Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.06.2010, 18:27   #1
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo zusammen,

dies ist mein erster Beitrag in diesem Forum.
Ich habe mir letzte Woche nen Virus eingefangen der sich als Virenscanner getarnt hat, exakt vor der Abfahrt in meinen Urlaub.
Zum Glück hatte ein Kumpel auf meinem Rechner Codestuff Starter und procexp. installiert. Damit konnten wir beim Neustart den Virus am starten hintern und haben folgende Autostarts deaktiviert
ixux.exe, Dwx.exe und tahqgumtssd.exe

Gestern und heute habe ich mich dann im Netz schlau gemacht. Antivir und Microsoft Essentials drüber laufen lassen. Anschließend noch Adaware und Spyboot Search and Destroy ebenso mit CC Cleaner die Registry mehrmals bereinigt. Schlussendlich mit HiJack mehrere Logfiles gemacht, diese geprüft und bereinigt.
So wie es aussieht ist mein System nun sauber, zumindest wenn ich nach dem letzten HiJack Logfile gehe.
Da ich aber so was zum ersten mal gemacht habe bin ich mir nicht sicher. Habe ich vielleicht was übersehen oder bin ich wirklich aus dem Schneider?
Vielen Dank für die Hilfe im voraus Powersearcher (leider ist das r bei der Anmeldung hier verloren gegangen ;-)
Anbei der aktuelle Logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:41, on 27.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Ahead\Lib\NeroGadgetCMServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\CodeStuff\Starter\Starter.exe
C:\Users\M.S.\Desktop\procexp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\M. S.\Downloads\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} (AstroAvengerLoader Control) - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AAV UpdateService - Unknown owner - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sceneo PVR Service (srvcPVR) - Buhl Data Service GmbH - C:\Program Files\Sceneo\Bonavista\Services\PVR\PVRService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: CHIPDRIVE SCARD Service (TWKSCARDSRV) - SCM Microsystems - C:\Windows\SCARDS32.EXE
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 13237 bytes

Alt 27.06.2010, 18:30   #2
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
MSConfig
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread


Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt
__________________

__________________

Alt 27.06.2010, 20:10   #3
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Icon24

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo Larusso,
vielen dank für die schnelle Antwort.
Ich habe/hatte vor meine Daten zu sichern und mir in den nächsten Wochen eine neue Festplatte zu besorgen.
Leider kam mir der Virus ein bißchen zu früh in die Quere und ich weiss nicht ob ich mir beim letzten Backup, auf der externen Festplatte, den Burschen mit gesichert habe.
Anbei die gewünschten Logfiles, ich hoffe ich hab alles richtig gemacht.
Wenn nicht einfach meckern

Grüße powersearcher

Ich musste beide Files einzeln posten da sie zu groß sind
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.06.2010 19:24:25 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 28,68 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
 
Computer Name: MARK
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2010.06.19 12:49:24 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.02.21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.14 04:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.04.03 20:37:36 | 000,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2008.02.19 09:22:08 | 001,089,536 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2008.01.31 18:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008.01.22 13:21:44 | 000,259,368 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NeroGadgetCMServer.exe
PRC - [2007.05.12 21:46:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe
PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2006.12.01 14:37:50 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) -- C:\Windows\SCARDS32.EXE
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.12.07 22:32:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009.12.02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.07.19 11:28:31 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.19 11:28:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.27 16:37:01 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.12.18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.10.31 09:11:02 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VL807.sys -- (VL807)
DRV - [2008.10.31 09:11:02 | 000,018,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GWHid.sys -- (GWHid)
DRV - [2008.10.23 19:50:01 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008.09.17 09:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.02.20 21:42:36 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008.02.20 21:42:36 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008.01.19 07:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008.01.19 07:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008.01.19 07:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.10.03 20:55:38 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.05.17 09:45:51 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.05.17 09:45:50 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2007.05.17 09:45:49 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2007.05.17 09:45:49 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2007.05.11 17:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.04.11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.12.01 14:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.08.28 15:48:46 | 000,004,352 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TF0801.sys -- (TF0801)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKSER2K.sys -- (TWKSER2K)
DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003.04.30 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKPNP.SYS -- (TWKPNP)
DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.18 22:48:23 | 000,000,000 | ---D | M]
 
[2010.05.08 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2010.05.08 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions
[2010.05.08 16:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.08 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\pagehacker-nico@nc
[2010.05.08 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\smarterwiki@wikiatic.com
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\FireFox\Profiles\a6mz7ae3.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab (AstroAvengerLoader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0698e888-1677-11dc-813b-0019db5a3837}\Shell - "" = AutoRun
O33 - MountPoints2\{0698e888-1677-11dc-813b-0019db5a3837}\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pcwstart.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008.03.19 22:16:58 | 000,000,000 | ---D | M]
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk - C:\PROGRA~1\ADOBEM~1\ADOBEM~1.EXE - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.27 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.27 08:18:12 | 000,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2010.06.27 08:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.27 08:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010.06.27 08:12:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.06.26 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.06.19 12:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.19 12:45:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.19 10:48:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.06.19 10:42:32 | 097,364,760 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe
[2010.06.19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2010.05.20 17:33:02 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Brother
[2010.05.14 19:45:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Meine empfangenen Dateien
[2010.05.14 19:06:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\Tracing
[2010.05.14 19:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010.05.14 19:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010.05.14 18:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6Toolbar
[2010.05.14 18:21:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.05.14 18:21:32 | 000,000,000 | ---D | C] -- C:\Users\MarkAppData\Roaming\ICQ
[2010.05.14 18:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.1
[2010.05.08 21:00:56 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Mark\Desktop\procexp.exe
[2010.05.08 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Mozilla
[2010.05.08 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\zerstörer
[2010.04.28 13:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.28 13:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.04.19 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.04.19 20:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.27 19:26:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job
[2010.06.27 19:25:24 | 004,718,592 | -HS- | M] () -- C:\Users\Mark\ntuser.dat
[2010.06.27 19:24:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 19:24:07 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 19:17:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 17:40:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 17:40:56 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 10:23:53 | 000,012,466 | ---- | M] () -- C:\Users\Mark\Documents\hijackthis2
[2010.06.27 09:45:37 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.27 09:45:37 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.27 09:45:37 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.27 09:45:36 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.27 09:45:36 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.27 09:41:17 | 000,000,328 | ---- | M] () -- C:\Windows\scardsrv.ini
[2010.06.27 09:41:11 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.06.27 09:40:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 09:40:23 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.27 09:38:36 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 09:38:36 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf
[2010.06.27 09:38:33 | 006,291,456 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2010.06.27 08:23:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.27 08:13:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.27 06:15:37 | 000,001,019 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2010.06.27 06:15:33 | 000,126,464 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 19:37:56 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.19 12:49:54 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.19 12:45:50 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 11:25:08 | 000,031,858 | ---- | M] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg
[2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.06.19 10:42:37 | 097,364,760 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe
[2010.06.19 10:24:08 | 000,001,828 | ---- | M] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk
[2010.06.19 10:23:34 | 000,680,340 | ---- | M] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip
[2010.06.18 15:45:59 | 006,049,493 | ---- | M] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3
[2010.06.18 15:41:35 | 004,910,972 | ---- | M] () -- C:\Users\Mar\Desktop\Shakira - waka waka.mp3
[2010.06.18 15:38:04 | 003,998,149 | ---- | M] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.10 21:23:15 | 000,419,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.09 20:58:49 | 000,021,478 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx
[2010.06.02 20:43:27 | 000,036,864 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls
[2010.05.20 22:10:56 | 039,109,498 | ---- | M] () -- C:\Users\Mark\Documents\Jahresprogramm_webPDF.pdf
[2010.05.20 17:05:02 | 000,002,591 | ---- | M] () -- C:\Users\Mark\Desktop\Microsoft Office Word 2007.lnk
[2010.05.18 21:41:06 | 000,967,680 | ---- | M] () -- C:\Users\Mark\Desktop\.doc
[2010.05.14 18:19:53 | 000,000,033 | ---- | M] () -- C:\Users\Mark\Desktop\cmd.php
[2010.05.08 21:00:49 | 001,728,943 | ---- | M] () -- C:\Users\Mark\Desktop\ProcessExplorer.zip
[2010.05.08 20:56:30 | 000,000,953 | ---- | M] () -- C:\Users\Mark\Desktop\Internet Explorer.lnk
[2010.05.08 13:46:40 | 214,923,128 | ---- | M] () -- C:\Users\Mark\Desktop\clip0028.avi
[2010.05.08 13:44:04 | 010,238,098 | ---- | M] () -- C:\Users\Mark\Desktop\clip0027.avi
[2010.05.08 13:43:30 | 350,131,300 | ---- | M] () -- C:\Users\Mark\Desktop\clip0026.avi
[2010.05.08 13:35:28 | 274,192,286 | ---- | M] () -- C:\Users\Mark\Documents\clip0026.avi
[2010.05.08 13:31:10 | 129,251,592 | ---- | M] () -- C:\Users\Mark\Documents\clip0025.avi
[2010.05.05 14:48:12 | 000,002,032 | ---- | M] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2010.04.28 13:29:13 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.26 07:49:17 | 194,934,412 | ---- | M] () -- C:\Users\Mark\Documents\clip0024.avi
[2010.04.25 17:59:47 | 062,061,190 | ---- | M] () -- C:\Users\Mark\Documents\clip0023.avi
[2010.04.25 17:58:48 | 158,577,058 | ---- | M] () -- C:\Users\Mark\Documents\clip0022.avi
[2010.04.25 10:02:03 | 000,000,094 | ---- | M] () -- C:\Users\Mark\Documents\PDVD_MediaDisc.PlayList
[2010.04.25 08:14:44 | 417,536,496 | ---- | M] () -- C:\Users\Mark\Documents\clip0021.avi
[2010.04.25 08:10:26 | 007,971,076 | ---- | M] () -- C:\Users\Mark\Documents\clip0020.avi
[2010.04.25 08:07:35 | 001,464,918 | ---- | M] () -- C:\Users\Mark\Documents\clip0019.avi
[2010.04.24 21:19:15 | 016,297,776 | ---- | M] () -- C:\Users\Mark\Documents\clip0018.avi
[2010.04.24 21:18:35 | 037,861,808 | ---- | M] () -- C:\Users\Mark\Documents\clip0017.avi
[2010.04.24 21:17:50 | 120,898,346 | ---- | M] () -- C:\Users\Mark\Documents\clip0016.avi
[2010.04.24 21:16:39 | 002,547,616 | ---- | M] () -- C:\Users\Mark\Documents\clip0015.avi
[2010.04.24 21:16:37 | 001,362,646 | ---- | M] () -- C:\Users\Mark\Documents\clip0014.avi
[2010.04.24 21:16:36 | 000,533,100 | ---- | M] () -- C:\Users\Mark\Documents\clip0013.avi
[2010.04.24 21:16:36 | 000,509,656 | ---- | M] () -- C:\Users\Mark\Documents\clip0012.avi
[2010.04.24 21:16:30 | 138,336,402 | ---- | M] () -- C:\Users\Mark\Documents\clip0011.avi
[2010.04.24 21:14:54 | 014,959,376 | ---- | M] () -- C:\Users\Mark\Documents\clip0010.avi
[2010.04.24 13:49:14 | 039,281,058 | ---- | M] () -- C:\Users\Mark\Documents\clip0009.avi
[2010.04.24 13:01:18 | 418,863,908 | ---- | M] () -- C:\Users\Mark\Documents\clip0008.avi
[2010.04.18 23:13:15 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.18 00:27:13 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{52714324-ee21-11dd-a5af-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.18 00:27:13 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{52714324-ee21-11dd-a5af-00038a000015}.TM.blf
[2010.04.15 08:01:04 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Mark\Desktop\procexp.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.27 10:23:53 | 000,012,466 | ---- | C] () -- C:\Users\Mark\Documents\hijackthis2
[2010.06.27 08:23:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.27 08:13:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.27 06:15:37 | 000,001,019 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2010.06.26 19:37:56 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.19 17:56:29 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.06.19 12:45:50 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 11:24:40 | 000,031,858 | ---- | C] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg
[2010.06.19 10:24:08 | 000,001,828 | ---- | C] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk
[2010.06.19 10:23:32 | 000,680,340 | ---- | C] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip
[2010.06.18 15:45:59 | 006,049,493 | ---- | C] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3
[2010.06.18 15:41:35 | 004,910,972 | ---- | C] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3
[2010.06.18 15:38:04 | 003,998,149 | ---- | C] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.02 20:43:56 | 000,021,478 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx
[2010.05.24 10:18:58 | 000,036,864 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls
[2010.05.20 22:10:50 | 039,109,498 | ---- | C] () -- C:\Users\Mark\Documents\Jahresprogramm_webPDF.pdf
[2010.05.18 21:33:27 | 000,967,680 | ---- | C] () -- C:\Users\Mark\Desktop\.doc
[2010.05.14 18:19:49 | 000,000,033 | ---- | C] () -- C:\Users\Mark\Desktop\cmd.php
[2010.05.08 21:00:34 | 001,728,943 | ---- | C] () -- C:\Users\Mark\Desktop\ProcessExplorer.zip
[2010.05.08 20:56:30 | 000,000,953 | ---- | C] () -- C:\Users\Mark\Desktop\Internet Explorer.lnk
[2010.05.08 13:44:43 | 214,923,128 | ---- | C] () -- C:\Users\Mark\Desktop\clip0028.avi
[2010.05.08 13:43:58 | 010,238,098 | ---- | C] () -- C:\Users\Mark\Desktop\clip0027.avi
[2010.05.08 13:40:49 | 350,131,300 | ---- | C] () -- C:\Users\Mark\Desktop\clip0026.avi
[2010.05.08 13:31:55 | 274,192,286 | ---- | C] () -- C:\Users\Mark\Documents\clip0026.avi
[2010.05.08 13:30:17 | 129,251,592 | ---- | C] () -- C:\Users\Mark\Documents\clip0025.avi
[2010.04.28 13:29:13 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.04.26 07:47:57 | 194,934,412 | ---- | C] () -- C:\Users\Mark\Documents\clip0024.avi
[2010.04.25 17:59:24 | 062,061,190 | ---- | C] () -- C:\Users\Mark\Documents\clip0023.avi
[2010.04.25 17:57:48 | 158,577,058 | ---- | C] () -- C:\Users\Mark\Documents\clip0022.avi
[2010.04.25 08:12:17 | 417,536,496 | ---- | C] () -- C:\Users\Mark\Documents\clip0021.avi
[2010.04.25 08:10:23 | 007,971,076 | ---- | C] () -- C:\Users\Mark\Documents\clip0020.avi
[2010.04.25 08:07:34 | 001,464,918 | ---- | C] () -- C:\Users\Mark\Documents\clip0019.avi
[2010.04.24 21:19:09 | 016,297,776 | ---- | C] () -- C:\Users\Mark\Documents\clip0018.avi
[2010.04.24 21:18:20 | 037,861,808 | ---- | C] () -- C:\Users\Mark\Documents\clip0017.avi
[2010.04.24 21:17:08 | 120,898,346 | ---- | C] () -- C:\Users\Mark\Documents\clip0016.avi
[2010.04.24 21:16:37 | 002,547,616 | ---- | C] () -- C:\Users\Mark\Documents\clip0015.avi
[2010.04.24 21:16:36 | 001,362,646 | ---- | C] () -- C:\Users\Mark\Documents\clip0014.avi
[2010.04.24 21:16:36 | 000,533,100 | ---- | C] () -- C:\Users\Mark\Documents\clip0013.avi
[2010.04.24 21:16:35 | 000,509,656 | ---- | C] () -- C:\Users\Mark\Documents\clip0012.avi
[2010.04.24 21:14:56 | 138,336,402 | ---- | C] () -- C:\Users\Mark\Documents\clip0011.avi
[2010.04.24 21:14:49 | 014,959,376 | ---- | C] () -- C:\Users\Mark\Documents\clip0010.avi
[2010.04.24 13:48:42 | 039,281,058 | ---- | C] () -- C:\Users\Mark\Documents\clip0009.avi
[2010.04.24 12:58:57 | 418,863,908 | ---- | C] () -- C:\Users\Mark\Documents\clip0008.avi
[2010.04.18 18:18:43 | 000,524,288 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000002.regtrans-ms
[2010.04.18 18:18:43 | 000,524,288 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.04.18 18:18:42 | 000,065,536 | -HS- | C] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf
[2010.04.12 21:32:33 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2010.04.09 22:12:19 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.09 22:12:15 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.27 11:03:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.27 11:03:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.27 10:55:24 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.01.30 11:12:55 | 000,004,352 | ---- | C] () -- C:\Windows\System32\drivers\TF0801.sys
[2009.12.07 18:26:12 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI
[2009.08.18 20:47:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.07 15:46:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.07.07 15:46:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.08 08:22:19 | 000,027,184 | ---- | C] () -- C:\Windows\System32\drivers\VL807.sys
[2009.02.08 08:21:53 | 000,064,048 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll
[2009.02.08 08:21:53 | 000,055,856 | ---- | C] () -- C:\Windows\System32\iFT7195.dll
[2009.02.05 19:06:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.12.12 08:43:43 | 000,000,160 | ---- | C] () -- C:\Windows\asrapi.ini
[2008.12.12 08:43:03 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll
[2008.10.15 19:30:20 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.10.15 19:30:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.10 20:50:02 | 000,000,065 | ---- | C] () -- C:\Windows\WININIT.INI
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008.05.07 21:04:51 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.05.07 21:04:51 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007.10.03 20:55:38 | 000,639,224 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.05.26 15:51:54 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.05.26 15:51:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.05.14 20:58:55 | 000,000,015 | ---- | C] () -- C:\Windows\PUST2.ini
[2007.05.08 18:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\TCLOG.INI
[2007.05.07 18:16:07 | 000,000,328 | ---- | C] () -- C:\Windows\scardsrv.ini
[2007.05.06 20:46:01 | 000,000,610 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 17:17:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.20 08:34:10 | 000,000,114 | ---- | C] () -- C:\Windows\Buhl.ini
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2009.11.27 22:38:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Any Video Converter
[2009.11.27 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Any Video Converter Professional
[2009.01.17 15:04:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Bayer04 Publisher
[2008.05.18 10:13:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Buhl Data Service
[2009.08.06 18:59:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Buhl Data Service GmbH
[2007.05.07 19:06:24 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\DataDesign
[2008.03.14 21:20:31 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\dp3d
[2007.10.02 23:01:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Engelmann Media
[2009.11.27 18:00:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FreeVideoConverter
[2010.05.18 18:53:36 | 000,000,000 | ---D | M] -- C:\Users\Marku\AppData\Roaming\ICQ
[2008.12.13 23:27:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Imperium Romanum
[2010.02.01 15:47:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LetsTrade
[2009.06.21 12:54:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MAGIX
[2010.02.23 17:40:06 | 000,000,000 | ---D | M] -- C:\Users\MarkAppData\Roaming\ManyCam
[2009.05.11 17:42:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MuldeR
[2007.11.26 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\My Games
[2009.10.19 16:52:07 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Nokia
[2009.01.03 12:51:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org
[2008.11.30 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PC Suite
[2007.05.25 21:29:23 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PeerNetworking
[2009.02.05 19:21:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ProtectDisc
[2009.10.07 19:55:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Robots
[2008.03.21 14:31:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teleca
[2007.05.06 22:16:33 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Template
[2010.05.26 22:46:39 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Teup
[2009.11.24 19:24:36 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TVcentral-Core
[2010.03.23 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ubisoft
[2007.05.12 09:38:43 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ulead Systems
[2010.05.28 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Uxfov
[2010.06.27 09:38:55 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.27 19:26:00 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.06.27 09:40:21 | 000,002,012 | ---- | M] () -- C:\aaw7boot.log
[2008.10.11 15:08:19 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007.02.09 14:38:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.06.27 09:40:23 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2007.02.10 17:20:15 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.02.15 23:52:30 | 000,000,905 | -H-- | M] () -- C:\IPH.PH
[2007.02.10 17:20:15 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.27 09:40:21 | 2459,705,344 | -HS- | M] () -- C:\pagefile.sys
[2006.11.29 23:29:40 | 000,000,512 | ---- | M] () -- C:\TVE.iss
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.08.14 04:16:22 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.19 20:47:42 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >
         
--- --- ---
__________________

Alt 27.06.2010, 20:11   #4
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



hier der zweite

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.06.2010 19:24:25 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 28,68 Gb Free Space | 10,64% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
 
Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CBC1B0-79AC-4AD3-A546-A2E33C6B7609}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{0D198F02-52ED-4ECC-B7C6-BF51E2D0424F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{1B5690D5-33F9-4D79-B127-8F5E871701B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{1E87AEBB-E3B0-46C5-8B0F-F17B67BA8ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1FFEE479-4F84-4CFC-82EF-578E116FFAF9}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{22A575F3-07B6-484E-B219-96D22F0DE313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{26A5DF50-0C4A-43D7-9E34-0328CE3F9526}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2C536B09-3AAE-4EFD-8D03-ED11C149B7CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{355CA782-D708-4BB8-A02F-FFB99A507F15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{38838B88-7BF8-4376-B5BE-567D8BA2802E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D488C39-EF67-4851-898F-49F5169E2D2F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{3D78703F-8268-4A05-B37A-D939BD562B02}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4E0FEF2E-EDB2-42FE-B8D6-A7E80756C5D6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{4F4A14F3-47C9-47F8-86A2-14681C73B9C6}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{4F65B46D-5880-49FB-A262-37A18E261E5E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{5BD1BDDD-834F-41C4-81F1-CBC7A01A4B77}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5DDECE78-67C0-4E0E-BB9B-7FA20CDE1E10}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{60F91A31-DEB3-48DA-8B5E-2BF65C50DB60}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{740A023A-2160-4ABC-A2C6-4D8B48290AC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78D5BCB7-79C7-4F93-BDE1-B49C3DFCF4F0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{7F78B9DD-8FD0-4C51-806D-59793DD5F658}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{88AE2DB5-9522-47A8-BBFB-D7DDF7D4F4C0}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{897C0FE8-6576-4B20-98D8-00D8AB4BEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{930ED437-D85D-4034-9966-D47DAAE73AB5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{99D12D0E-03B3-4737-B324-7D252F4B5722}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{B3DF2580-F75C-46C5-9F0E-4EF59A5395B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B67A5FD6-2DE2-4ADA-ABC8-911AFB9797F2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CADABE61-8DA2-46A7-A7E0-2D9AC1D71351}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{E79255F1-9522-43DC-A80A-00F7204257EC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EAA8B625-7FFB-48CE-BCC3-142F0BBCAF25}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56ADE-2E8D-4D07-BA0C-09FD401E032E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{08C77F3C-B232-4A59-9377-6BC3F42CE7A0}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0B41292A-BFC4-4DBA-91A9-8E6098293177}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{1190C1CA-7AED-4D29-85D4-AADC1F0D1C81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe | 
"{1317EA3D-E0A5-4F02-A477-A351853008AA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{14E00577-7BD1-49EB-AFD3-D287F765BC5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{17E02DF2-83C2-4E1C-B6DF-E490B5137D73}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{1D9C9E28-CF47-4C85-B483-8C83D7DE1992}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{28A74334-DE56-4DEE-89C4-BC633EF1E47D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{2B7994E2-76D4-4A7D-A115-C1271337C6E3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2EBCDF1C-D9ED-47B4-86AC-2E642ABDD10D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{33EBF189-2B7A-4302-9A32-2F669B7CD033}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{368BC80A-7010-4BE8-BB43-0064CFE9C16A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{3824DAAB-3471-42E7-ABA0-48968FAB9996}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{42FF3394-75B6-4A8A-AA67-4A1800F4EFB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{4664A922-B9BA-4960-9546-654DD0D51B57}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{47F784DE-8962-48F2-871D-04825AAF38CC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{4A88DA37-B671-4F32-A70F-E0FA452E69A9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe | 
"{4B711CE7-1494-4505-A991-65F984B0A007}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4BFA13AC-40F1-41B1-963C-81A479DE31B9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{516F2D29-1E65-4A77-9DFF-CA76A98F16E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{586F126F-7F84-44ED-8A8E-BBB99E887229}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{59C73435-0CAB-4740-A966-53BC16221577}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59F990E5-81DD-498A-A391-18780015D87D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{691B8BE3-9BC3-4330-B313-5DC578250DED}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{69B4337B-16AF-45D3-BACC-226821A02D68}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{6C2ADBE1-81DD-4DE6-BB68-AC359D18D6A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{6E6F63A9-9C6F-48CC-9814-EA6E7C485721}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{75F58A64-047F-408B-A3D1-93BD279C184C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{78C8811E-F6DF-4F57-ACF5-9C2050CD17AF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{79980D05-554A-45E2-A03E-FD2261CA090F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8BEFE9AA-39AF-4AD1-B99F-7664B47413D2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{91FE0556-A73E-49A7-A5EE-A04B18A0DDC8}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B2E95EE-00CA-428E-90F0-F59D7803FE93}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{A9B6FEDC-05B8-414F-AA31-9084CC001A99}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AC775A12-FF52-4C0C-A83A-639755D94218}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B28D1979-7475-490D-8175-573C4CAF935A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{B513CCCE-2EC1-449C-B8C3-287651017C7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B7B6D999-7F54-4FA3-B866-1CAD27B76F9E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{B870B9B8-AE5C-4F76-AD1D-3192AA8BA994}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B98FF62E-ED00-468F-8F88-ED3B5EC5C95A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BB2FBDFB-DCC2-489C-AAA7-A9FE418D4D02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC61D0DA-A3A8-4C60-BF16-CEE64E4C111D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{BF12935C-E1BA-4B49-B9E3-AA13EF2979EB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C9DC6B03-22A0-45AD-8EB3-F0E2B70E8B1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{CA044B58-2BB9-4BC4-B272-256C7432D426}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CADAFD28-5210-425E-8542-DBA9E768A7E1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CE63222C-6E80-45DF-BEE9-FB270889A597}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{CF6B80F9-0737-423A-B854-9BBCCC2C3E79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{DAA853F0-DA7C-4017-A27A-D4AAF1527068}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe | 
"{DD889D98-2E7C-4E1F-810E-9F5A1912A770}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E55A7624-6129-4BCC-B3D6-F3453272E62E}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E584CCC2-2EA6-445C-805D-1ECA275C3364}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{EFED6540-E96C-4F1F-AC19-3A4B45E795B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{F5DFBBCD-B201-4E91-A961-D6DC4AF2AE73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{FC248F42-B34E-48D6-831F-4AC7E76E9A59}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"TCP Query User{00976E33-A593-4F88-A7CB-F4FD148CC3A9}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"TCP Query User{02049D0A-0594-4493-BFD1-00CA59F1C8A4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{162C956A-1D30-4758-BCC6-A585CDE2AA01}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe | 
"TCP Query User{1C03DC42-2A82-49D5-A51A-3A4A72A4C835}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{1D24D467-0755-4027-9028-FDC27627B470}C:\program files\capcom\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe | 
"TCP Query User{20CE3137-20CD-4043-AA1F-FFC83F9FF1D8}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=6 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe | 
"TCP Query User{23423AF3-15F9-4E6A-BCE2-1ED4AF0CD535}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{2A491597-1C4B-413F-8744-02FC0920F4FE}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"TCP Query User{2A63B7BE-9F78-4BFA-969A-6100BB266F4D}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe | 
"TCP Query User{34149E9A-D625-48BF-8C95-2F711A9656FE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{3537AEC0-4946-4BE8-A9C6-7C0B06BE1064}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"TCP Query User{36F525F1-D0BC-4080-9E07-BC9F5440170B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{3895D241-4CF6-4C1C-92A7-2921139C152E}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"TCP Query User{44B1DF90-5A7B-4392-8CBF-58A0B6863E6E}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{48600E56-F316-4DEB-BC5B-EDB402004D11}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"TCP Query User{4977C400-8FC6-48A4-9EDA-2DC65D4317D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{592F564B-90CE-4F63-B95E-F7DAE2D7A223}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{65E4F729-5176-48FD-96B8-E90C3F818A5B}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{67D522E9-7974-46AC-815F-008139D64BEF}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe | 
"TCP Query User{68A137A9-697E-4C6F-A781-793A92741305}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"TCP Query User{6CE86AD9-BD4C-463F-AEA4-36FC47BEE32E}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"TCP Query User{788949C4-CA4A-43B1-8D44-0BC4D6737A95}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe | 
"TCP Query User{78ACA6CA-6B7C-43C9-8B4A-B03DFF789F71}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe | 
"TCP Query User{83F2A201-1D48-4BFC-96A5-7CCC48C1CFF0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8414516E-F39F-4631-A36B-8359A76A6AF6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{850B2120-1CD4-47C6-AD0E-135470562BE1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{980A777C-55AC-439C-8AEA-611A71CDEBD0}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"TCP Query User{AC1F2A58-42A9-4512-8DA6-CEDBA12AE0DB}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe | 
"TCP Query User{AE971C37-F7ED-4A5A-8D59-2DE6E453E33D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mar\appdata\local\temp\nero web\setupxu.exe | 
"TCP Query User{AF6E5B82-8158-4880-B5C4-EB06A2DBE9DD}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{B0A692B1-0536-4AC4-A0C3-4D9E9CAE0349}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{BA13BF34-64C0-4A78-AFDA-E32B79AE8A11}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{BEC285BB-AD85-4141-A60D-67A7D5B7F96D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{C0654B3D-FCDC-4ACB-8451-8B167D383266}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{C5096789-47D1-4E4F-B803-8142F2D41204}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C71FC0D2-E6AA-4A5F-9586-090817893E43}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{CAAFFB15-3F5D-4678-ABD4-E6EA4316E2DF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D175B165-9EB1-48D5-A34B-2E69C6577586}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D4CE7C15-D573-419B-A646-2023EFAC2875}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"TCP Query User{DF5CC906-C15E-42F3-9659-CEC8B734970C}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{E6DD3623-E393-4C92-80E4-248DCC276DC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F0EA31BE-CAF9-4B38-8E87-D45420980B36}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{07BF4AF4-32EA-47E2-A86E-345BE34E6C35}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe | 
"UDP Query User{0A2E0C1F-0138-4620-8E3A-4E3375B5E258}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"UDP Query User{0B4E9260-D9E2-4162-A034-83875A2AAAB8}C:\program files\capcom\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe | 
"UDP Query User{1235F594-3240-4732-8436-248411B1FFCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1997202B-BBBD-448A-947F-EB9457522124}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{2B02A798-D566-4C58-B820-6921894516DA}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{2B34300F-5461-44D3-898F-9391BD7E8A4D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{2DFDF9AF-6CF6-4EE8-A0A1-10BE9FBA1DF7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{2FD8F7D0-2062-43F9-A6B8-1E1CF58DA86B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{3341E114-D986-43C3-9EDF-1E9D308AFF00}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=17 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe | 
"UDP Query User{4200CA67-1133-4355-9713-15AEB70E7FCA}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{44B47E32-025E-4971-90A6-9C30EF66A438}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{46572F1D-3810-4534-93AB-35F262609643}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{527F03A4-6F10-4BB3-AEC8-802C775EE08F}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"UDP Query User{6041F239-4F55-43F9-9507-E078BC0C29A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{73C1F558-1EA1-42B9-B618-2070946B997D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{893CFED1-9D7B-415C-92C7-5206824F915B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{8B0400FB-41F0-4A86-9584-E73DF5AF4F0F}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"UDP Query User{8E385BE0-B6F3-41FA-8430-12A1EF41B1EC}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe | 
"UDP Query User{92576D25-1570-4BC1-8391-44FA86F3CE69}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{96DEA020-41DC-4B80-A9D0-58F4CA059C06}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe | 
"UDP Query User{9B9EF7C3-84E5-4960-B136-1EAFCE5B3BA2}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"UDP Query User{A66A4BB8-7085-470A-BE30-78565133E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{ADEC7F44-3BF3-4CD7-9CFD-A2D7275A2859}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{AECAA2E5-73DC-4209-BBF8-C5882D8F25ED}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"UDP Query User{B02A394E-A1B8-45FC-99C5-604EBF81B6F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B2F2A3E7-39D9-4E98-B33A-3A42BE3ADF25}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"UDP Query User{B676DFB3-32F0-4142-8D04-0C4C9A5541C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B965DF5D-E7C7-4E56-AF1B-C8CEAE7DFD77}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe | 
"UDP Query User{BBA1F888-DAE9-4EDB-881C-2F87744B7BF6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{BC4CC1CE-38DC-470C-8FF9-0CCC4AB6D246}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{BF9285D1-64D4-4B71-8C5A-A93B9DC09636}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{C6CC2BF8-D328-4E03-9AB7-2934F444DBA7}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{C77E5F34-406E-4D90-9B52-5DF5ECE7BA99}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{CC1612F6-4431-4B69-998F-50865710B0DD}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe | 
"UDP Query User{CD43C8C5-4C64-4612-8FBB-A560331DB0BE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{D63A4373-A5D3-46C3-9E63-BF6AC4780140}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe | 
"UDP Query User{DCB2A323-CA24-4C01-8294-21A09056C6B7}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"UDP Query User{E0B5C60E-DC56-482C-AE6E-E0262DCE15A1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E9DA1AED-E1F7-4968-B499-514331E5FE90}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"UDP Query User{FAD8FFC0-B8BB-46C3-91A4-683DA2BB69B1}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{FD20C98B-0EF6-4555-8F68-B87E050629D3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A0BD20-71D1-F60D-32DF-7A828187693B}" = ccc-utility
"{0332234E-09D1-4B74-A5F3-73E34BA29F5B}" = Nokia Software Updater
"{037D0596-043A-6CF0-7161-C1240590E3D4}" = CCC Help Norwegian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08633C60-680F-F32C-8C91-377EA7AE3CAD}" = Catalyst Control Center Graphics Full Existing
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F19E412-CA39-1DC9-409E-D20130E97CB5}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232579E4-B963-B742-9AEF-2A156C7F1012}" = HydraVision
"{24E42D00-A7B3-43B3-1831-E1D38BBE1C04}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{30909DAD-50D9-5C8F-E4EA-B6CD33219F8A}" = CCC Help Dutch
"{30BFA63D-EABB-1850-5E6F-39270E401FE9}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34DE4F36-3814-5CAD-9A61-DEFA6C908F9A}" = CCC Help English
"{3647638A-36CF-08B0-71A2-C9C382A396BA}" = CCC Help Hungarian
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41DA146B-1218-35C7-F9F7-1329BDA0FCEC}" = Catalyst Control Center Graphics Light
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{48C564CC-6269-1FAB-25FC-E77EC663A8EE}" = Catalyst Control Center Graphics Previews Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E3D3792-2AC8-5C3A-B47A-DC54901E685A}" = CCC Help Greek
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBA917A-ABA8-6D66-25CA-60C4479EB5B9}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F44A7EE-2D4F-3501-8959-96E5707B702D}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B43A22-9B36-11D7-9D9C-00105ABD2C6C}" = Ginger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C57DD90-6744-B038-04E7-5928217ACD29}" = CCC Help Chinese Standard
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E3F38F-E9CA-493C-A007-D8F351E9DAA7}" = Terminator 3 - War of the Machines
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76A52914-64CC-476B-BD58-2312D1A9AE10}" = WISO Mein Geld 2009 Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799821FD-51D2-8A54-04A0-E03C4BFDAB70}" = CCC Help Russian
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D66D425-0732-0503-681F-EF513C9EB035}" = CCC Help Czech
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DB3724-0BE3-A3FD-8401-53EA871F9381}" = CCC Help Finnish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9909B060-77BE-C0EB-498E-200439A609CF}" = Catalyst Control Center HydraVision Full
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BCC64BE-25AD-5872-1FB8-168586E5D1CF}" = CCC Help Spanish
"{9CFAA618-E4CA-C55E-402D-D305AFBC7F36}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6960F96-6CE5-DA95-5346-1BEF9A7E48C7}" = ATI Problem Report Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E3BB58-08F3-69A7-6DE1-46169A9E34C5}" = CCC Help Thai
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BA4993-89C9-938E-95B8-8DD533DBC2BD}" = CCC Help Chinese Traditional
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66BDC95-CE25-9E1F-71CA-D9C9A30FED99}" = Catalyst Control Center Graphics Previews Vista
"{B6B7482F-E56A-DB37-97BE-A85B000E9506}" = CCC Help Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E86EDB-77E7-E3A0-F0A3-73755A0DFF3B}" = ccc-core-static
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{B9B1B950-777B-26A1-226E-411B2AF23B26}" = CCC Help Korean
"{BBBDA721-8885-42CE-A16C-8BEE27D37EB3}" = AAVUpdateManager
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32C002C-ACD4-4AE6-F897-7B441E2402F0}" = CCC Help German
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E382FD08-7B09-EB40-9FDD-5C12898B3691}" = Catalyst Control Center Localization All
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB81FF05-AF5E-D3ED-E3DE-CA25489E95A0}" = Catalyst Control Center Core Implementation
"{EC89F553-763E-3851-97DF-3FBB47682E5A}" = CCC Help Swedish
"{ECD777F4-3C75-9227-0E71-8C321D99179E}" = CCC Help Danish
"{ECDA7753-B9EE-A492-DE40-96AFC181568C}" = ATI AVIVO Codecs
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F04090DB-1428-A054-768E-EFF969308578}" = Skins
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84377EE-38BE-EB21-B034-10742A180A26}" = CCC Help Italian
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"3D TippTrainer_is1" = 3D TippTrainer
"4StoryDE_is1" = 4Story 1.5
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" = 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"bayer04_is1" = Bayer04 Publisher 2.1.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.3.1
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Fotoservice" = Fotoservice
"FT7195" = USB FLYING STICK
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Imperium Romanum" = Imperium Romanum 1.03
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"LetsTrade" = LetsTrade Komponenten
"Lidl-Fotos_is1" = Lidl-Fotos
"Lollipop Mathe 3" = Lollipop Mathe 3
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.3.1 (D)
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = eBay.de - Skype 3.0
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.41
"Ultimate Motorcross" = Ultimate Motorcross 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2008 16:37:21 | Computer Name = Mark-PC | Source = VSS | ID = 8194
Description = 
 
Error - 27.11.2008 16:38:34 | Computer Name = Mark-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 29.11.2008 07:46:08 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel
 0x47918f11, fehlerhaftes Modul SwMenu.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x48998217, Ausnahmecode 0xc0000005, Fehleroffset 0x6c102d0d,  Prozess-ID 0x13b8,
 Anwendungsstartzeit 01c9521573238dfd.
 
Error - 30.11.2008 07:01:51 | Computer Name = Mark-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 30.11.2008 07:10:25 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00038922,  Prozess-ID 0x113c, Anwendungsstartzeit
 01c952da7381ccb4.
 
Error - 30.11.2008 07:42:37 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18000, Zeitstempel
 0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00038922,  Prozess-ID 0xd70, Anwendungsstartzeit
 01c952dd30583946.
 
Error - 04.12.2008 11:27:07 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
 0x46c8972e, fehlerhaftes Modul Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
 0x46c8972e, Ausnahmecode 0xc0000005, Fehleroffset 0x0010520e,  Prozess-ID 0x1780,
 Anwendungsstartzeit 01c9562354f0118d.
 
Error - 05.12.2008 13:29:57 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm Settlers6Demo.exe, Version 1.0.3006.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 15fc  Anfangszeit: 01c95624c95e62d5  Zeitpunkt
 der Beendigung: 106
 
Error - 08.12.2008 17:17:01 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.12.2008 02:45:05 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm _INS5576._MP, Version 5.53.168.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 15c0  Anfangszeit: 01c95c24c1d91464  Zeitpunkt der
 Beendigung: 0
 
[ Media Center Events ]
Error - 20.05.2007 14:10:39 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2007 20:10:39
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 13.06.2007 04:02:35 | Computer Name = Mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
 
Error - 05.08.2007 12:40:29 | Computer Name = Mark-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:08
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:09
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.04.2008 06:49:00 | Computer Name = Mark-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 20.10.2009 15:07:13 | Computer Name = Mark-PC | Source = ehRecvr | ID = 3
Description = 
 
[ System Events ]
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 26.06.2010 08:09:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.06.2010 08:54:10 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 27.06.2010 02:16:59 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.06.2010 02:19:20 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27.06.2010 03:38:12 | Computer Name = Mark-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.06.2010 03:41:23 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.06.2010 03:41:23 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.06.2010 03:41:26 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

Alt 27.06.2010, 20:20   #5
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.06.2010, 21:24   #6
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo Daniel,

ich hatte sofort das Logfile als ich wieder am Rechner war.
Grüße
Mark
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-06-27.02 - Mark 27.06.2010  20:51:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.2046.1095 [GMT 2:00]
ausgeführt von:: c:\users\Mark\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFRE2F9.tmp

.
(((((((((((((((((((((((   Dateien erstellt von 2010-05-27 bis 2010-06-27  ))))))))))))))))))))))))))))))
.

2010-06-27 19:02 . 2010-06-27 19:03	--------	d-----w-	c:\users\Mark\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02	--------	d-----w-	c:\users\Nik-PC\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02	--------	d-----w-	c:\users\Nik\AppData\Local\temp
2010-06-27 19:02 . 2010-06-27 19:02	--------	d-----w-	c:\users\Claudia\AppData\Local\temp
2010-06-27 06:22 . 2010-06-27 06:22	--------	d-----w-	c:\program files\iPod
2010-06-27 06:16 . 2010-06-27 06:16	--------	d-----w-	c:\program files\Bonjour
2010-06-27 06:14 . 2010-06-27 06:14	72504	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-27 06:13 . 2010-06-27 06:13	--------	d-----w-	c:\program files\Safari
2010-06-27 06:11 . 2010-06-27 06:11	71992	----a-w-	c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-27 04:14 . 2010-06-27 06:05	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-06-27 04:14 . 2010-06-27 04:15	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-06-26 17:37 . 2010-06-26 17:38	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-06-26 12:04 . 2009-11-08 08:55	99176	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2010-06-26 12:04 . 2009-11-08 08:55	49472	----a-w-	c:\windows\system32\netfxperf.dll
2010-06-26 12:04 . 2009-11-08 08:55	297808	----a-w-	c:\windows\system32\mscoree.dll
2010-06-26 12:04 . 2009-11-08 08:55	295264	----a-w-	c:\windows\system32\PresentationHost.exe
2010-06-26 12:04 . 2009-11-08 08:55	1130824	----a-w-	c:\windows\system32\dfshim.dll
2010-06-26 11:49 . 2010-04-16 16:43	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-06-26 11:49 . 2010-04-16 14:39	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 15:56 . 2010-06-19 10:49	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-06-19 10:50 . 2010-06-19 10:49	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-06-19 10:45 . 2010-06-19 10:45	--------	dc-h--w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-19 10:45 . 2010-02-04 15:53	2954656	-c--a-w-	c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-06-19 08:48 . 2010-06-19 08:48	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 08:24 . 2010-06-19 08:24	--------	d-----w-	c:\program files\CodeStuff
2010-06-15 10:21 . 2010-06-15 10:21	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-27 18:54 . 2006-11-02 15:33	638510	----a-w-	c:\windows\system32\perfh007.dat
2010-06-27 18:54 . 2006-11-02 15:33	130462	----a-w-	c:\windows\system32\perfc007.dat
2010-06-27 17:17 . 2010-06-27 17:17	0	----a-w-	c:\windows\SCARDSRV.TMP
2010-06-27 07:58 . 2007-08-24 17:41	--------	d-----w-	c:\users\Mark\AppData\Roaming\Apple Computer
2010-06-27 06:23 . 2009-12-23 14:01	--------	d-----w-	c:\program files\iTunes
2010-06-27 06:22 . 2009-04-25 11:29	--------	d-----w-	c:\program files\Common Files\Apple
2010-06-26 13:06 . 2007-02-10 14:03	--------	d-----w-	c:\program files\Microsoft.NET
2010-06-19 10:45 . 2008-04-24 19:07	--------	d-----w-	c:\program files\Lavasoft
2010-06-19 10:45 . 2008-04-24 19:07	--------	d-----w-	c:\programdata\Lavasoft
2010-06-19 08:44 . 2008-02-20 19:52	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-06-14 13:25 . 2007-05-06 18:31	--------	d-----w-	c:\users\Mark\AppData\Roaming\Skype
2010-06-14 06:09 . 2009-10-27 14:34	--------	d-----w-	c:\users\Mark\AppData\Roaming\skypePM
2010-06-10 19:20 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-06-10 17:26 . 2007-02-10 14:01	--------	d-----w-	c:\programdata\Microsoft Help
2010-06-05 06:39 . 2010-01-13 17:34	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-06-03 08:59 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Microsoft Games
2010-06-01 18:36 . 2009-11-27 20:48	--------	d-----w-	c:\programdata\Norton
2010-06-01 18:36 . 2009-11-27 20:48	--------	d-----w-	c:\programdata\Symantec
2010-06-01 18:35 . 2009-11-27 20:50	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-05-28 17:26 . 2008-02-09 01:21	--------	d-----w-	c:\users\Mark\AppData\Roaming\Uxfov
2010-05-26 20:46 . 2009-10-30 00:46	--------	d-----w-	c:\users\Mark\AppData\Roaming\Teup
2010-05-26 19:57 . 2010-01-13 17:33	--------	d-----w-	c:\program files\Microsoft
2010-05-26 17:06 . 2010-06-10 10:15	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 10:15	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-21 12:14 . 2009-10-02 17:46	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-20 15:33 . 2010-05-20 15:33	--------	d-----r-	c:\users\Mark\AppData\Roaming\Brother
2010-05-18 16:53 . 2010-05-14 16:21	--------	d-----w-	c:\users\Mark\AppData\Roaming\ICQ
2010-05-18 16:26 . 2010-05-14 16:21	--------	d-----w-	c:\program files\ICQ7.1
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-14 17:05 . 2010-05-14 17:05	--------	d-----w-	c:\program files\Windows Live
2010-05-14 17:05 . 2010-05-14 17:05	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-05-14 16:21 . 2010-05-14 16:21	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-05-14 16:21 . 2010-05-14 16:21	--------	d-----w-	c:\programdata\ICQ
2010-05-14 16:21 . 2007-02-09 13:24	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-13 19:20 . 2008-11-30 15:45	--------	d-----w-	c:\programdata\PC Suite
2010-05-06 16:22 . 2010-05-06 16:22	--------	d-----w-	c:\users\Nik.Mark-PC\AppData\Roaming\Apple Computer
2010-05-05 12:48 . 2007-05-06 17:46	2032	----a-w-	c:\users\Mark\AppData\Local\d3d9caps.dat
2010-05-04 05:59 . 2010-06-10 10:15	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 10:15	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 10:15	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 10:15	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 10:15	2037248	----a-w-	c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 05:12	2048	----a-w-	c:\windows\system32\tzres.dll
2010-04-19 18:47 . 2010-04-19 18:47	3062048	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-04-19 18:47 . 2010-04-19 18:47	41984	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-04-16 20:12 . 2010-04-16 20:12	48464	----a-w-	c:\windows\system32\sirenacm.dll
2010-04-16 16:43 . 2010-06-26 11:49	173056	----a-w-	c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-26 11:49	458752	----a-w-	c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-26 11:49	542720	----a-w-	c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-26 11:49	2159616	----a-w-	c:\windows\AppPatch\AcGenral.dll
2010-04-09 18:12 . 2010-04-09 18:12	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbA064.tmp.exe
2010-04-05 17:01 . 2010-06-10 10:15	67072	----a-w-	c:\windows\system32\asycfilt.dll
2010-01-09 17:54 . 2010-01-09 17:54	75	--sh--r-	c:\windows\CT5SEET.BIN
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 4186112]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-14 98304]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-11 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Mark^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-12 19:46	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a2,c3,ab,a7,c6,22,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 135664]
R2 TF0801;WIRELESS USB Filter Driver;c:\windows\system32\DRIVERS\TF0801.sys [2006-08-28 4352]
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-01-08 1136600]
R3 CHIPDRIVE USB SmartCardReader;CHIPDRIVE USB SmartCardReader;c:\windows\system32\DRIVERS\TwkUsb2K.sys [2005-09-19 35275]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-02-20 13352]
R3 GWHid;VL807 Hidmini driver;c:\windows\system32\DRIVERS\GWHid.sys [2008-10-31 18992]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 TWKPNP;CHIPDRIVE Plug and Play driver;c:\windows\system32\DRIVERS\TWKPNP.SYS [2003-04-30 5550]
R3 TWKSER2K;CHIPDRIVE Serial SmartCardReader;c:\windows\system32\DRIVERS\TWKSER2K.sys [2004-08-25 185611]
R3 VL807;VL807 Filter;c:\windows\system32\DRIVERS\VL807.sys [2008-10-31 27184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2007-10-03 639224]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-19 64288]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S0 TwkMs;CHIPDRIVE Maus Adapter; [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-14 172032]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-06-19 1352832]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 srvcPVR;Sceneo PVR Service;c:\program files\Sceneo\Bonavista\Services\PVR\PVRService.exe [2007-02-23 1509888]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2007-02-08 299093]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe [2007-02-08 127059]
S2 TwkPCSC;CHIPDRIVE PC/SC Drivers; [x]
S2 TWKSCARDSRV;CHIPDRIVE SCARD Service;c:\windows\SCARDS32.EXE [2003-04-30 264192]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-12-02 42368]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-05-11 329728]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 10:49]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 20:12]

2010-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-09 20:12]

2010-06-27 c:\windows\Tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.arcor.de/
uInternet Settings,ProxyOverride = <local>;*.local
IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-1170-17534-1/4
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab
DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} - hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-FT7195 - c:\program files\FT7195\uninst.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\NVUNINST.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-27 21:03
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys acpi.sys hal.dll >>UNKNOWN [0x86A10BF8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x891cdd24
\Driver\ACPI -> acpi.sys @ 0x8069fd68
\Driver\atapi -> 0x86a10bf8
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-06-27  21:06:39
ComboFix-quarantined-files.txt  2010-06-27 19:06

Vor Suchlauf: 20 Verzeichnis(se), 44.157.059.072 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 43.951.484.928 Bytes frei

- - End Of File - - 9B04DBA50575BD3B35099C4EF3F79FD0
         
--- --- ---

Alt 27.06.2010, 21:28   #7
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
  • Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button "ESET Online Scanner" drücken.
  • Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
  • Das Firefox-Addon auf dem Desktop speichern und dann installieren.
  • IE-User müssen das Installieren eines ActiveX Elements erlauben.
  • Einen Haken bei "Remove found threads" und "Scan archives" machen.
  • Start drücken.
  • Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
  • IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
  • O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)


Schritt 2

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in Deiner nächsten Antwort
ESET Log
OTL.txt
Extras.txt
Berichte wie der Rechner läuft
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.06.2010, 17:49   #8
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo Daniel,

der ESTl hatte bis in die Nacht hinein gescannt. Heute morgen hab ich dann die Logfiles gemacht, bin zur Arbeit und nun wieder am PC.
Hier die gewünschten Log Files, wieder gesplittet, wegen der Größe

Grüße Mark

Zuerst der OTL

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.06.2010 04:38:39 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 40,74 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
 
Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2010.06.19 12:49:24 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.09.10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.14 04:15:56 | 000,356,352 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 08:27:58 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 00:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.02.19 00:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.05.12 21:46:38 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe
PRC - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
PRC - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) -- C:\Windows\SCARDS32.EXE
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 19:20:03 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
MOD - [2009.11.27 19:42:58 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.02.19 00:31:16 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.19 12:49:23 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.14 04:15:28 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.05 21:19:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.02.19 00:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.24 15:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.02.23 12:17:50 | 001,509,888 | ---- | M] (Buhl Data Service GmbH) [Auto | Running] -- C:\Program Files\Sceneo\Bonavista\Services\PVR\pvrservice.exe -- (srvcPVR)
SRV - [2007.02.08 20:14:26 | 000,299,093 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2007.02.08 20:14:26 | 000,127,059 | ---- | M] () [Auto | Running] -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.02 03:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)
SRV - [2003.04.30 02:14:00 | 000,264,192 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\Windows\SCARDS32.EXE -- (TWKSCARDSRV)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (catchme)
DRV - [2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.12.07 22:32:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009.12.02 15:23:40 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009.08.14 06:29:28 | 005,172,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009.07.19 11:28:31 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.19 11:28:31 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.27 16:37:01 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008.12.18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.12.18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.12.18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.12.16 16:48:40 | 000,021,144 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2008.12.16 16:47:00 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2008.10.31 09:11:02 | 000,027,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VL807.sys -- (VL807)
DRV - [2008.10.31 09:11:02 | 000,018,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GWHid.sys -- (GWHid)
DRV - [2008.10.23 19:50:01 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2008.09.17 09:55:00 | 007,379,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.30 07:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.02.20 21:42:36 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2008.02.20 21:42:36 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008.01.19 07:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008.01.19 07:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008.01.19 07:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007.10.03 20:55:38 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.05.17 09:45:51 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2007.05.17 09:45:50 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2007.05.17 09:45:49 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2007.05.17 09:45:49 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2007.05.11 17:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007.04.11 16:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007.04.11 16:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007.04.11 16:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.04.03 11:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2007.01.08 19:43:40 | 001,136,600 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2006.12.01 14:38:58 | 001,655,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.08.28 15:48:46 | 000,004,352 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\TF0801.sys -- (TF0801)
DRV - [2006.08.11 15:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.09.19 03:07:00 | 000,035,275 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TwkUsb2K.sys -- (CHIPDRIVE USB SmartCardReader)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.08.25 15:06:00 | 000,185,611 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKSER2K.sys -- (TWKSER2K)
DRV - [2003.04.30 02:14:00 | 000,011,676 | ---- | M] (Towitoko AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TWKPCSC.SYS -- (TwkPCSC)
DRV - [2003.04.30 02:14:00 | 000,005,550 | ---- | M] (Towitoko AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TWKPNP.SYS -- (TWKPNP)
DRV - [2003.04.30 02:14:00 | 000,004,828 | ---- | M] (Towitoko AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TWKMS.SYS -- (TwkMs)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.0.3
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.18 22:48:23 | 000,000,000 | ---D | M]
 
[2010.05.08 16:32:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2010.05.08 18:24:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions
[2010.05.08 16:34:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.08 18:22:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\fastYoutubeDownloader@yevgenyandrov.net
[2010.05.08 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\pagehacker-nico@nc
[2010.05.08 18:24:00 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\a6mz7ae3.default\extensions\smarterwiki@wikiatic.com
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\FireFox\Profiles\a6mz7ae3.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2010.06.27 21:03:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/jordan-canvasx.cab (JordanUploader Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} hxxp://aolsvc.aol.com/onlinegames/free-trial-astro-avenger-ii/AstroAvenger2Loader.cab (AstroAvengerLoader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.27 21:06:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.06.27 21:06:41 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\temp
[2010.06.27 20:36:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.06.27 20:36:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.06.27 20:36:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.06.27 20:34:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.27 20:30:27 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.06.27 20:29:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.27 20:29:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.06.27 08:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.27 08:16:33 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.27 08:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010.06.27 08:12:02 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.27 06:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.06.26 19:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.06.26 14:04:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.26 14:04:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.26 14:04:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.26 13:49:07 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.06.26 13:49:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.06.19 12:50:00 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.19 12:45:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.19 10:48:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.06.19 10:42:32 | 097,364,760 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe
[2010.06.19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2010.06.10 12:15:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.10 12:15:24 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.10 12:15:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.10 12:15:15 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.10 12:15:15 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.10 12:15:15 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.10 12:15:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.10 12:15:15 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.10 12:15:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.10 12:15:15 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.10 12:15:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.10 12:15:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.10 12:15:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.10 12:15:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.10 12:15:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.10 12:15:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.10 12:15:15 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.10 12:15:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.10 12:15:13 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.28 04:41:51 | 004,718,592 | -HS- | M] () -- C:\Users\Mark\ntuser.dat
[2010.06.28 04:40:59 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F1A883CC-8CB1-4FC9-AFF7-A13F8DC58013}.job
[2010.06.28 04:33:24 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.06.28 04:26:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.28 04:24:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.28 02:46:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.28 02:46:39 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 21:03:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.06.27 21:03:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.27 20:54:04 | 001,472,290 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.27 20:54:04 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.27 20:54:04 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.27 20:54:04 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.27 20:54:04 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.27 20:48:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 20:47:29 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.06.27 20:46:48 | 000,000,328 | ---- | M] () -- C:\Windows\scardsrv.ini
[2010.06.27 20:46:45 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.06.27 20:46:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 20:46:24 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.27 20:45:11 | 000,524,288 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 20:45:11 | 000,065,536 | -HS- | M] () -- C:\Users\Mark\ntuser.dat{b12478a5-4b05-11df-8729-00038a000015}.TM.blf
[2010.06.27 20:31:10 | 006,291,456 | -H-- | M] () -- C:\Users\Mark\AppData\Local\IconCache.db
[2010.06.27 20:25:46 | 003,721,631 | R--- | M] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2010.06.27 10:23:53 | 000,012,466 | ---- | M] () -- C:\Users\Mark\Documents\hijackthis2
[2010.06.27 08:23:57 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.27 08:13:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.27 06:15:37 | 000,001,019 | ---- | M] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2010.06.27 06:15:33 | 000,126,464 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 19:37:56 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.19 12:49:54 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.06.19 12:49:34 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.19 12:45:50 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 11:25:08 | 000,031,858 | ---- | M] () -- C:\Users\Mark\Documents\cc_20100619_112435.reg
[2010.06.19 10:48:46 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.06.19 10:42:37 | 097,364,760 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Mark\Desktop\Ad-AwareInstaller.exe
[2010.06.19 10:24:08 | 000,001,828 | ---- | M] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk
[2010.06.19 10:23:34 | 000,680,340 | ---- | M] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip
[2010.06.18 15:45:59 | 006,049,493 | ---- | M] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3
[2010.06.18 15:41:35 | 004,910,972 | ---- | M] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3
[2010.06.18 15:38:04 | 003,998,149 | ---- | M] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.10 21:23:15 | 000,419,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.09 20:58:49 | 000,021,478 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx
[2010.06.02 20:43:27 | 000,036,864 | ---- | M] () -- C:\Users\Mark\Documents\Trainingsplan Apr. 10.xls
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.27 20:36:24 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.06.27 20:36:23 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.06.27 20:36:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.06.27 20:36:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.06.27 20:36:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.06.27 20:35:08 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.06.27 20:25:38 | 003,721,631 | R--- | C] () -- C:\Users\Mark\Desktop\ComboFix.exe
[2010.06.27 10:23:53 | 000,012,466 | ---- | C] () -- C:\Users\Mark\Documents\hijackthis2
[2010.06.27 08:23:57 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.27 08:13:20 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.06.27 06:15:37 | 000,001,019 | ---- | C] () -- C:\Users\Mark\Desktop\Spybot - Search & Destroy.lnk
[2010.06.26 19:37:56 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.19 17:56:29 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.06.19 12:45:50 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 11:24:40 | 000,031,858 | ---- | C] () -- C:\Users\MarkDocuments\cc_20100619_112435.reg
[2010.06.19 10:24:08 | 000,001,828 | ---- | C] () -- C:\Users\Mark\Desktop\CodeStuff Starter.lnk
[2010.06.19 10:23:32 | 000,680,340 | ---- | C] () -- C:\Users\Mark\Desktop\StarterSetup5629.zip
[2010.06.18 15:45:59 | 006,049,493 | ---- | C] () -- C:\Users\Mark\Desktop\K'naan - Wavin flag (WM 2010).mp3
[2010.06.18 15:41:35 | 004,910,972 | ---- | C] () -- C:\Users\Mark\Desktop\Shakira - waka waka.mp3
[2010.06.18 15:38:04 | 003,998,149 | ---- | C] () -- C:\Users\Mark\Desktop\Bushido feat. Kay One - Fackeln im Wind.mp3
[2010.06.02 20:43:56 | 000,021,478 | ---- | C] () -- C:\Users\Mark\Documents\Trainingsplan Juni. 10.xlsx
[2010.02.27 11:03:57 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.02.27 11:03:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.27 10:55:24 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.01.30 11:12:55 | 000,004,352 | ---- | C] () -- C:\Windows\System32\drivers\TF0801.sys
[2009.12.07 18:26:12 | 000,000,020 | ---- | C] () -- C:\Windows\TTN.INI
[2009.08.18 20:47:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.07 15:46:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.07.07 15:46:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.08 08:22:19 | 000,027,184 | ---- | C] () -- C:\Windows\System32\drivers\VL807.sys
[2009.02.08 08:21:53 | 000,064,048 | ---- | C] () -- C:\Windows\System32\Hidhlp.dll
[2009.02.08 08:21:53 | 000,055,856 | ---- | C] () -- C:\Windows\System32\iFT7195.dll
[2009.02.05 19:06:55 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.12.12 08:43:43 | 000,000,160 | ---- | C] () -- C:\Windows\asrapi.ini
[2008.12.12 08:43:03 | 000,081,920 | ---- | C] () -- C:\Windows\asr3232.dll
[2008.10.15 19:30:20 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.10.15 19:30:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.10.10 20:50:02 | 000,000,065 | ---- | C] () -- C:\Windows\WININIT.INI
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008.05.07 21:04:51 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008.05.07 21:04:51 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008.05.07 21:04:51 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007.05.26 15:51:54 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.05.26 15:51:51 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.05.14 20:58:55 | 000,000,015 | ---- | C] () -- C:\Windows\PUST2.ini
[2007.05.08 18:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\TCLOG.INI
[2007.05.07 18:16:07 | 000,000,328 | ---- | C] () -- C:\Windows\scardsrv.ini
[2007.05.06 20:46:01 | 000,000,610 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2007.02.26 18:14:35 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll
[2007.02.26 18:14:35 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2007.02.10 17:17:37 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.02.09 16:43:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.02.09 15:12:31 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.09.20 08:34:10 | 000,000,114 | ---- | C] () -- C:\Windows\Buhl.ini
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:661DFA1C
< End of report >
         
--- --- ---

Alt 28.06.2010, 17:51   #9
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hier der OTL Extra und im Anschluss der ESeTLog

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.06.2010 04:38:39 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Mark\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269,41 Gb Total Space | 40,74 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Drive D: | 28,67 Gb Total Space | 21,27 Gb Free Space | 74,21% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 246,71 Mb Total Space | 118,01 Mb Free Space | 47,83% Space Free | Partition Type: FAT
 
Computer Name: MARK-PC
Current User Name: Mark
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CBC1B0-79AC-4AD3-A546-A2E33C6B7609}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{0D198F02-52ED-4ECC-B7C6-BF51E2D0424F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{1B5690D5-33F9-4D79-B127-8F5E871701B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{1E87AEBB-E3B0-46C5-8B0F-F17B67BA8ED1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1FFEE479-4F84-4CFC-82EF-578E116FFAF9}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{22A575F3-07B6-484E-B219-96D22F0DE313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{26A5DF50-0C4A-43D7-9E34-0328CE3F9526}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{2C536B09-3AAE-4EFD-8D03-ED11C149B7CA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{355CA782-D708-4BB8-A02F-FFB99A507F15}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{38838B88-7BF8-4376-B5BE-567D8BA2802E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D488C39-EF67-4851-898F-49F5169E2D2F}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{3D78703F-8268-4A05-B37A-D939BD562B02}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4E0FEF2E-EDB2-42FE-B8D6-A7E80756C5D6}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{4F4A14F3-47C9-47F8-86A2-14681C73B9C6}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{4F65B46D-5880-49FB-A262-37A18E261E5E}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{5BD1BDDD-834F-41C4-81F1-CBC7A01A4B77}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{5DDECE78-67C0-4E0E-BB9B-7FA20CDE1E10}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{60F91A31-DEB3-48DA-8B5E-2BF65C50DB60}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{740A023A-2160-4ABC-A2C6-4D8B48290AC3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78D5BCB7-79C7-4F93-BDE1-B49C3DFCF4F0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{7F78B9DD-8FD0-4C51-806D-59793DD5F658}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{88AE2DB5-9522-47A8-BBFB-D7DDF7D4F4C0}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{897C0FE8-6576-4B20-98D8-00D8AB4BEAEB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{930ED437-D85D-4034-9966-D47DAAE73AB5}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{99D12D0E-03B3-4737-B324-7D252F4B5722}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{B3DF2580-F75C-46C5-9F0E-4EF59A5395B9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{B67A5FD6-2DE2-4ADA-ABC8-911AFB9797F2}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{CADABE61-8DA2-46A7-A7E0-2D9AC1D71351}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{E79255F1-9522-43DC-A80A-00F7204257EC}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EAA8B625-7FFB-48CE-BCC3-142F0BBCAF25}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C56ADE-2E8D-4D07-BA0C-09FD401E032E}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{08C77F3C-B232-4A59-9377-6BC3F42CE7A0}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{0B41292A-BFC4-4DBA-91A9-8E6098293177}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{1190C1CA-7AED-4D29-85D4-AADC1F0D1C81}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{11E99C04-B017-438E-ABA3-D1700862C423}" = dir=in | app=c:\program files\home cinema\makedisc\makedisc.exe | 
"{1317EA3D-E0A5-4F02-A477-A351853008AA}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{14E00577-7BD1-49EB-AFD3-D287F765BC5F}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{17E02DF2-83C2-4E1C-B6DF-E490B5137D73}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | 
"{1D9C9E28-CF47-4C85-B483-8C83D7DE1992}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{28A74334-DE56-4DEE-89C4-BC633EF1E47D}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{29DA5EAC-E00B-473C-B77F-757E5EF88BBF}" = dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{2B7994E2-76D4-4A7D-A115-C1271337C6E3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{2C11ACCD-BE42-4F8C-9EE5-E2C7DAC1703E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{2EBCDF1C-D9ED-47B4-86AC-2E642ABDD10D}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{33EBF189-2B7A-4302-9A32-2F669B7CD033}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{368BC80A-7010-4BE8-BB43-0064CFE9C16A}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{3824DAAB-3471-42E7-ABA0-48968FAB9996}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{42FF3394-75B6-4A8A-AA67-4A1800F4EFB1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{4664A922-B9BA-4960-9546-654DD0D51B57}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{47F784DE-8962-48F2-871D-04825AAF38CC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{4A88DA37-B671-4F32-A70F-E0FA452E69A9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe | 
"{4B711CE7-1494-4505-A991-65F984B0A007}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{4BFA13AC-40F1-41B1-963C-81A479DE31B9}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{516F2D29-1E65-4A77-9DFF-CA76A98F16E1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{56709FD9-65B4-444E-9D68-4470A2DED044}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{586F126F-7F84-44ED-8A8E-BBB99E887229}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{59C73435-0CAB-4740-A966-53BC16221577}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59F990E5-81DD-498A-A391-18780015D87D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{691B8BE3-9BC3-4330-B313-5DC578250DED}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"{69B4337B-16AF-45D3-BACC-226821A02D68}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{6C2ADBE1-81DD-4DE6-BB68-AC359D18D6A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{6E6F63A9-9C6F-48CC-9814-EA6E7C485721}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{6F31C600-719B-48DC-8D2E-AB3F317FECAE}" = dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{75F58A64-047F-408B-A3D1-93BD279C184C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{78C8811E-F6DF-4F57-ACF5-9C2050CD17AF}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{79980D05-554A-45E2-A03E-FD2261CA090F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{8BEFE9AA-39AF-4AD1-B99F-7664B47413D2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{91FE0556-A73E-49A7-A5EE-A04B18A0DDC8}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B2E95EE-00CA-428E-90F0-F59D7803FE93}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{A9B6FEDC-05B8-414F-AA31-9084CC001A99}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{AC775A12-FF52-4C0C-A83A-639755D94218}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B28D1979-7475-490D-8175-573C4CAF935A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{B513CCCE-2EC1-449C-B8C3-287651017C7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B7B6D999-7F54-4FA3-B866-1CAD27B76F9E}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | 
"{B870B9B8-AE5C-4F76-AD1D-3192AA8BA994}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{B98FF62E-ED00-468F-8F88-ED3B5EC5C95A}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{BB2FBDFB-DCC2-489C-AAA7-A9FE418D4D02}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC61D0DA-A3A8-4C60-BF16-CEE64E4C111D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{BF12935C-E1BA-4B49-B9E3-AA13EF2979EB}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{C9DC6B03-22A0-45AD-8EB3-F0E2B70E8B1A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"{CA044B58-2BB9-4BC4-B272-256C7432D426}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CADAFD28-5210-425E-8542-DBA9E768A7E1}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | 
"{CE63222C-6E80-45DF-BEE9-FB270889A597}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | 
"{CF6B80F9-0737-423A-B854-9BBCCC2C3E79}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{DAA853F0-DA7C-4017-A27A-D4AAF1527068}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1192965770\ee\aolsoftware.exe | 
"{DD889D98-2E7C-4E1F-810E-9F5A1912A770}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{E55A7624-6129-4BCC-B3D6-F3453272E62E}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{E584CCC2-2EA6-445C-805D-1ECA275C3364}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{EFED6540-E96C-4F1F-AC19-3A4B45E795B9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{F5DFBBCD-B201-4E91-A961-D6DC4AF2AE73}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{FC248F42-B34E-48D6-831F-4AC7E76E9A59}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | 
"TCP Query User{00976E33-A593-4F88-A7CB-F4FD148CC3A9}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"TCP Query User{02049D0A-0594-4493-BFD1-00CA59F1C8A4}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{162C956A-1D30-4758-BCC6-A585CDE2AA01}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe | 
"TCP Query User{1C03DC42-2A82-49D5-A51A-3A4A72A4C835}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{1D24D467-0755-4027-9028-FDC27627B470}C:\program files\capcom\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe | 
"TCP Query User{20CE3137-20CD-4043-AA1F-FFC83F9FF1D8}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=6 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe | 
"TCP Query User{23423AF3-15F9-4E6A-BCE2-1ED4AF0CD535}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{2A491597-1C4B-413F-8744-02FC0920F4FE}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"TCP Query User{2A63B7BE-9F78-4BFA-969A-6100BB266F4D}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe | 
"TCP Query User{34149E9A-D625-48BF-8C95-2F711A9656FE}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"TCP Query User{3537AEC0-4946-4BE8-A9C6-7C0B06BE1064}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"TCP Query User{36F525F1-D0BC-4080-9E07-BC9F5440170B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{3895D241-4CF6-4C1C-92A7-2921139C152E}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"TCP Query User{44B1DF90-5A7B-4392-8CBF-58A0B6863E6E}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{48600E56-F316-4DEB-BC5B-EDB402004D11}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"TCP Query User{4977C400-8FC6-48A4-9EDA-2DC65D4317D8}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{592F564B-90CE-4F63-B95E-F7DAE2D7A223}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{65E4F729-5176-48FD-96B8-E90C3F818A5B}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{67D522E9-7974-46AC-815F-008139D64BEF}C:\program files\gamespy\comrade\comrade.exe" = protocol=6 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe | 
"TCP Query User{68A137A9-697E-4C6F-A781-793A92741305}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=6 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"TCP Query User{6CE86AD9-BD4C-463F-AEA4-36FC47BEE32E}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=6 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"TCP Query User{788949C4-CA4A-43B1-8D44-0BC4D6737A95}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe | 
"TCP Query User{78ACA6CA-6B7C-43C9-8B4A-B03DFF789F71}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe | 
"TCP Query User{83F2A201-1D48-4BFC-96A5-7CCC48C1CFF0}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8414516E-F39F-4631-A36B-8359A76A6AF6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{850B2120-1CD4-47C6-AD0E-135470562BE1}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"TCP Query User{980A777C-55AC-439C-8AEA-611A71CDEBD0}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=6 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"TCP Query User{AC1F2A58-42A9-4512-8DA6-CEDBA12AE0DB}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=6 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe | 
"TCP Query User{AE971C37-F7ED-4A5A-8D59-2DE6E453E33D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"TCP Query User{AF6E5B82-8158-4880-B5C4-EB06A2DBE9DD}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"TCP Query User{B0A692B1-0536-4AC4-A0C3-4D9E9CAE0349}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{BA13BF34-64C0-4A78-AFDA-E32B79AE8A11}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"TCP Query User{BEC285BB-AD85-4141-A60D-67A7D5B7F96D}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{C0654B3D-FCDC-4ACB-8451-8B167D383266}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{C5096789-47D1-4E4F-B803-8142F2D41204}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C71FC0D2-E6AA-4A5F-9586-090817893E43}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{CAAFFB15-3F5D-4678-ABD4-E6EA4316E2DF}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{D175B165-9EB1-48D5-A34B-2E69C6577586}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D4CE7C15-D573-419B-A646-2023EFAC2875}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"TCP Query User{DF5CC906-C15E-42F3-9659-CEC8B734970C}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"TCP Query User{E6DD3623-E393-4C92-80E4-248DCC276DC0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F0EA31BE-CAF9-4B38-8E87-D45420980B36}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{07BF4AF4-32EA-47E2-A86E-345BE34E6C35}C:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\users\mark\downloads\lostplanettrialdx9patch\lost_planet_trial_dx9\lostplanetdx9.exe | 
"UDP Query User{0A2E0C1F-0138-4620-8E3A-4E3375B5E258}C:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe | 
"UDP Query User{0B4E9260-D9E2-4162-A034-83875A2AAAB8}C:\program files\capcom\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lostplanetdx9.exe | 
"UDP Query User{1235F594-3240-4732-8436-248411B1FFCE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1997202B-BBBD-448A-947F-EB9457522124}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{2B02A798-D566-4C58-B820-6921894516DA}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{2B34300F-5461-44D3-898F-9391BD7E8A4D}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{2DFDF9AF-6CF6-4EE8-A0A1-10BE9FBA1DF7}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{2FD8F7D0-2062-43F9-A6B8-1E1CF58DA86B}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{3341E114-D986-43C3-9EDF-1E9D308AFF00}C:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe" = protocol=17 | dir=in | app=c:\program files\games für zwischendurch\ultimate motorcross\ultimate motorcross.exe | 
"UDP Query User{4200CA67-1133-4355-9713-15AEB70E7FCA}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{44B47E32-025E-4971-90A6-9C30EF66A438}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{46572F1D-3810-4534-93AB-35F262609643}C:\program files\nokia\nokia software updater\nsu_ui_client.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia software updater\nsu_ui_client.exe | 
"UDP Query User{527F03A4-6F10-4BB3-AEC8-802C775EE08F}C:\program files\konami\pro evolution soccer 2008\pes2008.exe" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2008\pes2008.exe | 
"UDP Query User{6041F239-4F55-43F9-9507-E078BC0C29A9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{73C1F558-1EA1-42B9-B618-2070946B997D}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{893CFED1-9D7B-415C-92C7-5206824F915B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{8B0400FB-41F0-4A86-9584-E73DF5AF4F0F}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"UDP Query User{8E385BE0-B6F3-41FA-8430-12A1EF41B1EC}C:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero mediahome\nmmediaserver.exe | 
"UDP Query User{92576D25-1570-4BC1-8391-44FA86F3CE69}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe | 
"UDP Query User{96DEA020-41DC-4B80-A9D0-58F4CA059C06}C:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\lostplanetdx9.exe | 
"UDP Query User{9B9EF7C3-84E5-4960-B136-1EAFCE5B3BA2}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"UDP Query User{A66A4BB8-7085-470A-BE30-78565133E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{ADEC7F44-3BF3-4CD7-9CFD-A2D7275A2859}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{AECAA2E5-73DC-4209-BBF8-C5882D8F25ED}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe | 
"UDP Query User{B02A394E-A1B8-45FC-99C5-604EBF81B6F0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B2F2A3E7-39D9-4E98-B33A-3A42BE3ADF25}C:\program files\koch media\schiffe versenken\seawar.exe" = protocol=17 | dir=in | app=c:\program files\koch media\schiffe versenken\seawar.exe | 
"UDP Query User{B676DFB3-32F0-4142-8D04-0C4C9A5541C0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe | 
"UDP Query User{B965DF5D-E7C7-4E56-AF1B-C8CEAE7DFD77}C:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe" = protocol=17 | dir=in | app=c:\program files\capcom\lost_planet_trial_dx9\nativepc\lostplanetdx9.exe | 
"UDP Query User{BBA1F888-DAE9-4EDB-881C-2F87744B7BF6}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{BC4CC1CE-38DC-470C-8FF9-0CCC4AB6D246}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin | 
"UDP Query User{BF9285D1-64D4-4B71-8C5A-A93B9DC09636}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{C6CC2BF8-D328-4E03-9AB7-2934F444DBA7}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{C77E5F34-406E-4D90-9B52-5DF5ECE7BA99}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{CC1612F6-4431-4B69-998F-50865710B0DD}C:\program files\gamespy\comrade\comrade.exe" = protocol=17 | dir=in | app=c:\program files\gamespy\comrade\comrade.exe | 
"UDP Query User{CD43C8C5-4C64-4612-8FBB-A560331DB0BE}C:\program files\common files\ahead\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\ahead\nero web\setupx.exe | 
"UDP Query User{D63A4373-A5D3-46C3-9E63-BF6AC4780140}C:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\duden\rechtschreibtrainer\jre\bin\javaw.exe | 
"UDP Query User{DCB2A323-CA24-4C01-8294-21A09056C6B7}C:\program files\atari\terminator 3 - war of the machines\t3.exe" = protocol=17 | dir=in | app=c:\program files\atari\terminator 3 - war of the machines\t3.exe | 
"UDP Query User{E0B5C60E-DC56-482C-AE6E-E0262DCE15A1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{E9DA1AED-E1F7-4968-B499-514331E5FE90}C:\program files\franzis\3d tipptrainer\ttn.exe" = protocol=17 | dir=in | app=c:\program files\franzis\3d tipptrainer\ttn.exe | 
"UDP Query User{FAD8FFC0-B8BB-46C3-91A4-683DA2BB69B1}C:\users\mark\appdata\local\temp\nero web\setupxu.exe" = protocol=17 | dir=in | app=c:\users\mark\appdata\local\temp\nero web\setupxu.exe | 
"UDP Query User{FD20C98B-0EF6-4555-8F68-B87E050629D3}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A0BD20-71D1-F60D-32DF-7A828187693B}" = ccc-utility
"{0332234E-09D1-4B74-A5F3-73E34BA29F5B}" = Nokia Software Updater
"{037D0596-043A-6CF0-7161-C1240590E3D4}" = CCC Help Norwegian
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08633C60-680F-F32C-8C91-377EA7AE3CAD}" = Catalyst Control Center Graphics Full Existing
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F19E412-CA39-1DC9-409E-D20130E97CB5}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232579E4-B963-B742-9AEF-2A156C7F1012}" = HydraVision
"{24E42D00-A7B3-43B3-1831-E1D38BBE1C04}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2C38C251-DE7B-40DC-9D26-C54044348DE5}" = BBI USB WIRELESS CONTROLLER
"{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE
"{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"{30909DAD-50D9-5C8F-E4EA-B6CD33219F8A}" = CCC Help Dutch
"{30BFA63D-EABB-1850-5E6F-39270E401FE9}" = CCC Help Portuguese
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34DE4F36-3814-5CAD-9A61-DEFA6C908F9A}" = CCC Help English
"{3647638A-36CF-08B0-71A2-C9C382A396BA}" = CCC Help Hungarian
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{37D9C685-0F4B-2D8E-59E3-3CE151CE0051}" = ATI Catalyst Install Manager
"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite DCP-165C
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41DA146B-1218-35C7-F9F7-1329BDA0FCEC}" = Catalyst Control Center Graphics Light
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{48C564CC-6269-1FAB-25FC-E77EC663A8EE}" = Catalyst Control Center Graphics Previews Common
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4E3D3792-2AC8-5C3A-B47A-DC54901E685A}" = CCC Help Greek
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5BBA917A-ABA8-6D66-25CA-60C4479EB5B9}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F44A7EE-2D4F-3501-8959-96E5707B702D}" = Catalyst Control Center Graphics Full New
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68B43A22-9B36-11D7-9D9C-00105ABD2C6C}" = Ginger
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C57DD90-6744-B038-04E7-5928217ACD29}" = CCC Help Chinese Standard
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E3F38F-E9CA-493C-A007-D8F351E9DAA7}" = Terminator 3 - War of the Machines
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76A52914-64CC-476B-BD58-2312D1A9AE10}" = WISO Mein Geld 2009 Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{799821FD-51D2-8A54-04A0-E03C4BFDAB70}" = CCC Help Russian
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D66D425-0732-0503-681F-EF513C9EB035}" = CCC Help Czech
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90D1201F-2B53-45A5-B940-B7DE21B995FC}" = Duden Rechtschreibtrainer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96DB3724-0BE3-A3FD-8401-53EA871F9381}" = CCC Help Finnish
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9909B060-77BE-C0EB-498E-200439A609CF}" = Catalyst Control Center HydraVision Full
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BCC64BE-25AD-5872-1FB8-168586E5D1CF}" = CCC Help Spanish
"{9CFAA618-E4CA-C55E-402D-D305AFBC7F36}" = CCC Help Turkish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6960F96-6CE5-DA95-5346-1BEF9A7E48C7}" = ATI Problem Report Wizard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E3BB58-08F3-69A7-6DE1-46169A9E34C5}" = CCC Help Thai
"{AA898D01-D4E3-43C6-8E25-70CA660B9F16}" = CHIPDRIVE extern/intern/micro treiber 3.1
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BA4993-89C9-938E-95B8-8DD533DBC2BD}" = CCC Help Chinese Traditional
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66BDC95-CE25-9E1F-71CA-D9C9A30FED99}" = Catalyst Control Center Graphics Previews Vista
"{B6B7482F-E56A-DB37-97BE-A85B000E9506}" = CCC Help Japanese
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7E86EDB-77E7-E3A0-F0A3-73755A0DFF3B}" = ccc-core-static
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{B9B1B950-777B-26A1-226E-411B2AF23B26}" = CCC Help Korean
"{BBBDA721-8885-42CE-A16C-8BEE27D37EB3}" = AAVUpdateManager
"{C4CD208D-E3A2-488B-A4F4-FD8DE3DADD25}_is1" = BMW M3 Challenge
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D32C002C-ACD4-4AE6-F897-7B441E2402F0}" = CCC Help German
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E382FD08-7B09-EB40-9FDD-5C12898B3691}" = Catalyst Control Center Localization All
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB81FF05-AF5E-D3ED-E3DE-CA25489E95A0}" = Catalyst Control Center Core Implementation
"{EC89F553-763E-3851-97DF-3FBB47682E5A}" = CCC Help Swedish
"{ECD777F4-3C75-9227-0E71-8C321D99179E}" = CCC Help Danish
"{ECDA7753-B9EE-A492-DE40-96AFC181568C}" = ATI AVIVO Codecs
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F04090DB-1428-A054-768E-EFF969308578}" = Skins
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F84377EE-38BE-EB21-B034-10742A180A26}" = CCC Help Italian
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FFCB1B04-5B1C-4A17-AA60-CA6F00BA50F9}" = StarMoney
"3D TippTrainer_is1" = 3D TippTrainer
"4StoryDE_is1" = 4Story 1.5
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires 2.0" = Microsoft Age of Empires II
"ALDI Foto Manager Free Sued D" = ALDI Foto Manager Free Sued 3.4.0.466 (D)
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" = 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"bayer04_is1" = Bayer04 Publisher 2.1.1
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CCleaner" = CCleaner (remove only)
"CodeStuff Starter" = CodeStuff Starter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.3.1
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Fotoservice" = Fotoservice
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"Imperium Romanum" = Imperium Romanum 1.03
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{2FDFD600-7338-4738-90D5-FC4ACA08DC36}" = Pro Evolution Soccer 2008
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"LetsTrade" = LetsTrade Komponenten
"Lidl-Fotos_is1" = Lidl-Fotos
"Lollipop Mathe 3" = Lollipop Mathe 3
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 2008 D" = MAGIX Video deluxe 2008 7.5.3.1 (D)
"ManyCam" = ManyCam 2.4 (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Essentials" = Microsoft Security Essentials
"Nokia PC Suite" = Nokia PC Suite
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = eBay.de - Skype 3.0
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"TwkSCard" = CHIPDRIVE - Gerätetreiber V2.14.41
"Ultimate Motorcross" = Ultimate Motorcross 1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"XP Codec Pack" = XP Codec Pack
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Power Loader" = Power Challenge Game Plugin
"tc09-DE_SEVENONE_MAIN" = Big Pizza Mountainbike Challenge 09 (SevenOne)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2008 16:38:34 | Computer Name = Mark-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 29.11.2008 07:46:08 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18000, Zeitstempel
 0x47918f11, fehlerhaftes Modul SwMenu.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x48998217, Ausnahmecode 0xc0000005, Fehleroffset 0x6c102d0d,  Prozess-ID 0x13b8,
 Anwendungsstartzeit 01c9521573238dfd.
 
Error - 30.11.2008 07:01:51 | Computer Name = Mark-PC | Source = RasClient | ID = 20227
Description = 
 
Error - 30.11.2008 07:10:25 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung explorer.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00038922,  Prozess-ID 0x113c, Anwendungsstartzeit
 01c952da7381ccb4.
 
Error - 30.11.2008 07:42:37 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6001.18000, Zeitstempel
 0x47918e5d, fehlerhaftes Modul ole32.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a74c,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00038922,  Prozess-ID 0xd70, Anwendungsstartzeit
 01c952dd30583946.
 
Error - 04.12.2008 11:27:07 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
 0x46c8972e, fehlerhaftes Modul Settlers6Demo.exe, Version 1.0.3006.0, Zeitstempel
 0x46c8972e, Ausnahmecode 0xc0000005, Fehleroffset 0x0010520e,  Prozess-ID 0x1780,
 Anwendungsstartzeit 01c9562354f0118d.
 
Error - 05.12.2008 13:29:57 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm Settlers6Demo.exe, Version 1.0.3006.0 arbeitet nicht mehr
 mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 15fc  Anfangszeit: 01c95624c95e62d5  Zeitpunkt
 der Beendigung: 106
 
Error - 08.12.2008 17:17:01 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 12.12.2008 02:45:05 | Computer Name = Mark-PC | Source = Application Hang | ID = 1002
Description = Programm _INS5576._MP, Version 5.53.168.0 arbeitet nicht mehr mit 
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet 
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 15c0  Anfangszeit: 01c95c24c1d91464  Zeitpunkt der
 Beendigung: 0
 
Error - 13.12.2008 09:33:51 | Computer Name = Mark-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 20.05.2007 14:10:39 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 05/20/2007 20:10:39
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 13.06.2007 04:02:35 | Computer Name = Mark-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80080005
 
Error - 05.08.2007 12:40:29 | Computer Name = Mark-PC | Source = ehRecvr | ID = 4
Description = 
 
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:08
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 28.12.2007 05:05:09 | Computer Name = Mark-PC | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 12/28/2007 10:05:09
 automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
 
Error - 17.04.2008 06:49:00 | Computer Name = Mark-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
Error - 20.10.2009 15:07:13 | Computer Name = Mark-PC | Source = ehRecvr | ID = 3
Description = 
 
[ System Events ]
Error - 27.06.2010 14:33:50 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.06.2010 14:33:56 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.06.2010 14:38:43 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 27.06.2010 14:42:35 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2010 14:44:03 | Computer Name = Mark-PC | Source = Microsoft Antimalware | ID = 2001
Description = Fehler in %%861 beim Aktualisieren von Signaturen.     Neue Signaturversion:
      Vorherige Signaturversion: 1.85.898.0     Aktualisierungsquelle: %%859     Aktualisierungsstufe:
 %%852     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: %%800     Aktualisierungstyp: %%803

	Benutzer:
 NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:      Vorherige Modulversion: 1.1.5902.0     Fehlercode:
 0x8024402c     Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates.
 Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie
 unter "Hilfe und Support". 
 
Error - 27.06.2010 14:46:51 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 27.06.2010 14:46:51 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.06.2010 14:47:00 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.06.2010 14:49:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 27.06.2010 15:03:30 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
Description = 
 
 
< End of report >
         
--- --- ---

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=607e483eab0cde4cb3fd5dcb08563ddd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-28 12:28:22
# local_time=2010-06-28 02:28:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 113452 53182875 24650 0
# compatibility_mode=5892 16776574 100 100 116946 115200296 0 0
# compatibility_mode=8192 67108863 100 0 238 238 0 0
# scanned=223419
# found=1
# cleaned=1
# scan_time=17334
C:\Users\Mark\Downloads\Nero-7.11.10.0_all_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

Alt 28.06.2010, 17:55   #10
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo Daniel,

anbei noch die Beantwortung der Frage wie der Rechner läuft

Der Rechner läuft ruhiger als vorher, die Festplatte "rödelt" nicht mehr so oft wie früher. Internet ist recht flott und es kommen keine Warnmeldungen des Virenscanner. (kamen früher auch nicht, nur einmal und dann gewaltig)

Grüße und danke schon mal für die Hilfe

Mark

Alt 28.06.2010, 18:12   #11
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.


Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.06.2010, 20:22   #12
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Hallo Daniel,

das Combo zu deinstallieren war tricky, nach dem Backslash darf kein Leerzeichen sein, davor schon. Nach ner Stunde hatte ich es dann raus
Das System läuft normal, habe zum ersten mal wieder Wiso mein Geld gestartet und bekomme folgende Meldung

Wichtiger Sicherheitshinweis, folgender host wurde geändert und gefährden evtl. die Sicherheit des Systems

127.0.0.1 localhost

Ich hoffe du kannst hier weiter helfen

Grüße
Mark

Alt 28.06.2010, 20:33   #13
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Der Eintrag ist eigentlich normal. Die MVPS Hostsfile schon verwendet ?

Dann ist die Meldung ok
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 28.06.2010, 21:18   #14
powersearche
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Nochmals vielen dank für die schnelle Antwort.
Dann werde ich mich in der nächsten Zeit mal mit den vorgeschlagenen Programmen beschäftigen.
Bei einer Anleitung in englisch kann man ja schnell mal was verschlimmbessern.
Klappt ja schon manchmal in deutsch nicht
Damit ist mein Problem gelöst und ich kann am Wochende in Ruhe WM schauen.
Grüße und nen schönen Feierabend
Marko

Alt 28.06.2010, 21:24   #15
Larusso
/// Selecta Jahrusso
 
Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Standard

Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?



Downloade dir die hosts.zip, extrahiere die den Inhalt auf dem Desktop, doppelklick auf die batch und der Fall ist auch erledigt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?
ad-aware, antivir, antivir guard, avira, bho, bonjour, codes, desktop, ebay, google, gupdate, hijack, hijackthis, internet, internet explorer, microsoft essentials, microsoft security, microsoft security essentials, registry, rundll, safer networking, scan, security, senden, software, starten, system, virus, virus eingefangen, vista, windows



Ähnliche Themen: Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?


  1. Ist mein Rechner wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (2)
  2. BSI GVU Trojaner mit Webcam - ist mein System wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (13)
  3. Bundespolizei malware - ist mein Rechner wieder sauber?
    Log-Analyse und Auswertung - 06.05.2011 (23)
  4. ist mein pc wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (47)
  5. Antimalware Doctor - Ist mein Laptop wieder vollständig sauber?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (28)
  6. TR/Dropper.gen, getarnt als Bildschirmschoner! Nach jedem Neustart wieder da!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (3)
  7. Security Tool entfernt - Ist mein PC wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 02.09.2010 (4)
  8. Unsicher, ob mein System wieder sauber ist?
    Log-Analyse und Auswertung - 24.04.2010 (23)
  9. tr/runner.dk u.a. Trojanaer wie bekomme ich mein Systhem wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 04.06.2009 (7)
  10. Ist mein Rechner wieder sauber?
    Log-Analyse und Auswertung - 23.03.2009 (0)
  11. Ist mein PC wieder sauber?
    Plagegeister aller Art und deren Bekämpfung - 21.03.2009 (1)
  12. Ist mein System wieder sauber? - TR/Trash.gen
    Plagegeister aller Art und deren Bekämpfung - 15.02.2009 (26)
  13. nach zlob ! Ist mein PC wieder sauber ?
    Mülltonne - 29.09.2008 (0)
  14. Ist mein System wieder sauber?
    Log-Analyse und Auswertung - 15.06.2008 (2)
  15. Ist mein PC wieder sauber ?
    Plagegeister aller Art und deren Bekämpfung - 12.02.2008 (6)
  16. Ist mein PC jetzt wieder sauber ? Brauche eine Analyse
    Log-Analyse und Auswertung - 15.02.2007 (5)
  17. Ist mein System wieder sauber? Bitte um Hilfe!
    Log-Analyse und Auswertung - 26.07.2005 (1)

Zum Thema Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? - Hallo zusammen, dies ist mein erster Beitrag in diesem Forum. Ich habe mir letzte Woche nen Virus eingefangen der sich als Virenscanner getarnt hat, exakt vor der Abfahrt in meinen - Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber?...
Archiv
Du betrachtest: Nach Virusbefall (als Virenscanner getarnt) Ist mein PC wieder sauber? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.