{78EE4E97-108E-4DB2-84B3-33A64C86F6A8}" = protocol=17 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
"{7F7591B2-0746-4F2D-B763-C83276DFC10C}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{81864309-8545-45C2-B1FE-B70226B02075}" = protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xi.sp3\win32\rpcdatasrv.exe |
"{8A939E56-30B9-4BCC-AE40-9B00F1106C58}" = protocol=6 | dir=in | app=c:\program files\cyanide\loki\loki.exe |
"{94CC542D-DC46-42B2-AF89-616367CF0D16}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{96682715-1E86-49DB-A4D8-B106273568E7}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{988317C2-94C9-47E9-BD91-241156A856A5}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |
"{9DDB0D19-9A21-45AC-8ACE-ED3FB91A1A1D}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{AC8623B9-97FC-435A-B89A-059176CC6DE3}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{AD4AED54-6F6B-4FC3-9485-5185CD612E7F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B02270FE-78F5-456B-A3D8-9EBF61243B1A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{B0B89579-D3EE-485C-A316-DE221580A56C}" = protocol=17 | dir=in | app=c:\users\hagen\appdata\local\apps\2.0\era78qdd.zhl\8ea5qhp4.6dv\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\curseclient.exe |
"{C4AF87F0-C0B6-4A0E-A474-CC81A91981FB}" = protocol=6 | dir=in | app=c:\program files\cyanide\loki\autorun\autorun.exe |
"{C81FED51-D358-4A7A-84FE-40C8D2C0B08F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{C9326222-54B9-48AC-9779-9A5005658B55}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{D7A7E1CB-30B3-4249-A40E-632B8026E337}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E2CEA6E0-7B70-430B-BF94-A0C36C451159}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"{F04E2847-1276-410A-8857-E029BC596499}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe |
"{F807B5AB-CBC0-4572-A96D-A0D65FF9B197}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"TCP Query User{0A5689A0-9F2C-4030-A9DD-2F6DF6A7EE63}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{48664632-2698-4595-9946-3B8AE7786525}C:\program files\movie torrent\movie torrent.exe" = protocol=6 | dir=in | app=c:\program files\movie torrent\movie torrent.exe |
"TCP Query User{63C5F1EB-7B46-4C78-A1E8-4768AEDF3DAC}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{9C7A7F5E-9724-4DE0-AEFE-8666793B58BC}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe |
"UDP Query User{3DD01CEC-32EA-4BAD-A7EF-65E73E89A45F}C:\program files\movie torrent\movie torrent.exe" = protocol=17 | dir=in | app=c:\program files\movie torrent\movie torrent.exe |
"UDP Query User{52BB4759-BA28-45E2-A064-D72FCE6A5409}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{7CD1E17D-83DD-48C0-B531-85416FC61CBA}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{D736CD73-FA68-42B8-ACF4-3EF31E09E925}C:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\wow-2.1.2.6803-to-2.1.3.6898-dede-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04C283E4-7FB0-417C-26DD-4AF656A0DECA}" = Catalyst Control Center Graphics Full New
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{091DE262-A5F4-4D6A-97F0-0D6A93D6F4F7}" = RawPacketDriver
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{11BBAE1C-27AE-4ABA-A54C-9FFE3844CCEC}" = GMX Firefox Paket
"{13C24BBC-F194-C886-C993-93CDA31EF5EE}" = CCC Help Turkish
"{18550D66-9E2F-E996-4374-922CE5136D2B}" = CCC Help English
"{1860CF27-32FE-95D7-014F-F4C210988BB7}" = ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2491C25B-5BDF-139A-20BC-C081DCBF653D}" = CCC Help German
"{2585FE80-3666-B768-93B2-A7585C4BB2B1}" = ccc-core-static
"{26A1E9CF-BFC1-4309-80CD-C182D80922DB}_is1" = Artweaver 0.5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27A07F33-EADC-8971-6D13-6263D4E90809}" = CCC Help Finnish
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32ABC0EB-8F69-B431-49F5-5C1150E7B7C7}" = Catalyst Control Center Graphics Previews Common
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{39AF8F9C-FAF2-2012-C5A2-8AD0B6DE3B95}" = CCC Help Hungarian
"{3B2A1453-E69E-5F62-AA11-AB09A4E962AD}" = Catalyst Control Center InstallProxy
"{3BCE3FDF-4A7A-FBAC-65B3-F517DF651076}" = CCC Help Swedish
"{4142E5E1-1415-E7AF-8631-62DF8AFF4F73}" = ATI Catalyst Install Manager
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{452A1FAC-F5A0-471E-B8AA-F2B0990E18D6}" = Auction Studio 2009
"{46157EFF-B576-CA93-0DE0-41B6B5406432}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5384EA8A-FECA-4D6E-B7B4-3D4D9D47E5DF}" = Preispiraten
"{5592EAD5-22E8-9AEC-0A8F-19D0EDFD88F0}" = Catalyst Control Center Graphics Light
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C62F4FE-E4FB-7193-C1B4-B6A8A557BFDE}" = CCC Help Danish
"{5C72622B-643D-4296-B57D-5D53D0C68509}" = Sony Ericsson Media Manager 1.0
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5E992B43-7F22-59E9-4BCF-FD5157F221F9}" = ATI AVIVO Codecs
"{5EA4D0FB-6988-A40B-BC17-10D5F2D70225}" = CCC Help Greek
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63B3C1C7-CE1A-F2A8-229F-8ED4BE8AF38B}" = Catalyst Control Center Core Implementation
"{6469F22F-63C7-527E-32EE-F8DCB8E711A8}" = CCC Help Spanish
"{73688255-C643-AFBA-C1AA-8849599838C7}" = CCC Help French
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80081D11-89C4-F3A5-68D0-024498FBC7BF}" = CCC Help Chinese Traditional
"{822A8730-86A7-4CAA-BDE1-7337169BFF2B}" = Sound Blaster X-Fi Xtreme Audio
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8DD28683-B0FB-3562-8AC1-B3E478E6A3E0}" = CCC Help Polish
"{8F1DA256-8440-A54D-914D-BAE11062F354}" = CCC Help Russian
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{994A45A7-506C-B1A2-C1E4-CE5CA33D3653}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDC9FF8-1BDC-48AA-8E9B-327F984D0E3E}" = Preispiraten
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A176E83C-9514-A97E-7536-9BDEAC180198}" = CCC Help Norwegian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7988138-1065-5B78-3C8A-98A53EE9EF6D}" = CCC Help Chinese Standard
"{B9A7A351-6C55-697A-8919-9BF7EFED05B3}" = Catalyst Control Center Graphics Full Existing
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1
"{C6B29F03-4D97-3B4E-D906-70958E6B1448}" = HydraVision
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CA97E53B-2E94-6602-2956-C2D37B91ECE3}" = CCC Help Portuguese
"{CC6E0CC3-0C86-B773-4D82-8188FB91E62E}" = CCC Help Korean
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = HP Wireless Adapter
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D6421134-78C3-8E9D-1512-5BA1B2088DCF}" = CCC Help Dutch
"{DA9C6CBF-8955-966B-3A87-62AFA677C292}" = CCC Help Czech
"{DB30B278-35EF-2836-B6EC-37639BBBF215}" = Catalyst Control Center HydraVision Full
"{DC19A2BC-9698-430E-AD50-456B837B1BCD}" = GoGear SA018 Device Manager
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E36899ED-7F05-45C0-A417-3B60EB9F7965}_is1" = concept/design Hit-Recorder 2
"{E899BF79-446D-C365-81D7-901D30C58206}" = CCC Help Japanese
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F08C8A50-8061-2B2A-C0F9-F0715740DE4A}" = Catalyst Control Center Graphics Previews Vista
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7D480DD-8D1A-470D-87C6-3B9DBF6A629B}" = Buyertools Reminder
"{FAE94B77-CBC4-AA4D-676B-1588EFA5C1CE}" = Catalyst Control Center Localization All
"1&1 EasyLogin" = 1&1 EasyLogin
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Auction Studio 2009" = Auction Studio 2009
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.3.0" = Biet-O-Matic v2.3.0
"BlindWrite 6_is1" = BlindWrite 6
"CloneDVD2" = CloneDVD2
"CoffeeCup Free Viewer Plus" = CoffeeCup Free Viewer Plus
"Copernic 2001 Plus" = Copernic 2001 Plus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Eigenschaften von Creative Sound Blaster
"DAZ|Studio" = DAZ|Studio 1.7.1.5
"DC-Bass Source" = DC-Bass Source 1.1.1
"Deep Paint" = Deep Paint
"DirectVobSub" = DirectVobSub (remove only)
"DirectX" = DirectX deinstallieren
"DirectX Buster" = DirectX Buster 2.1 Beta 4
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Dungeon Keeper II" = Dungeon Keeper 2
"DVD-lab PRO 2.51_is1" = DVD-lab PRO 2.51
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Dynamic-Photo HDR 4 (Trial)_is1" = Dynamic-Photo HDR Trial 4.5
"Easy DVD Clone" = Easy DVD Clone
"Easy DVD Shrink" = Easy DVD Shrink
"EditStudio_is1" = EditStudio 6.0.5
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FairStars CD Ripper_is1" = FairStars CD Ripper 1.22
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.2.8.1
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.3
"Harry's Filters 3" = Harry's Filters 3
"HijackThis" = HijackThis 2.0.2
"Incomedia WebSite X5 v8 - Smart" = Incomedia WebSite X5 v8 - Smart
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Jack Keane" = Jack Keane
"Jagged Alliance 2" = Jagged Alliance 2
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Jukebox 12" = Media Jukebox 12
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Picasa 3" = Picasa 3
"PixelSampler_is1" = PixelSampler
"Pixillion" = Pixillion Image Converter
"PreisHai_is1" = PreisHai 4.1
"Prism" = Prism Video Converter
"S2TNG" = Die Siedler II - Die nächste Generation
"SHOUTcast Source" = SHOUTcast Source (remove only)
"SmartToolseBook DAO, ADO Recordsetsv1.00" = SmartTools Publishing • Access eBook DAO, ADO Recordsets
"SShockDeinstallKey" = System Shock2
"StationRipper" = StationRipper 2.87
"TagScanner_is1" = TagScanner 5.0 build 516
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Techinfo Doppelte Datensätze" = Techinfo Doppelte Datensätze
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"Uninstall_is1" = Uninstall 1.0.0.1
"Video Card Stability Test" = Video Card Stability Test
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.1
"WaveStudio 7" = Creative WaveStudio 7
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"WinGimp-2.0_is1" = GIMP 2.6.7
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"World of Warcraft" = World of Warcraft
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Muziic Player & Encoder" = Muziic Player & Encoder
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"SmartTools Publishing · Access-Fenster skalieren" = SmartTools Publishing · Access-Fenster skalieren
"SmartTools Publishing · Erweiterte MsgBox für Access" = SmartTools Publishing · Erweiterte MsgBox für Access
"SmartTools Publishing · SQL aus Abfragen" = SmartTools Publishing · SQL aus Abfragen
"SmartTools Publishing · SQL für Formulare" = SmartTools Publishing · SQL für Formulare
"StationRipper" = StationRipper 2.93B
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2010 11:09:26 | Computer Name = Hagen-PC | Source = Application Hang | ID = 1002
Description = Programm Wowhead_Client.exe, Version 1.5.0.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: e5c Anfangszeit: 01caf5d2de83252d Zeitpunkt
der Beendigung: 16
Error - 17.05.2010 11:10:39 | Computer Name = Hagen-PC | Source = Perflib | ID = 1008
Description =
Error - 17.05.2010 11:10:39 | Computer Name = Hagen-PC | Source = Perflib | ID = 1010
Description =
Error - 17.05.2010 11:10:42 | Computer Name = Hagen-PC | Source = Perflib | ID = 1008
Description =
Error - 17.05.2010 14:13:33 | Computer Name = Hagen-PC | Source = MsiInstaller | ID = 11500
Description =
Error - 18.05.2010 11:30:24 | Computer Name = Hagen-PC | Source = Application Hang | ID = 1002
Description = Programm setup.exe, Version 9.0.0.782 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: c Anfangszeit: 01caf69e92d49e11 Zeitpunkt der Beendigung: 4
Error - 18.05.2010 12:18:07 | Computer Name = Hagen-PC | Source = VSS | ID = 12289
Description =
Error - 18.05.2010 12:19:04 | Computer Name = Hagen-PC | Source = VSS | ID = 12289
Description =
Error - 19.05.2010 11:19:52 | Computer Name = Hagen-PC | Source = ESENT | ID = 215
Description = WinMail (3628) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 19.05.2010 12:40:33 | Computer Name = Hagen-PC | Source = MsiInstaller | ID = 10005
Description =
[ System Events ]
Error - 17.05.2010 11:40:02 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 17.05.2010 11:44:08 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 17.05.2010 12:12:23 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 17.05.2010 12:12:54 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.05.2010 12:12:54 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 18.05.2010 11:11:37 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 18.05.2010 11:49:40 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 18.05.2010 12:34:39 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 18.05.2010 12:38:05 | Computer Name = Hagen-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.05.2010 11:16:28 | Computer Name = Hagen-PC | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description =
< End of report >
Malware sagt auch nix: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4118 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 20.05.2010 18:45:12 mbam-log-2010-05-20 (18-45-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 320824 Laufzeit: 1 Stunde(n), 8 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Bin für jede Hilfe dankbar.. |
|
| Themen zu Wow Acount Hack |
| 0 bytes, ad-aware, antivir, ask toolbar, ask.com, avg free, avg security toolbar, avira, avp.exe, bho, browser, browser guard, checkpoint, compare, desktop, ebay, firefox, g data, google, hijack, hijackthis, home, jusched.exe, local\temp, malware, mozilla thunderbird, notepad.exe, nt.dll, programm, scan, security, senden, server, software, spyware, starten, suchlauf, system, versteckte objekte, verweise, virus gefunden, vista, windows |
Linear-Darstellung
