Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.08.2010, 12:18   #1
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



Ich habe trojaner und keine Ahnung , kann mir jemand helfen?

ich habe mir HijackThis runtergeladen aber der virus schließt das programm immer wieder

Alt 10.08.2010, 12:23   #2
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig und genau durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
drivers32 /all
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 10.08.2010, 12:39   #3
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



die trojaner verhindern dass ich dass programm aufmache!
was nun
__________________

Alt 10.08.2010, 12:42   #4
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Drucke dir die Anleitung gegebenfalls aus

Downloade Dir bitte OTH ( by Oldtimer ) und speichere die Datei auf dem Desktop.
Firefox User: Mit Rechtsklick auf OTH und "Ziel speichern unter" downloaden.
  • Starte OTH.scr mit Doppelklick.
  • Klicke nun auf den Kill All Process Button.
  • Nun klicke auf den Internet Explorer Button.
  • Navigiere nun bitte mit dem IE hier in deinen Thread.
  • Downloade dir Malwarebytes.
    Speichere die Datei auf dem Desktop.
  • Nun klicke in OTH auf Start Misc Program Button.
    Navigiere in diesem Explorer auf deinem Desktop und zu dem Setup von Malwarebytes und klicke darauf.
  • Nun klicke auf Öffnen und folge den Anweisungen um Malwarebytes in den vorgegeben Pfad zu installieren.
  • Wenn die Installation abgeschlossen ist, navigiere nun zu C:\Programme\Malwarebytes Anti Malware und markiere die mbam.exe und klicke erneut auf öffnen
  • Wähle nun "Quick Scan ausführen" und drücke Scannen.
Wenn der Scan beendet wurde sollte der PC neu starten.
Tut er das nicht klicke in OTH auf Reboot

Poste mir die Logfile von Malwarebytes
Starte Malwarebytes--> Reiter Scan-Berichte--> klick auf den aktuellsten Bericht--> es öffnet sich automatisch ein Text-Dokument.

Sollte Malwarebytes nach dem Reboot nicht starten, teile mir das bitte mit.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Geändert von Larusso (10.08.2010 um 12:56 Uhr)

Alt 10.08.2010, 13:09   #5
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



blablabla ist durch trojan.js.offiz infiziert
also des steht soo ziemlich bei jeder anwendung
???????


Alt 10.08.2010, 13:11   #6
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Okay, möglichkeit eine CD zu brennen ?

Aber vorher, kannst Du in den abgesicherten Modus (mehrmals F8 drücken beim hochfahren) booten und von dort ne OTL Logfile erstellen ?
__________________
--> Trojaner Problem

Alt 10.08.2010, 13:14   #7
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



oi jetzt wirds zu hoch für mich DD

ich bin doch bloßn mädl DDDD
ich mach des für mein freund.. mhhh
gib mir einen tag um alle sachen aufm laptop zu speichern


und dann mach ich weiter

Alt 10.08.2010, 13:42   #8
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Welche Sachen auf dem Laptop speichern ?

Ich will nur wissen ob du in den abgesicherten Modus booten kannst
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 11.08.2010, 00:07   #9
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



bevor ich irgendwas ausversehen lösch

ne gut
ich befolge deine anweisungen
wart ^^

so also im abgesicherten modus kann ich sowas schon erstellen nur wohin dann damit
wie kann ich des dann speichern ?

Alt 11.08.2010, 12:06   #10
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Lass OTL im abgesicherten Modus laufen. Die TextDatei wird dort gespeichert, wo Du OTL hast. Im Idealfall am Desktop.

Diese kannst Du mir hier posten. Entweder direkt von dem Rechner aus. Solltest Du mit USB Sticks arbeiten, bitte vorher noch folgendes.

Desinfizierung/Absicherung externer Medien

Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab.
Gehe nun wie folgt vor:
  1. Trenne den Rechner physikalisch vom Netz.
  2. Deaktiviere den Hintergrundwächter deines AVP.
  3. Schließe jetzt alle externe Datenträgeran Deinen Rechner an.
  4. Starte den Flash Disinfector mit einem Doppelklick und folge ggf. den Anweisungen.
  5. Wenn der Scan zuende ist, kannst du das Programm schließen.
  6. Starte Deinen Rechner neu.
Hinweis:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist.
Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal.


Bitte poste in Deiner nächsten Antwort
OTL.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.08.2010, 22:11   #11
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



sorry war gestern nich im internet , ich mach jetzt weiter

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 00:13:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19723F7B-CAA1-43CC-9091-DAAF9DD68043}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1BE14ABA-6368-4B2B-AAA3-71EC408A12A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{200AD85A-E3AF-4298-92B8-DB31A3EE85E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5635B58D-CEF8-4FBA-A490-ECF874F60F81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5C329FBD-51FA-4EC5-81C8-24BE18A995E0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{601D8BD6-1EAC-4E8E-BB69-EC511C26D511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{609F051A-65E6-41E9-84AE-55DA05380B24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{89A87342-DB11-434C-8027-C7D33B728EA5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8AC0098E-22AA-4FE5-B1DF-2331307B5F89}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8CCF3713-71DD-4450-AA0C-A50FAFFCA809}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA98656B-6212-4610-8268-9C240D5B05F5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B6111C59-6829-4DC7-924A-CF4E5949CA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA6A7523-6ECE-406D-B13F-821D9794FA6D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CCECBB42-0330-430D-AB96-479354DBE5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD0F690E-74B1-47F0-896A-6A219C3AE1FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DD230095-FF8E-454D-B5F3-8ADDFCBDAECF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E24A326C-8A71-4F18-8D4C-265ADE23C3B0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E714EE6D-C303-4EEC-8325-C4544C815FEB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8A793F9-F53A-400D-B512-C5B93ABF16C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FB068EA3-7869-4623-AA31-07A873AB2198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A7D938C-1186-46AC-86EA-A29FE4ADF6C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{23868471-05AC-4437-BE74-D0FD4675BD35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{341C28D5-63EB-475D-97AF-119D412F54E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3670B0B9-333E-4E75-81BF-6AA04E30E580}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3700563B-4596-45CC-8491-A450409C4710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{55C57AA7-2225-427E-AF2C-BD5B3843B169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{599A4444-1ECF-407F-B224-8ED8BB9C830B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C74B49E-FA7B-499F-94CF-51A0B09F3352}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7A29967D-C17A-452E-A39E-C9B5BC2AAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7E9957F6-0A11-4D12-924D-A1D423892D8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7F14B6F1-5986-4208-96C4-2E64163817CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0E173AE-52D6-4FEB-833C-057EBF81B13B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5994EF0-9C79-4799-B426-E5ED0BD129C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E80D4487-ACEA-4014-B2A2-20F7EE375030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{07EBB499-FC4A-493C-8442-8404091B0BF4}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"TCP Query User{2CBA3293-73D6-4397-9BB9-E818CA21C052}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | 
"TCP Query User{4C3F0731-6A09-4DEE-8E3A-E5874BA629BB}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"TCP Query User{93A3CD93-3A39-4772-98C0-7AD2F80DB82C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A7C0A2D3-C62E-40D1-947D-BF5DD0E8E096}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{AE64645B-BEB5-4499-AF2A-B4FD4D172F3E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AFAE4E58-871B-453D-A2CA-8C481C479C12}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"TCP Query User{B8C305C1-6319-4BF6-92E9-C0DD64B4A821}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{C18BC198-9B4F-48A7-AC07-009D4ABBE030}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe | 
"TCP Query User{E4F9ADD7-C3FD-41FF-867D-D69512210575}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | 
"TCP Query User{FBB8D7AF-EFA2-4988-8A69-7BD3248C4EFD}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"TCP Query User{FD6F1FA9-92C0-4393-8148-A84DA1E27023}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{038B9636-EF19-49B3-B083-E6CBEF300A53}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{1E4352D8-A796-4285-9787-C158979ADF9C}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"UDP Query User{3752EC1D-A43A-4121-9D05-91123F002C1C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3D8C6F57-D4C5-46BD-9597-067E3849131A}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | 
"UDP Query User{5F9F3F19-7C22-44DF-86E1-ED9A747DB4C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{89544001-3FD6-4F99-8452-B8C57627B797}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{A2B10FA7-B249-463D-B3A4-A190191FC3D8}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"UDP Query User{DBBBC4AF-A5D8-4C80-B4D9-BDF231B64366}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe | 
"UDP Query User{E5399A76-9CBD-423D-A66E-2944935B04D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{ECD11967-D409-41AF-8A59-09064D610557}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"UDP Query User{EF34DC72-666F-4D16-89D7-9C8D4FF59176}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | 
"UDP Query User{FCA4DADF-56E4-4D17-A172-F61E3ACB831F}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D867976-573B-40F7-BE60-7E1A2C9FB35F}_is1" = MaxiVista Demo Anzeigeprogramm v4.0.10
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D134213-C5F4-4D55-9E36-FEB4C12FD27A}" = PC-Trainer Kfz-Technik
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"DATEVB00000482.0" = DATEV Installation V.2.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Office2007" = Microsoft Office Home and Student
"Postal 2" = Postal 2
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"Sweet Home 3D_is1" = Sweet Home 3D version 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T4EPlayer" = T4E Player
"TorrentMan Toolbar" = TorrentMan Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works9se" = Microsoft Works 9.0 SE
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2010 06:35:34 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2010 06:36:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.4.0, Zeitstempel
 0x4811da19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x03030303,  Prozess-ID 0xe60, Anwendungsstartzeit
 01cb14521e6f7f61.
 
Error - 25.06.2010 07:49:06 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2010 15:01:27 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.06.2010 12:48:01 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/06/30 18:48:01]  --------------------------------------------------------
Application:
 NVC On-demand Scanner  Node address: 192.168.2.106  --------------------------------------------------------
 
ALARM:
   Virus infected:   Virus name: 'W32/Zwangi.F'  Norman Scanner Engine Information   Engine
 version: 6.05.10  Binary definition file: 6.05 of 2010/06/30  Macro definition file:
 6.05 of 2010/06/14  Login information: User 'Chris' on host 'CHRIS-PC'.  File infected:
 c:/Program Files/DriftCity/eu_dcity.exe  File quarantined: c:/Program Files/DriftCity/eu_dcity.exe
File
 Unknown message informationc:/Program Files/DriftCity/eu_dcity.exe
 
Error - 30.06.2010 12:48:04 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/06/30 18:48:04]  --------------------------------------------------------
Application:
 NVC On-demand Scanner  Node address: 192.168.2.106  --------------------------------------------------------
 
ALARM:
   Virus infected:   Virus name: 'W32/Zwangi.F'  Norman Scanner Engine Information   Engine
 version: 6.05.10  Binary definition file: 6.05 of 2010/06/30  Macro definition file:
 6.05 of 2010/06/14  Login information: User 'Chris' on host 'CHRIS-PC'.  File infected:
 c:/Program Files/DriftCity/_eu_dcity.exe.zip : eu_dcity.exe  File quarantined: c:/Program
 Files/DriftCity/_eu_dcity.exe.zip
 
Error - 30.06.2010 14:26:00 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001579a2,  Prozess-ID 0x107c, Anwendungsstartzeit
 01cb1881934a4120.
 
Error - 02.07.2010 03:13:59 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2010 16:36:23 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2010 12:45:37 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:12:23 | Computer Name = Chris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.10.2009 21:13:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.08.2010 00:13:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19723F7B-CAA1-43CC-9091-DAAF9DD68043}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1BE14ABA-6368-4B2B-AAA3-71EC408A12A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{200AD85A-E3AF-4298-92B8-DB31A3EE85E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5635B58D-CEF8-4FBA-A490-ECF874F60F81}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5C329FBD-51FA-4EC5-81C8-24BE18A995E0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{601D8BD6-1EAC-4E8E-BB69-EC511C26D511}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{609F051A-65E6-41E9-84AE-55DA05380B24}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{89A87342-DB11-434C-8027-C7D33B728EA5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8AC0098E-22AA-4FE5-B1DF-2331307B5F89}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8CCF3713-71DD-4450-AA0C-A50FAFFCA809}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA98656B-6212-4610-8268-9C240D5B05F5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B6111C59-6829-4DC7-924A-CF4E5949CA67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA6A7523-6ECE-406D-B13F-821D9794FA6D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CCECBB42-0330-430D-AB96-479354DBE5D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD0F690E-74B1-47F0-896A-6A219C3AE1FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DD230095-FF8E-454D-B5F3-8ADDFCBDAECF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E24A326C-8A71-4F18-8D4C-265ADE23C3B0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E714EE6D-C303-4EEC-8325-C4544C815FEB}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F8A793F9-F53A-400D-B512-C5B93ABF16C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FB068EA3-7869-4623-AA31-07A873AB2198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A7D938C-1186-46AC-86EA-A29FE4ADF6C3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{23868471-05AC-4437-BE74-D0FD4675BD35}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{341C28D5-63EB-475D-97AF-119D412F54E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{3670B0B9-333E-4E75-81BF-6AA04E30E580}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3700563B-4596-45CC-8491-A450409C4710}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{55C57AA7-2225-427E-AF2C-BD5B3843B169}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{599A4444-1ECF-407F-B224-8ED8BB9C830B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C74B49E-FA7B-499F-94CF-51A0B09F3352}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{7A29967D-C17A-452E-A39E-C9B5BC2AAF37}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7E9957F6-0A11-4D12-924D-A1D423892D8B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7F14B6F1-5986-4208-96C4-2E64163817CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E0E173AE-52D6-4FEB-833C-057EBF81B13B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E5994EF0-9C79-4799-B426-E5ED0BD129C6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E80D4487-ACEA-4014-B2A2-20F7EE375030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"TCP Query User{07EBB499-FC4A-493C-8442-8404091B0BF4}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"TCP Query User{2CBA3293-73D6-4397-9BB9-E818CA21C052}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=6 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | 
"TCP Query User{4C3F0731-6A09-4DEE-8E3A-E5874BA629BB}C:\users\chris\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"TCP Query User{93A3CD93-3A39-4772-98C0-7AD2F80DB82C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A7C0A2D3-C62E-40D1-947D-BF5DD0E8E096}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{AE64645B-BEB5-4499-AF2A-B4FD4D172F3E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{AFAE4E58-871B-453D-A2CA-8C481C479C12}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"TCP Query User{B8C305C1-6319-4BF6-92E9-C0DD64B4A821}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{C18BC198-9B4F-48A7-AC07-009D4ABBE030}C:\program files\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files\bitlord\bitlord.exe | 
"TCP Query User{E4F9ADD7-C3FD-41FF-867D-D69512210575}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | 
"TCP Query User{FBB8D7AF-EFA2-4988-8A69-7BD3248C4EFD}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=6 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"TCP Query User{FD6F1FA9-92C0-4393-8148-A84DA1E27023}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{038B9636-EF19-49B3-B083-E6CBEF300A53}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{1E4352D8-A796-4285-9787-C158979ADF9C}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"UDP Query User{3752EC1D-A43A-4121-9D05-91123F002C1C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{3D8C6F57-D4C5-46BD-9597-067E3849131A}C:\program files\maxivista demo server\maxivistademo.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo server\maxivistademo.exe | 
"UDP Query User{5F9F3F19-7C22-44DF-86E1-ED9A747DB4C7}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{89544001-3FD6-4F99-8452-B8C57627B797}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{A2B10FA7-B249-463D-B3A4-A190191FC3D8}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
"UDP Query User{DBBBC4AF-A5D8-4C80-B4D9-BDF231B64366}C:\program files\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files\bitlord\bitlord.exe | 
"UDP Query User{E5399A76-9CBD-423D-A66E-2944935B04D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{ECD11967-D409-41AF-8A59-09064D610557}C:\users\chris\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\chris\program files\dna\btdna.exe | 
"UDP Query User{EF34DC72-666F-4D16-89D7-9C8D4FF59176}C:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe" = protocol=17 | dir=in | app=c:\users\chris\desktop\novoline\novoline\spiel-01-10\gameunp.exe | 
"UDP Query User{FCA4DADF-56E4-4D17-A172-F61E3ACB831F}C:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe" = protocol=17 | dir=in | app=c:\program files\maxivista demo anzeigeprogramm\maxivistademoviewer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211654D1-F7F8-4FF6-B008-354354354365}_is1" = MaxiVista Demo Server v4.0.10
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28518520-F25C-48C3-A224-861F331602F4}" = Setup My PC
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3559CDE0-11FC-4D7B-A65C-D646035B1031}" = Nero 8 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D867976-573B-40F7-BE60-7E1A2C9FB35F}_is1" = MaxiVista Demo Anzeigeprogramm v4.0.10
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D134213-C5F4-4D55-9E36-FEB4C12FD27A}" = PC-Trainer Kfz-Technik
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CA786CFF-1D31-4804-B436-F3405B14357F}" = Packard Bell Updator
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D359B12F-9B1A-46FD-B70C-F507B5B11590}" = HDRegDE
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4EA67C9-6748-4C1E-9AFF-04149AC75D95}" = Packard Bell ImageWriter
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"DATEVB00000482.0" = DATEV Installation V.2.6
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 1.2
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"Office2007" = Microsoft Office Home and Student
"Postal 2" = Postal 2
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"Sweet Home 3D_is1" = Sweet Home 3D version 2.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T4EPlayer" = T4E Player
"TorrentMan Toolbar" = TorrentMan Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works9se" = Microsoft Works 9.0 SE
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2010 06:35:34 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2010 06:36:06 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.4.0, Zeitstempel
 0x4811da19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x03030303,  Prozess-ID 0xe60, Anwendungsstartzeit
 01cb14521e6f7f61.
 
Error - 25.06.2010 07:49:06 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2010 15:01:27 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.06.2010 12:48:01 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/06/30 18:48:01]  --------------------------------------------------------
Application:
 NVC On-demand Scanner  Node address: 192.168.2.106  --------------------------------------------------------
 
ALARM:
   Virus infected:   Virus name: 'W32/Zwangi.F'  Norman Scanner Engine Information   Engine
 version: 6.05.10  Binary definition file: 6.05 of 2010/06/30  Macro definition file:
 6.05 of 2010/06/14  Login information: User 'Chris' on host 'CHRIS-PC'.  File infected:
 c:/Program Files/DriftCity/eu_dcity.exe  File quarantined: c:/Program Files/DriftCity/eu_dcity.exe
File
 Unknown message informationc:/Program Files/DriftCity/eu_dcity.exe
 
Error - 30.06.2010 12:48:04 | Computer Name = Chris-PC | Source = NormanNPT | ID = 131073
Description = Norman Message [2010/06/30 18:48:04]  --------------------------------------------------------
Application:
 NVC On-demand Scanner  Node address: 192.168.2.106  --------------------------------------------------------
 
ALARM:
   Virus infected:   Virus name: 'W32/Zwangi.F'  Norman Scanner Engine Information   Engine
 version: 6.05.10  Binary definition file: 6.05 of 2010/06/30  Macro definition file:
 6.05 of 2010/06/14  Login information: User 'Chris' on host 'CHRIS-PC'.  File infected:
 c:/Program Files/DriftCity/_eu_dcity.exe.zip : eu_dcity.exe  File quarantined: c:/Program
 Files/DriftCity/_eu_dcity.exe.zip
 
Error - 30.06.2010 14:26:00 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
 0x4bdfa327, fehlerhaftes Modul Flash10c.ocx, Version 10.0.32.18, Zeitstempel 0x4a613d79,
 Ausnahmecode 0xc0000005, Fehleroffset 0x001579a2,  Prozess-ID 0x107c, Anwendungsstartzeit
 01cb1881934a4120.
 
Error - 02.07.2010 03:13:59 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2010 16:36:23 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.07.2010 12:45:37 | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:01:47 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:02:33 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.10.2009 21:03:30 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 23.10.2009 21:12:23 | Computer Name = Chris-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.10.2009 21:13:32 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---

Alt 13.08.2010, 00:05   #12
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Du hast mir 2x die Extras.txt gepostet
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.08.2010, 14:44   #13
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



ja ehm is das das falsche?

eh augenblick

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 00:13:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
PRC - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.24 11:35:17 | 000,219,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010.06.14 14:29:58 | 000,282,624 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010.05.21 13:09:08 | 000,202,056 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010.05.18 14:40:06 | 000,301,192 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010.05.07 13:48:04 | 000,103,016 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:14:41 | 000,098,776 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010.02.05 05:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009.12.03 17:03:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009.10.15 16:50:54 | 000,133,272 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2009.10.11 16:07:33 | 000,152,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)
SRV - [2009.10.07 14:04:51 | 000,129,928 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2009.09.03 15:51:12 | 001,765,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe -- (MaxiVista_service_D)
SRV - [2009.08.22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009.01.08 18:44:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.14 12:14:59 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010.05.10 10:06:10 | 000,072,392 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010.02.05 05:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2010.02.05 05:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2010.02.04 17:35:17 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Stopped] -- c:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009.10.14 14:03:28 | 000,023,392 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009.09.11 03:17:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.08.02 02:28:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV - [2009.08.02 02:28:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV - [2009.07.13 10:00:00 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2009.07.13 10:00:00 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVENG.SYS -- (NAVENG)
DRV - [2009.07.11 21:34:11 | 000,293,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009.05.16 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.05.16 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008.08.06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.07.16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.07.11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.02.20 23:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.06.08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.25 10:07:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 00:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 00:30:41 | 000,000,000 | ---D | M]
 
[2010.02.09 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2009.05.24 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions
[2009.05.24 13:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.07.27 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions
[2010.02.10 08:29:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.25 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.25 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.26 18:23:42 | 000,000,873 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\conduit.xml
[2010.07.21 15:13:40 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\icqplugin.xml
[2010.08.10 23:16:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 00:30:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.27 00:30:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.27 00:30:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.27 00:30:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.27 00:30:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Chris\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [380989] C:\Users\Chris\AppData\Local\380989.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxiVista Demo Anzeigeprogramm All.lnk = C:\Programme\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ff9d4f9d-6586-11de-8e8b-00238b86cd3c}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.10 13:06:30 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
[2010.08.10 12:33:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 12:14:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe
[2010.08.09 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Novoline
[2010.08.02 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Khanh Musik
[2010.07.25 17:35:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.07.25 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.20 21:35:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\youtube musik
[2010.07.14 21:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 00:10:23 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010.08.11 00:08:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 00:07:34 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.10 23:50:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.10 23:48:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.10 23:48:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 23:48:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.10 23:46:55 | 000,105,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.10 23:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.10 23:22:06 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.10 23:22:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.10 23:22:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.10 23:22:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.10 23:22:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.10 19:54:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.10 19:54:17 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 19:54:17 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.10 19:54:12 | 002,184,090 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
[2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 12:14:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe
[2010.08.10 11:53:31 | 001,211,392 | ---- | M] () -- C:\Users\Chris\AppData\Local\380989.exe
[2010.08.09 23:34:10 | 003,546,336 | ---- | M] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg
[2010.08.09 22:13:29 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chris.job
[2010.08.07 16:55:46 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.05 02:51:34 | 000,061,754 | ---- | M] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg
[2010.08.02 13:04:58 | 002,106,714 | ---- | M] () -- C:\Users\Chris\Desktop\SharePod396.zip
[2010.08.02 09:10:19 | 000,062,026 | ---- | M] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg
[2010.07.29 04:34:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.07.25 17:34:51 | 000,001,034 | ---- | M] () -- C:\Users\Chris\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.14 21:43:31 | 000,000,866 | ---- | M] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk
[2010.07.13 23:40:50 | 000,013,875 | ---- | M] () -- C:\Users\Chris\Desktop\Lebenslauf  Christian.docx
 
========== Files Created - No Company Name ==========
 
[2010.08.10 11:53:31 | 001,211,392 | ---- | C] () -- C:\Users\Chris\AppData\Local\380989.exe
[2010.08.09 23:34:08 | 003,546,336 | ---- | C] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg
[2010.08.05 02:47:32 | 000,061,754 | ---- | C] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg
[2010.08.02 14:04:20 | 000,062,026 | ---- | C] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg
[2010.08.02 13:04:42 | 002,106,714 | ---- | C] () -- C:\Users\Chris\Desktop\SharePod396.zip
[2010.07.14 21:43:31 | 000,000,866 | ---- | C] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk
[2010.07.13 23:11:06 | 000,013,875 | ---- | C] () -- C:\Users\Chris\Desktop\Lebenslauf  Christian.docx
[2010.04.06 12:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer002.INI
[2010.04.06 11:59:30 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2010.04.06 11:59:25 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2010.04.06 11:56:12 | 000,000,021 | ---- | C] () -- C:\Windows\StartUp.INI
[2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll
[2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll
[2009.06.01 23:10:33 | 000,572,206 | ---- | C] () -- C:\Windows\System32\_C6DBDLL.DLL
[2009.06.01 23:10:33 | 000,402,432 | ---- | C] () -- C:\Windows\System32\C4fox.dll
[2009.06.01 23:10:33 | 000,216,064 | ---- | C] () -- C:\Windows\System32\MDI16KH.DLL
[2009.06.01 23:04:13 | 000,000,156 | ---- | C] () -- C:\Windows\ptkfz.INI
[2009.05.19 22:28:40 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.16 11:18:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.09 02:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.09 02:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2007.01.15 09:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.08.2010 00:13:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 87,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 97,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 161,11 Gb Free Space | 56,51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: CHRIS-PC
Current User Name: Chris
Logged in as Administrator.
 
Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
PRC - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\otl.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.24 11:35:17 | 000,219,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2010.06.14 14:29:58 | 000,282,624 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010.05.21 13:09:08 | 000,202,056 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas)
SRV - [2010.05.18 14:40:06 | 000,301,192 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2010.05.07 13:48:04 | 000,103,016 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 14:14:41 | 000,098,776 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2010.02.05 05:16:20 | 000,419,224 | ---- | M] (CSR, plc) [Auto | Stopped] -- C:\Windows\System32\HFGService.dll -- (HFGService)
SRV - [2009.12.03 17:03:38 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009.10.15 16:50:54 | 000,133,272 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2009.10.11 16:07:33 | 000,152,904 | ---- | M] (Norman ASA) [Auto | Stopped] -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)
SRV - [2009.10.07 14:04:51 | 000,129,928 | ---- | M] (Norman ASA) [On_Demand | Stopped] -- C:\Program Files\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2009.09.03 15:51:12 | 001,765,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe -- (MaxiVista_service_D)
SRV - [2009.08.22 09:21:19 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009.01.08 18:44:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.10.19 15:30:02 | 000,222,456 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.07.16 15:00:00 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\PACKARD BELL\Packard Bell Recovery Management\Service\ETService.exe -- (ETService)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1005000.087\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.05.14 12:14:59 | 000,040,384 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2010.05.10 10:06:10 | 000,072,392 | ---- | M] (Norman ASA) [Kernel | System | Running] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2010.02.05 05:16:10 | 000,066,952 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthav.sys -- (csr_a2dp)
DRV - [2010.02.05 05:16:08 | 000,048,024 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BthAudioHF.sys -- (BthAudioHF)
DRV - [2010.02.04 17:35:17 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys -- (ccHP)
DRV - [2010.01.04 15:44:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System | Stopped] -- c:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2009.10.14 14:03:28 | 000,023,392 | ---- | M] (Norman ASA) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvcv32mf.sys -- (NvcMFlt)
DRV - [2009.10.09 14:24:40 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto | Stopped] -- C:\Programme\Norman\Nse\Bin\Ndiskio.sys -- (Ndiskio)
DRV - [2009.09.11 03:17:34 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 09:21:19 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.08.02 02:28:00 | 000,013,696 | ---- | M] (MaxiVista) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\mvCmdemo.SYS -- (mvCmdemo)
DRV - [2009.08.02 02:28:00 | 000,012,544 | ---- | M] (MaxiVista) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvvideodemo.sys -- (mvvideodemo)
DRV - [2009.07.13 10:00:00 | 000,875,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2009.07.13 10:00:00 | 000,087,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090814.048\NAVENG.SYS -- (NAVENG)
DRV - [2009.07.11 21:34:11 | 000,293,424 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009.05.16 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.05.16 10:00:00 | 000,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008.08.06 10:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.04 11:02:46 | 002,161,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.29 05:48:56 | 000,418,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28.sys -- (netr28)
DRV - [2008.07.16 14:56:06 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.07.11 04:20:10 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.02.20 23:01:08 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.06.08 04:53:56 | 000,187,448 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010.04.25 10:07:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.27 00:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.27 00:30:41 | 000,000,000 | ---D | M]
 
[2010.02.09 22:14:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2009.05.24 13:34:33 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions
[2009.05.24 13:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.07.27 00:30:55 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions
[2010.02.10 08:29:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.25 17:34:58 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.25 17:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\5rdywjhr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.26 18:23:42 | 000,000,873 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\conduit.xml
[2010.07.21 15:13:40 | 000,000,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\5rdywjhr.default\searchplugins\icqplugin.xml
[2010.08.10 23:16:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.27 00:30:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.27 00:30:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.27 00:30:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.27 00:30:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.27 00:30:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (TorrentMan Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (TorrentMan Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Programme\TorrentMan\tbTorr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Chris\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [380989] C:\Users\Chris\AppData\Local\380989.exe ()
O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxiVista Demo Anzeigeprogramm All.lnk = C:\Programme\MaxiVista Demo Anzeigeprogramm\MaxiVistaDemoViewer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ff9d4f9d-6586-11de-8e8b-00238b86cd3c}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.10 13:06:30 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
[2010.08.10 12:33:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 12:14:21 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe
[2010.08.09 22:08:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Novoline
[2010.08.02 13:07:09 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Khanh Musik
[2010.07.25 17:35:01 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.07.25 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.07.20 21:35:19 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\youtube musik
[2010.07.14 21:43:14 | 000,000,000 | ---D | C] -- C:\Programme\Sweet Home 3D
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.11 00:10:23 | 000,001,356 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2010.08.11 00:08:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.11 00:07:34 | 002,883,584 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT
[2010.08.10 23:50:28 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.10 23:48:18 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.10 23:48:04 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 23:48:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.10 23:48:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.10 23:46:55 | 000,105,472 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.10 23:34:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.10 23:22:06 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.10 23:22:06 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.10 23:22:06 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.10 23:22:06 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.10 23:22:06 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.10 19:54:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.10 19:54:17 | 000,524,288 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.10 19:54:17 | 000,065,536 | -HS- | M] () -- C:\Users\Chris\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.10 19:54:12 | 002,184,090 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2010.08.10 13:06:54 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTH.scr
[2010.08.10 12:33:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2010.08.10 12:14:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Chris\Desktop\HiJackThis204.exe
[2010.08.10 11:53:31 | 001,211,392 | ---- | M] () -- C:\Users\Chris\AppData\Local\380989.exe
[2010.08.09 23:34:10 | 003,546,336 | ---- | M] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg
[2010.08.09 22:13:29 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Chris.job
[2010.08.07 16:55:46 | 000,000,156 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.05 02:51:34 | 000,061,754 | ---- | M] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg
[2010.08.02 13:04:58 | 002,106,714 | ---- | M] () -- C:\Users\Chris\Desktop\SharePod396.zip
[2010.08.02 09:10:19 | 000,062,026 | ---- | M] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg
[2010.07.29 04:34:59 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.07.25 17:34:51 | 000,001,034 | ---- | M] () -- C:\Users\Chris\Desktop\DVDVideoSoft Free Studio.lnk
[2010.07.14 21:43:31 | 000,000,866 | ---- | M] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk
[2010.07.13 23:40:50 | 000,013,875 | ---- | M] () -- C:\Users\Chris\Desktop\Lebenslauf  Christian.docx
 
========== Files Created - No Company Name ==========
 
[2010.08.10 11:53:31 | 001,211,392 | ---- | C] () -- C:\Users\Chris\AppData\Local\380989.exe
[2010.08.09 23:34:08 | 003,546,336 | ---- | C] () -- C:\Users\Chris\Desktop\neu_bearbeitet-1.jpg
[2010.08.05 02:47:32 | 000,061,754 | ---- | C] () -- C:\Users\Chris\Desktop\SEHR SCHOEN.jpg
[2010.08.02 14:04:20 | 000,062,026 | ---- | C] () -- C:\Users\Chris\Desktop\38755_136655859706390_100000859293067_175089_7538135_n.jpg
[2010.08.02 13:04:42 | 002,106,714 | ---- | C] () -- C:\Users\Chris\Desktop\SharePod396.zip
[2010.07.14 21:43:31 | 000,000,866 | ---- | C] () -- C:\Users\Chris\Desktop\Sweet Home 3D.lnk
[2010.07.13 23:11:06 | 000,013,875 | ---- | C] () -- C:\Users\Chris\Desktop\Lebenslauf  Christian.docx
[2010.04.06 12:00:07 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer002.INI
[2010.04.06 11:59:30 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI
[2010.04.06 11:59:25 | 000,000,102 | ---- | C] () -- C:\Windows\dvinesinstart001.INI
[2010.04.06 11:56:12 | 000,000,021 | ---- | C] () -- C:\Windows\StartUp.INI
[2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\OutN64proc64.dll
[2009.11.21 15:15:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\InN64proc64.dll
[2009.06.01 23:10:33 | 000,572,206 | ---- | C] () -- C:\Windows\System32\_C6DBDLL.DLL
[2009.06.01 23:10:33 | 000,402,432 | ---- | C] () -- C:\Windows\System32\C4fox.dll
[2009.06.01 23:10:33 | 000,216,064 | ---- | C] () -- C:\Windows\System32\MDI16KH.DLL
[2009.06.01 23:04:13 | 000,000,156 | ---- | C] () -- C:\Windows\ptkfz.INI
[2009.05.19 22:28:40 | 000,000,156 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.16 11:18:35 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.09 02:05:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.09 02:05:13 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2007.01.15 09:19:16 | 000,016,473 | ---- | C] () -- C:\Windows\System32\SELF32.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
         
--- --- ---

Alt 15.08.2010, 15:37   #14
Larusso
/// Selecta Jahrusso
 
Trojaner Problem - Standard

Trojaner Problem



Speichere bitte die angehängte Fix.txt auf deinen USB Stick

Starte OTL und klicke auf den FIX Button. Du wirst nun gefragt ob du eine Datei einfügen willst. Bestätige dies mit JA und navigiere zu der FIX.txt auf deinem USB Stick.
Klicke öffnen.
Nun sollte sich ein Text in der CustomScan Box befinden. Ist dies der Falle klicke erneut auf den FIX Button.

Der Rechner wird neu starten. Berichte ob Du nun in den Normalmodus booten kannst
Angehängte Dateien
Dateityp: txt fix.txt (112 Bytes, 157x aufgerufen)
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.08.2010, 16:07   #15
daaaachris
 
Trojaner Problem - Standard

Trojaner Problem



hat funktioniert
da is jetztn fenster mit dem text :
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[reboot]> in the current context!

OTL by OldTimer - Version 3.2.9.1 log created on 08152010_160212

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
..












und ja die lästigen fenster mit den virusen erscheinen nich mehr

Antwort

Themen zu Trojaner Problem
ahnung, hijack, hijackthis, immer wieder, proble, problem, programm, runtergeladen, schließ, schließt, troja, trojaner, trojaner problem, virus



Ähnliche Themen: Trojaner Problem


  1. Trojaner-Warnung/PC-Problem: Liegt es an der Hardware oder an einem Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 17.03.2015 (7)
  2. BKA-Trojaner Problem!
    Plagegeister aller Art und deren Bekämpfung - 11.09.2011 (5)
  3. gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  4. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)
  5. Trojaner-Problem
    Plagegeister aller Art und deren Bekämpfung - 01.02.2010 (2)
  6. Trojaner Problem
    Log-Analyse und Auswertung - 10.01.2010 (3)
  7. Trojaner Problem
    Log-Analyse und Auswertung - 03.11.2008 (30)
  8. Trojaner Problem
    Log-Analyse und Auswertung - 17.10.2008 (35)
  9. Trojaner Problem
    Plagegeister aller Art und deren Bekämpfung - 03.03.2008 (4)
  10. trojaner problem
    Plagegeister aller Art und deren Bekämpfung - 02.01.2008 (14)
  11. Problem mit Trojaner?!
    Plagegeister aller Art und deren Bekämpfung - 11.12.2007 (0)
  12. Problem mit Trojaner?!
    Log-Analyse und Auswertung - 28.04.2006 (12)
  13. Problem - > Trojaner ? :/
    Plagegeister aller Art und deren Bekämpfung - 24.04.2006 (1)
  14. Trojaner Problem
    Log-Analyse und Auswertung - 21.12.2005 (1)
  15. Problem mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.12.2005 (10)
  16. trojaner problem
    Plagegeister aller Art und deren Bekämpfung - 07.02.2005 (8)
  17. Problem mit Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.06.2004 (4)

Zum Thema Trojaner Problem - Ich habe trojaner und keine Ahnung , kann mir jemand helfen? ich habe mir HijackThis runtergeladen aber der virus schließt das programm immer wieder - Trojaner Problem...
Archiv
Du betrachtest: Trojaner Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.