Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.09.2010, 14:00   #1
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



Hallo!

Seit einiger Zeit öffnet sich, wenn ich im Firefox bin, einfach so und in unregelmäßigen Abständen ein neuer Tab und leitet mich auf seltsame URLs weiter. Auch passiert es, dass links (zb Google-Suchergebnisse) auf die ich klicke, weitergeleitet werden und ich so nicht auf die gewünschte Seite gelange.

Ich hab vor 2 Tagen bereits mit Malwarebytes durchgecheckt, dieser hat mir auch was angezeigt. Hab sie dann in Quarantäne geschoben, aber das Problem blieb trotzdem bestehen. Auch nach Löschen dieser Dateien blieb das Problem.

Hier nochmal aktuelle Logs:

Malwarebytes Quick scan
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4613

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

14.09.2010 13:49:13
mbam-log-2010-09-14 (13-49-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137088
Laufzeit: 7 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\16F2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
         
Die infizierte Datei ist zurzeit in der malwarebyte quarantäne

Hijack
Code:
ATTFilter
Logfile of HijackThis v1.99.1
Scan saved at 13:56:35, on 14.09.2010
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\System32\ASUSTPE.exe
C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Users\Nell\AppData\Local\Temp\E_S9EE8.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Mit Bamboo Link annotieren - C:\Program Files\Wacom\Bamboo Link\AnnotateWithErgo.html
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 {de_DE}  (Adobe Version Cue CS3) - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
         
Ich hoffe man kann mir weiterhelfen? Bin echt verzweifelt...
Hab auch schon versucht mit GMER durchlaufen zu lassen, aber da hängt sich mein Laptop auf...Bitte um schnelle Antwort!

Vielen Dank schon mal!

Alt 14.09.2010, 15:09   #2
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



hier noch OTL logs

Code:
ATTFilter
OTL logfile created on: 14.09.2010 14:52:37 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\Nell\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 74,46 Gb Free Space | 49,96% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Pictures\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Pictures\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3746.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vdkybrvg) -- C:\Windows\System32\drivers\vdkybrvg.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.13 19:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.14 08:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.22 14:51:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.01 19:26:27 | 000,000,000 | ---D | M]
 
[2008.10.31 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.14 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions
[2009.10.10 17:09:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.14 14:04:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.06.19 21:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.21 00:08:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.14 10:21:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.06.27 15:47:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.04.07 18:41:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.07.11 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\moveplayer@movenetworks.com
[2010.02.17 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\personas@christopher.beard
[2009.05.22 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\tabkit@jomel.me.uk
[2009.04.13 18:44:13 | 000,002,357 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\photobucket.xml
[2009.04.17 09:55:36 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\wikipedia-eng.xml
[2010.09.14 10:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.14 08:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.05.20 08:08:45 | 000,001,216 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.11 12:01:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08b8dce3-adb6-11dd-ade2-944965b5326d}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{38b8e950-ff9f-11de-a931-002354232830}\Shell\AutoRun\command - "" = I:\installer.exe -- File not found
O33 - MountPoints2\{38b8e950-ff9f-11de-a931-002354232830}\Shell\verb\command - "" = I:\installer.exe -- File not found
O33 - MountPoints2\{6852d1a6-b3b9-11dd-bab2-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{6852d1a6-b3b9-11dd-bab2-002354232830}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{89e1b446-ce9f-11dd-a646-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{89e1b446-ce9f-11dd-a646-002354232830}\Shell\AutoRun\command - "" = H:\pushinst.exe -- File not found
O33 - MountPoints2\{97153c62-a788-11dd-a0ad-002354232830}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{99a84851-5452-11de-837a-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{99a84851-5452-11de-837a-002354232830}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{afdc25a8-ce22-11de-9ff5-002354232830}\Shell\1\Command - "" = H:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{afdc25a8-ce22-11de-9ff5-002354232830}\Shell\2\Command - "" = H:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{e0276d50-4481-11de-abf9-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{e0276d50-4481-11de-abf9-002354232830}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.14 14:50:46 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\***\Pictures\Desktop\OTL.exe
[2010.09.14 08:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.14 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.09.14 08:57:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.14 08:57:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.13 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Roaming\Malwarebytes
[2010.09.13 14:15:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.13 14:15:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.13 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Roaming\Avira
[2010.09.13 11:12:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.09.13 11:12:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.09.12 13:50:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010.08.28 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.08.17 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\***\Pictures\Desktop\hjsplit-2-4
[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.14 14:53:17 | 007,077,888 | -HS- | M] () -- C:\Users\Nell\NTUSER.DAT
[2010.09.14 14:51:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000UA.job
[2010.09.14 14:50:49 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Pictures\Desktop\OTL.exe
[2010.09.14 14:50:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 14:50:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 13:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 10:58:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 10:58:04 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 10:57:05 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 10:57:05 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.14 10:57:02 | 002,645,644 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.09.14 10:56:20 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.14 10:03:29 | 000,156,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.14 09:20:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.14 09:20:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 09:20:07 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 09:20:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 09:20:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.13 11:10:51 | 044,151,368 | ---- | M] () -- C:\Users\***\avira_antivir_personal_de.exe
[2010.09.12 21:32:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 11:14:49 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.11 14:28:46 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.01 08:55:35 | 004,457,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.31 16:52:52 | 000,205,880 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.23 00:51:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000Core.job
[2010.08.22 20:12:10 | 001,099,819 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 20:10:12 | 001,418,929 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 20:10:04 | 001,353,751 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.08.18 15:25:08 | 001,093,522 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
 
========== Files Created - No Company Name ==========
 
[2010.09.13 11:07:48 | 044,151,368 | ---- | C] () -- C:\Users\Nell\avira_antivir_personal_de.exe
[2010.08.26 13:30:38 | 001,093,522 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
[2010.08.22 19:59:59 | 001,099,819 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 19:58:53 | 001,418,929 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 19:58:53 | 001,353,751 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.07.20 16:06:03 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.13 14:36:59 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010.05.07 19:27:51 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.05.04 18:09:10 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.01.21 15:01:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.26 21:32:10 | 000,001,869 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2009.07.07 21:37:26 | 000,001,428 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2009.07.07 21:24:26 | 000,000,144 | ---- | C] () -- C:\Windows\ard.INI
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.06.30 11:27:15 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.06.30 11:27:15 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.06.27 16:01:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.06.27 16:01:08 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.06.07 20:07:55 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.07 20:07:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.28 16:15:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.19 16:23:23 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.14 17:01:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.11 12:32:00 | 000,009,971 | ---- | C] () -- C:\Users\Nell\AppData\Roaming\UserTile.png
[2009.02.07 20:16:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.01.07 17:53:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.07 17:01:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.01.05 18:32:51 | 000,117,607 | ---- | C] () -- C:\Users\***\AppData\Local\debuggee.mdmp
[2008.12.15 17:11:00 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.11.19 13:57:38 | 000,005,515 | ---- | C] () -- C:\Windows\fmachine.ini
[2008.11.15 09:40:49 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.11.05 20:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.01 01:41:37 | 000,156,672 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.01 00:38:55 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.06.12 19:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.11.19 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ambient Design
[2009.02.07 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2009.11.25 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.08.28 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.06.12 11:12:42 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.19 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.08.04 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.01.04 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ergo
[2010.01.21 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2009.10.25 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDRsoft
[2010.09.14 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.05.19 16:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2009.06.19 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfoRapid KnowledgeMap
[2009.10.18 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.02.07 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.11.09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.09.25 12:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2009.06.23 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2010.03.03 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\Smith Micro
[2008.11.02 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\streamripper
[2009.08.26 13:01:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2009.04.02 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.12.26 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toon Boom Animation
[2010.09.14 10:57:08 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:63238B95
< End of report >
         
und extra.txt von otl

Code:
ATTFilter
OTL Extras logfile created on: 14.09.2010 14:52:37 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 74,46 Gb Free Space | 49,96% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0255D2D3-0824-4DD3-B5F0-A0DDFC6F4F51}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B3DA253-F612-418E-890F-C591ACA7334E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA6529B-DED3-459E-ABC6-24CA759A6ADA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1592685D-82DF-4B39-A7A3-DAB09B52210E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{21F2141D-88EE-4BBA-8E47-1FA5810C39FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2310366D-61C9-402F-8E4E-B610F382573F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2585134A-B889-4FDB-90ED-584B2BC90116}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29146AFC-5592-4C04-990E-3B6A56B9BF95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3309E4BC-0CA1-4844-8F27-4DF586D041D1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A545E5E-E09C-4289-9923-3EE9C5369046}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{4C88D1C9-E183-4F6A-BC5E-05B8392CDECA}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{5591D9D7-95BB-4300-B543-464197ACC799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7900F3C0-E59E-4B53-A211-BF189D35F538}" = lport=139 | protocol=6 | dir=in | app=system | 
"{82FC347A-C10E-4C91-AEBB-63A02915B74B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{839020D1-AE17-42F4-8B16-9704CFAD9D29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A52C10C-2D83-4845-A649-CA8EE5E9C6E8}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{93810CF9-4CA5-4629-8245-01641EAE6486}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{9DACEDD2-34FC-4152-B1D9-6A03A6709196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A2B5E0F9-E3EB-4098-A9C8-06BE57DAAEB7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A4D2EBC4-ABFC-4AC0-A9BD-03A700C80832}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{C816FF94-80E1-4C44-9EF0-890542757740}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{D2CBDAF3-429E-41B4-9BF0-C509D4CA9329}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D9C95402-770C-4072-95D3-94C5FAD3B0EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDE94B84-B444-4E7D-B1D0-E808F8C12224}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F17FADDC-AEA5-425B-848D-75F6DDA63A64}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCB3E432-F203-4447-B225-48FC3D05FCD4}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{FE34C042-4B9D-45A1-876B-9EBB62DB1C7A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B6DE89-2746-41BF-AA2E-3F1323B5C414}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{0F4753D5-71CA-4561-B718-4698C2631C61}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{13F632B1-8EBB-459B-96D0-2308986F0CFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{17C9B2F9-6FAE-404A-B4D6-CE17C057BDD0}" = protocol=17 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{211210DF-31A0-4FDC-89B6-B9AA76EE8AA2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{2379EA31-A062-42CE-ACBB-F350E8CF339D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{26D94BCC-012E-4C03-BBC3-3459D4C45089}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{271B041F-77FA-40F8-B3DD-3474AF1799EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2AB84766-5CDB-441C-A60B-39E13B38A76C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{37FB04A4-D202-4295-A2AA-740815944E23}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42E634EB-E348-47CA-B2B3-3EE16CC5A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4388F2A3-4151-4BA0-8D9D-D50733A3852B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{45498C46-E805-4BE2-94A8-83CEA7C13496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{491BE2B3-F3A0-43B4-B63B-F059FAD74EFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4E04A3B9-4B92-4769-96E6-D9A8D5D6EE9C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54CFB749-C6A1-459B-B66F-25AB0CCEE3B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6C0FCA62-1385-4EC1-96FA-676031F0ABCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7037A1CB-3DCA-4260-A013-3335033680E5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7088D84D-93B9-4BD5-B651-C0D436FD2C1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{773176F8-80B3-4EB4-BDB8-52FC6ECF94D3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{77BFD588-7E63-449E-B9AF-50D82D7CC8C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A7BA692-5295-4715-AFA7-2E3F10775DA6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A83BADCD-BF84-4A18-8C71-0B3F95073D15}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A8C80329-72F6-4D63-82D9-0DEB3DBDB451}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A8F94C7A-11F7-4C04-8E2E-8A9AB95E2A04}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{BDACD7C6-5B23-432A-B8DE-85AF2000DF7C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{C03B55AF-BF57-4A41-9E10-8CA7F4A14B35}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C15800E9-C919-4477-84A3-B0178122FB83}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{C2C95D94-EE75-4CE1-B4BE-5AF3CAC3C236}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C594F7F4-081B-4BA5-B66E-D94ED8206810}" = protocol=6 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{CD76DFFB-6EDA-49A7-82A4-24EAFDD91AAE}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{D421A6F2-217E-470E-BCE5-31F0F4CD4C6C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{D663EC76-275B-429A-951B-B97995248F89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC70C821-5A76-485F-B17B-1AB6895E9626}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{EC654771-6668-41D9-A9AC-2A24AFE9E8B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FFFC8CCA-10FC-47F1-A001-4A857B26460A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{347CCAF7-1EAF-491F-AA34-A2F0339BD1C3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{41C6FC3E-0B2C-4EC0-B497-B8C54E09206B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{5B2C2A14-B7DE-47A3-8EC6-32BD4631655B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5D4ACB67-F674-4435-BA90-EC363DF81DD8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6AA83415-26E7-4A87-8621-24956A665CB5}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{A0D55E3A-C439-4FCD-8060-7C1B42C802E0}C:\program files\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"TCP Query User{BBB381CD-6BA8-4E86-B6F5-68D4021BAE7A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{DC133570-8F47-49B7-A6D0-B9E2D8D2BCEE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{ECE0E72A-EADA-47B9-B8E4-08687E6028A5}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"TCP Query User{EEF4BD77-0D4E-446F-892D-320F66C0486A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{00571C99-3CD9-461C-A53F-34405055F658}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{16D21D97-E986-486F-886B-AB702EA20EE5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{23155057-81B2-41D0-BD0C-845058F58A6B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{357A2751-E57D-4E77-88CF-7CBC8F06D7F8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{3E4FF792-A79E-4081-BC31-47B1F11526CC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{720A7EE6-6C7A-4BDF-964D-193FD0DDE630}C:\program files\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"UDP Query User{72D503C5-0F29-4953-A4B6-D8B63FAF9DFE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{7747252B-0D3A-4903-BA75-9E7E3C481E84}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"UDP Query User{9EA4F382-D5D5-4CA7-AAD8-0AC9E4070EDE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{BB590F7A-94DC-4CFC-8AA7-C95643D47245}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_911" = Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD61A916-AE14-4B3B-BDBE-CD9583DFAC22}" = Toon Boom Animate Pro PLE
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = MSI DigiVox Duo Utilities
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"ArtRage_is1" = ArtRage 2.1
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileZilla" = FileZilla (remove only)
"HijackThis" = HijackThis 1.99.1
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JTablet" = JTablet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Pen Tablet Driver" = Stifttablett
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAfaDrv" = MSI DigiVox Duo BDA Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2010 11:47:07 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.08.2010 11:47:07 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.08.2010 11:48:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 09:45:52 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xc74, Anwendungsstartzeit
 01cb36de77059032.
 
Error - 08.08.2010 18:19:10 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xdb0, Anwendungsstartzeit
 01cb373a33f39332.
 
Error - 09.08.2010 14:09:12 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0x16cc, Anwendungsstartzeit
 01cb37c6555970f2.
 
Error - 09.08.2010 17:46:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xdf0, Anwendungsstartzeit
 01cb38060b8962f8.
 
Error - 11.08.2010 10:45:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.08.2010 10:45:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.08.2010 10:46:41 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.02.2009 11:20:37 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.12.2009 11:22:10 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 30.01.2009 15:38:27 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:04:48 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:38:16 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:50:23 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 17:02:30 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:35:13 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:37:13 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.01.2009 03:37:20 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:16:34 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:43:25 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
 
< End of report >
         
hoffe, ihr könnt mir irgendwie helfen...hab nämlich ehrlich gesagt nicht viel ahnung davon...
__________________


Alt 14.09.2010, 15:09   #3
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



hmm, wer keine updates macht, muss sich nicht wundern.
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txtb
__________________

Alt 14.09.2010, 15:10   #4
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



oh danke, hab eben noch OTL logs gepostet, aber mach gleich noch welche mit der textbox

ja..die updates @.@
aber ich wollt heut morgen einen machen, und es ging nicht...

Alt 14.09.2010, 15:25   #5
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



ja nu iss auch erst mal zu spät :-) wir kümmern uns später darum, das dann möglichst nie wieder irgend ein programm nicht aktuell ist.


Alt 14.09.2010, 16:00   #6
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



hier die neuen OTL logs

Code:
ATTFilter
OTL logfile created on: 14.09.2010 15:11:50 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 74,46 Gb Free Space | 49,96% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nell\Pictures\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Nell\Pictures\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3746.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vdkybrvg) -- C:\Windows\System32\drivers\vdkybrvg.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.13 19:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.14 08:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.22 14:51:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.04.01 19:26:27 | 000,000,000 | ---D | M]
 
[2008.10.31 17:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.14 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions
[2009.10.10 17:09:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.14 14:04:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.06.19 21:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.21 00:08:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.14 10:21:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.06.27 15:47:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.04.07 18:41:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.07.11 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\moveplayer@movenetworks.com
[2010.02.17 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\personas@christopher.beard
[2009.05.22 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\tabkit@jomel.me.uk
[2009.04.13 18:44:13 | 000,002,357 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\photobucket.xml
[2009.04.17 09:55:36 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\wikipedia-eng.xml
[2010.09.14 10:21:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.14 08:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.05.20 08:08:45 | 000,001,216 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-1902280874-368981522-578756865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1902280874-368981522-578756865-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1902280874-368981522-578756865-1000..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.11 12:01:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08b8dce3-adb6-11dd-ade2-944965b5326d}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found
O33 - MountPoints2\{38b8e950-ff9f-11de-a931-002354232830}\Shell\AutoRun\command - "" = I:\installer.exe -- File not found
O33 - MountPoints2\{38b8e950-ff9f-11de-a931-002354232830}\Shell\verb\command - "" = I:\installer.exe -- File not found
O33 - MountPoints2\{6852d1a6-b3b9-11dd-bab2-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{6852d1a6-b3b9-11dd-bab2-002354232830}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{89e1b446-ce9f-11dd-a646-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{89e1b446-ce9f-11dd-a646-002354232830}\Shell\AutoRun\command - "" = H:\pushinst.exe -- File not found
O33 - MountPoints2\{97153c62-a788-11dd-a0ad-002354232830}\Shell\AutoRun\command - "" = I:\setupSNK.exe -- File not found
O33 - MountPoints2\{99a84851-5452-11de-837a-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{99a84851-5452-11de-837a-002354232830}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{afdc25a8-ce22-11de-9ff5-002354232830}\Shell\1\Command - "" = H:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{afdc25a8-ce22-11de-9ff5-002354232830}\Shell\2\Command - "" = H:\.\RECYCLER\Lcass.exe -- File not found
O33 - MountPoints2\{e0276d50-4481-11de-abf9-002354232830}\Shell - "" = AutoRun
O33 - MountPoints2\{e0276d50-4481-11de-abf9-002354232830}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA19xx Gere-Manager.lnk - C:\Program Files\Philips\GoGear SA19xx Device Manager\main.exe - (KeenHigh Tech.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk - C:\Program Files\MSI\DigiVox Duo Utilities\AFRCtl.exe - ()
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe ()
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\ASScrPro.exe ()
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig - StartUpReg: EPSON SX100 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: P2Go_Menu - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {14763549-5970-DA71-7A01-4D4B37EE74D4} - Microsoft Windows Media Player
ActiveX: {1F0139EC-7910-EF16-D0A0-97ACC809E0CC} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A98DB22-77D7-9EB1-DC9B-C3D2E301C9AC} - Microsoft VM
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3475B756-0882-F0F0-C01D-A455865B2B2F} - Microsoft Windows Media Player
ActiveX: {34E9F416-FE4D-F476-3561-A767476F7D87} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3D82A22D-96BE-23CB-142D-77EF24E2D9ED} - LightScribe Control Panel
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {88748021-B258-5CC4-3A0C-8D2636C62F86} - Browser Customizations
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A74AD3A1-0CE4-AC6B-B6AE-0C10928E6B80} - 
ActiveX: {AE7B574E-61DE-5627-1E8A-9894162A84CF} - LightScribe Control Panel
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.14 14:50:46 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Nell\Pictures\Desktop\OTL.exe
[2010.09.14 08:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.14 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.09.14 08:57:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.14 08:57:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.13 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Roaming\Malwarebytes
[2010.09.13 14:15:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.13 14:15:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.13 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Roaming\Avira
[2010.09.13 11:12:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.09.13 11:12:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.09.12 13:50:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010.08.28 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Roaming\CELSYS
[2010.08.17 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\Nell\Pictures\Desktop\hjsplit-2-4
[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.14 15:12:46 | 007,077,888 | -HS- | M] () -- C:\Users\Nell\NTUSER.DAT
[2010.09.14 14:51:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000UA.job
[2010.09.14 14:50:49 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Nell\Pictures\Desktop\OTL.exe
[2010.09.14 14:50:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 14:50:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 13:29:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 10:58:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 10:58:04 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 10:57:05 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 10:57:05 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.14 10:57:02 | 002,645,644 | -H-- | M] () -- C:\Users\Nell\AppData\Local\IconCache.db
[2010.09.14 10:56:20 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.14 10:03:29 | 000,156,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.14 09:20:07 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.14 09:20:07 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 09:20:07 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 09:20:07 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 09:20:07 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.13 11:10:51 | 044,151,368 | ---- | M] () -- C:\Users\Nell\avira_antivir_personal_de.exe
[2010.09.12 21:32:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 11:14:49 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.11 14:28:46 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.01 08:55:35 | 004,457,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.31 16:52:52 | 000,205,880 | ---- | M] () -- C:\Users\Nell\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.23 00:51:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000Core.job
[2010.08.22 20:12:10 | 001,099,819 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 20:10:12 | 001,418,929 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 20:10:04 | 001,353,751 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.08.18 15:25:08 | 001,093,522 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
 
========== Files Created - No Company Name ==========
 
[2010.09.13 11:07:48 | 044,151,368 | ---- | C] () -- C:\Users\Nell\avira_antivir_personal_de.exe
[2010.08.26 13:30:38 | 001,093,522 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
[2010.08.22 19:59:59 | 001,099,819 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 19:58:53 | 001,418,929 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 19:58:53 | 001,353,751 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.07.20 16:06:03 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.13 14:36:59 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010.05.07 19:27:51 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.05.04 18:09:10 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.01.21 15:01:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.26 21:32:10 | 000,001,869 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2009.07.07 21:37:26 | 000,001,428 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2009.07.07 21:24:26 | 000,000,144 | ---- | C] () -- C:\Windows\ard.INI
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.06.30 11:27:15 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.06.30 11:27:15 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.06.27 16:01:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.06.27 16:01:08 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.06.07 20:07:55 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.07 20:07:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.28 16:15:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.05.19 16:23:23 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.03.14 17:01:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.11 12:32:00 | 000,009,971 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png
[2009.02.07 20:16:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.01.07 17:53:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.07 17:01:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.01.05 18:32:51 | 000,117,607 | ---- | C] () -- C:\Users\***\AppData\Local\debuggee.mdmp
[2008.12.15 17:11:00 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.11.19 13:57:38 | 000,005,515 | ---- | C] () -- C:\Windows\fmachine.ini
[2008.11.15 09:40:49 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.11.05 20:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.01 01:41:37 | 000,156,672 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.01 00:38:55 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.06.12 19:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.11.19 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ambient Design
[2009.02.07 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2009.11.25 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.08.28 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.06.12 11:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.19 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.08.04 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.01.04 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ergo
[2010.01.21 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2009.10.25 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDRsoft
[2010.09.14 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.05.19 16:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2009.06.19 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfoRapid KnowledgeMap
[2009.10.18 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.02.07 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.11.09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.09.25 12:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2009.06.23 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2010.03.03 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smith Micro
[2008.11.02 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2009.08.26 13:01:40 | 000,000,000 | ---D | M] -- C:\Users\***AppData\Roaming\SYSTEMAX Software Development
[2009.04.02 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.12.26 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toon Boom Animation
[2010.09.14 10:57:08 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.15 10:57:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2009.05.20 12:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ahead
[2008.11.19 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ambient Design
[2010.01.02 22:44:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ArcSoft
[2009.02.07 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2008.10.31 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2009.11.25 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.09.13 11:17:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.08.28 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.06.12 11:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.19 16:29:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2009.05.19 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.07.28 18:19:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2009.06.23 17:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Download Manager
[2010.04.13 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.01.30 13:31:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.08.04 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.01.04 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ergo
[2010.01.21 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2009.10.25 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDRsoft
[2010.09.14 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.10.31 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2009.05.19 16:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2009.06.19 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfoRapid KnowledgeMap
[2009.01.07 17:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2009.10.18 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.02.07 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.10.31 16:37:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.09.13 14:15:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.09.14 10:59:01 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.04.02 17:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2008.11.09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.09.25 12:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2009.06.23 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2009.07.04 13:35:18 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2010.06.16 21:28:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2009.05.23 16:38:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.03.03 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smith Micro
[2008.11.02 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2008.10.31 16:37:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Symantec
[2009.08.26 13:01:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2009.04.02 17:03:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.12.26 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toon Boom Animation
[2010.09.14 09:58:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2008.11.03 19:26:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2008.10.31 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2010.09.14 10:58:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WTablet
 
< %APPDATA%\*.exe /s >
[2009.10.09 03:18:10 | 026,805,255 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2009.11.04 16:50:22 | 000,089,962 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2008.05.29 08:03:08 | 000,037,176 | ---- | M] () -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.12.30 17:17:43 | 001,850,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Nell\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008.12.29 22:28:09 | 000,015,086 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{A2E23800-051D-4F35-8169-85F5739A04C5}\icons.exe
[2008.12.13 11:03:14 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\Foren.exe
[2008.12.13 11:03:14 | 000,000,766 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}\htmledit.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2010.09.12 18:32:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\ATAPI.SYS
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.05.19 16:23:23 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.03.09 16:01:17 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:63238B95
< End of report >
         

Alt 14.09.2010, 16:01   #7
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



und die extas.txt

Code:
ATTFilter
OTL Extras logfile created on: 14.09.2010 15:11:50 - Run 1
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 74,46 Gb Free Space | 49,96% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0255D2D3-0824-4DD3-B5F0-A0DDFC6F4F51}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B3DA253-F612-418E-890F-C591ACA7334E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA6529B-DED3-459E-ABC6-24CA759A6ADA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1592685D-82DF-4B39-A7A3-DAB09B52210E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{21F2141D-88EE-4BBA-8E47-1FA5810C39FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2310366D-61C9-402F-8E4E-B610F382573F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2585134A-B889-4FDB-90ED-584B2BC90116}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29146AFC-5592-4C04-990E-3B6A56B9BF95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3309E4BC-0CA1-4844-8F27-4DF586D041D1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A545E5E-E09C-4289-9923-3EE9C5369046}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{4C88D1C9-E183-4F6A-BC5E-05B8392CDECA}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{5591D9D7-95BB-4300-B543-464197ACC799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7900F3C0-E59E-4B53-A211-BF189D35F538}" = lport=139 | protocol=6 | dir=in | app=system | 
"{82FC347A-C10E-4C91-AEBB-63A02915B74B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{839020D1-AE17-42F4-8B16-9704CFAD9D29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8A52C10C-2D83-4845-A649-CA8EE5E9C6E8}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
"{93810CF9-4CA5-4629-8245-01641EAE6486}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{9DACEDD2-34FC-4152-B1D9-6A03A6709196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A2B5E0F9-E3EB-4098-A9C8-06BE57DAAEB7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A4D2EBC4-ABFC-4AC0-A9BD-03A700C80832}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{C816FF94-80E1-4C44-9EF0-890542757740}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{D2CBDAF3-429E-41B4-9BF0-C509D4CA9329}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D9C95402-770C-4072-95D3-94C5FAD3B0EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDE94B84-B444-4E7D-B1D0-E808F8C12224}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F17FADDC-AEA5-425B-848D-75F6DDA63A64}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCB3E432-F203-4447-B225-48FC3D05FCD4}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{FE34C042-4B9D-45A1-876B-9EBB62DB1C7A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B6DE89-2746-41BF-AA2E-3F1323B5C414}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{0F4753D5-71CA-4561-B718-4698C2631C61}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{13F632B1-8EBB-459B-96D0-2308986F0CFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{17C9B2F9-6FAE-404A-B4D6-CE17C057BDD0}" = protocol=17 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{211210DF-31A0-4FDC-89B6-B9AA76EE8AA2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{2379EA31-A062-42CE-ACBB-F350E8CF339D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{26D94BCC-012E-4C03-BBC3-3459D4C45089}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{271B041F-77FA-40F8-B3DD-3474AF1799EB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2AB84766-5CDB-441C-A60B-39E13B38A76C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{37FB04A4-D202-4295-A2AA-740815944E23}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42E634EB-E348-47CA-B2B3-3EE16CC5A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4388F2A3-4151-4BA0-8D9D-D50733A3852B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{45498C46-E805-4BE2-94A8-83CEA7C13496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{491BE2B3-F3A0-43B4-B63B-F059FAD74EFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4E04A3B9-4B92-4769-96E6-D9A8D5D6EE9C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54CFB749-C6A1-459B-B66F-25AB0CCEE3B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6C0FCA62-1385-4EC1-96FA-676031F0ABCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7037A1CB-3DCA-4260-A013-3335033680E5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7088D84D-93B9-4BD5-B651-C0D436FD2C1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{773176F8-80B3-4EB4-BDB8-52FC6ECF94D3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{77BFD588-7E63-449E-B9AF-50D82D7CC8C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A7BA692-5295-4715-AFA7-2E3F10775DA6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A83BADCD-BF84-4A18-8C71-0B3F95073D15}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A8C80329-72F6-4D63-82D9-0DEB3DBDB451}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A8F94C7A-11F7-4C04-8E2E-8A9AB95E2A04}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{BDACD7C6-5B23-432A-B8DE-85AF2000DF7C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{C03B55AF-BF57-4A41-9E10-8CA7F4A14B35}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C15800E9-C919-4477-84A3-B0178122FB83}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{C2C95D94-EE75-4CE1-B4BE-5AF3CAC3C236}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C594F7F4-081B-4BA5-B66E-D94ED8206810}" = protocol=6 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{CD76DFFB-6EDA-49A7-82A4-24EAFDD91AAE}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{D421A6F2-217E-470E-BCE5-31F0F4CD4C6C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{D663EC76-275B-429A-951B-B97995248F89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC70C821-5A76-485F-B17B-1AB6895E9626}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{EC654771-6668-41D9-A9AC-2A24AFE9E8B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FFFC8CCA-10FC-47F1-A001-4A857B26460A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{347CCAF7-1EAF-491F-AA34-A2F0339BD1C3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{41C6FC3E-0B2C-4EC0-B497-B8C54E09206B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{5B2C2A14-B7DE-47A3-8EC6-32BD4631655B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5D4ACB67-F674-4435-BA90-EC363DF81DD8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6AA83415-26E7-4A87-8621-24956A665CB5}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{A0D55E3A-C439-4FCD-8060-7C1B42C802E0}C:\program files\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"TCP Query User{BBB381CD-6BA8-4E86-B6F5-68D4021BAE7A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{DC133570-8F47-49B7-A6D0-B9E2D8D2BCEE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{ECE0E72A-EADA-47B9-B8E4-08687E6028A5}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"TCP Query User{EEF4BD77-0D4E-446F-892D-320F66C0486A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{00571C99-3CD9-461C-A53F-34405055F658}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{16D21D97-E986-486F-886B-AB702EA20EE5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{23155057-81B2-41D0-BD0C-845058F58A6B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{357A2751-E57D-4E77-88CF-7CBC8F06D7F8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{3E4FF792-A79E-4081-BC31-47B1F11526CC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{720A7EE6-6C7A-4BDF-964D-193FD0DDE630}C:\program files\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"UDP Query User{72D503C5-0F29-4953-A4B6-D8B63FAF9DFE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{7747252B-0D3A-4903-BA75-9E7E3C481E84}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"UDP Query User{9EA4F382-D5D5-4CA7-AAD8-0AC9E4070EDE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{BB590F7A-94DC-4CFC-8AA7-C95643D47245}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_911" = Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD61A916-AE14-4B3B-BDBE-CD9583DFAC22}" = Toon Boom Animate Pro PLE
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = MSI DigiVox Duo Utilities
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"ArtRage_is1" = ArtRage 2.1
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileZilla" = FileZilla (remove only)
"HijackThis" = HijackThis 1.99.1
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JTablet" = JTablet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"Pen Tablet Driver" = Stifttablett
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAfaDrv" = MSI DigiVox Duo BDA Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xampp" = XAMPP 1.7.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2010 11:47:07 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.08.2010 11:47:07 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 06.08.2010 11:48:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.08.2010 09:45:52 | Computer Name = ***| Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xc74, Anwendungsstartzeit
 01cb36de77059032.
 
Error - 08.08.2010 18:19:10 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xdb0, Anwendungsstartzeit
 01cb373a33f39332.
 
Error - 09.08.2010 14:09:12 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0x16cc, Anwendungsstartzeit
 01cb37c6555970f2.
 
Error - 09.08.2010 17:46:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0xdf0, Anwendungsstartzeit
 01cb38060b8962f8.
 
Error - 11.08.2010 10:45:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.08.2010 10:45:46 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.08.2010 10:46:41 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.02.2009 11:20:37 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.12.2009 11:22:10 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 30.01.2009 15:38:27 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:04:48 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:38:16 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:50:23 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 17:02:30 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:35:13 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:37:13 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.01.2009 03:37:20 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:16:34 | Computer Name = ***| Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:43:25 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
 
< End of report >
         

Alt 14.09.2010, 16:30   #8
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Alt 14.09.2010, 17:25   #9
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



ok, hier ist es

Code:
ATTFilter
ComboFix 10-09-13.02 - MeinUserName 14.09.2010  17:01:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.2199 [GMT 2:00]
ausgeführt von:: c:\users\MeinUserName\Pictures\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\MeinUserName\avira_antivir_personal_de.exe
c:\users\MeinUserName\avira_antivir_personal_de407.exe

Infizierte Kopie von c:\windows\system32\drivers\crcdisk.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-14 06:58 . 2010-09-14 06:58	--------	d-----w-	c:\program files\Common Files\Java
2010-09-14 06:57 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-13 12:15 . 2010-09-13 12:15	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\Malwarebytes
2010-09-13 12:15 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 12:15 . 2010-09-13 12:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-13 12:15 . 2010-09-13 12:15	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-13 12:15 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-13 09:17 . 2010-09-13 09:17	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\Avira
2010-09-13 09:12 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-09-13 09:12 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-09-12 16:32 . 2010-09-12 16:32	21560	----a-w-	c:\windows\system32\drivers\ATAPI.SYS
2010-09-12 11:50 . 2010-09-12 16:34	--------	d-----w-	c:\windows\system32\MpEngineStore
2010-08-28 18:34 . 2010-08-28 18:34	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\CELSYS

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 15:16 . 2010-05-04 14:11	--------	d-----w-	c:\program files\Common Files\Akamai
2010-09-14 15:06 . 2008-04-16 11:11	621952	----a-w-	c:\windows\system32\perfh007.dat
2010-09-14 15:06 . 2008-04-16 11:11	123852	----a-w-	c:\windows\system32\perfc007.dat
2010-09-14 15:00 . 2008-12-16 18:33	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\WTablet
2010-09-14 13:40 . 2008-11-09 11:59	1	----a-w-	c:\users\Nell\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-14 08:10 . 2008-11-01 09:47	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\ICQ
2010-09-14 07:58 . 2009-12-09 00:42	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\vlc
2010-09-14 07:19 . 2009-08-26 13:36	--------	d-----w-	c:\program files\Easy Paint Tool SAI
2010-09-14 06:59 . 2008-12-13 09:03	--------	d-----w-	c:\program files\phase5
2010-09-14 06:57 . 2009-01-02 18:41	--------	d-----w-	c:\program files\Java
2010-08-31 14:52 . 2008-10-31 14:32	205880	----a-w-	c:\users\MeinUserName\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-30 07:32 . 2010-06-19 19:11	--------	d-----w-	c:\program files\ICQ7.2
2010-08-04 16:57 . 2009-01-07 18:29	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\EPSON
2010-07-28 16:19 . 2010-04-01 17:25	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\DivX
2010-07-22 13:07 . 2010-07-22 13:04	--------	d-----w-	c:\program files\Flobo PSD Recovery
2010-06-16 17:50 . 2010-06-16 17:50	1079048	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-07-02 02:28 . 2008-07-02 02:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 . 2008-05-22 16:35	51962	----a-w-	c:\program files\Common Files\banner.jpg
2007-06-12 17:34 . 2007-06-12 17:34	35822	----a-w-	c:\program files\Common Files\ASPG_icon.ico
1999-07-07 00:00 . 1999-07-07 00:00	6	--sh--r-	c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\MeinUserName\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 8.0"="c:\program files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA19xx Gere-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips SA19xx Gere-Manager.lnk
backup=c:\windows\pss\Philips SA19xx Gere-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-02-27 14:54	38768	----a-w-	c:\program files\CS4Master\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32	203264	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-20 17:12	47672	----a-w-	c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-20 17:13	33136	----a-w-	c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 16:26	283136	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14	147456	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-05 15:29	135664	----atw-	c:\users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11	210216	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 vdkybrvg;vdkybrvg;c:\windows\system32\drivers\vdkybrvg.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-19 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000Core.job
- c:\users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 15:29]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000UA.job
- c:\users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 15:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit Bamboo Link annotieren - c:\program files\Wacom\Bamboo Link\AnnotateWithErgo.html
FF - ProfilePath - c:\users\Nell\AppData\Roaming\Mozilla\Firefox\Profiles\sambz7ad.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\Nell\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-14 17:15
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 


C:\ADSM_PData_0150

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-14  17:19:36
ComboFix-quarantined-files.txt  2010-09-14 15:19

Vor Suchlauf: 10 Verzeichnis(se), 79.564.644.352 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 81.962.975.232 Bytes frei

- - End Of File - - 297B20F0FE532142992AE1FEC4B15CB9
         

Alt 14.09.2010, 17:37   #10
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



start programme zubehör editor, kopiere rein:

Killall::
Rootkit::
c:\windows\system32\drivers\vdkybrv.sys
Driver::
vdkybrv

datei speichern unter, ort, dort wo sich combofix.exe befindet.
typ, alle dateien.
name
cfscript.txt
ziehe cfscript auf combofix, programm startet, log posten.

Alt 14.09.2010, 18:38   #11
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



ich hoffe, ich habs richtig gemacht ^^''

Code:
ATTFilter
ComboFix 10-09-13.02 - MeinUserName14.09.2010  18:07:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.1781 [GMT 2:00]
ausgeführt von:: c:\users\MeinUserName\Pictures\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\MeinUserName\Pictures\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((   Dateien erstellt von 2010-08-14 bis 2010-09-14  ))))))))))))))))))))))))))))))
.

2010-09-14 16:18 . 2010-09-14 16:21	--------	d-----w-	c:\users\MeinUserName\AppData\Local\temp
2010-09-14 16:18 . 2010-09-14 16:18	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-09-14 16:18 . 2010-09-14 16:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-09-14 06:58 . 2010-09-14 06:58	--------	d-----w-	c:\program files\Common Files\Java
2010-09-14 06:57 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-13 12:15 . 2010-09-13 12:15	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\Malwarebytes
2010-09-13 12:15 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-13 12:15 . 2010-09-13 12:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-13 12:15 . 2010-09-13 12:15	--------	d-----w-	c:\programdata\Malwarebytes
2010-09-13 12:15 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-13 09:17 . 2010-09-13 09:17	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\Avira
2010-09-13 09:12 . 2009-05-11 10:49	51992	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2010-09-13 09:12 . 2009-05-11 10:49	17016	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2010-09-12 16:32 . 2010-09-12 16:32	21560	----a-w-	c:\windows\system32\drivers\ATAPI.SYS
2010-09-12 11:50 . 2010-09-12 16:34	--------	d-----w-	c:\windows\system32\MpEngineStore
2010-08-28 18:34 . 2010-08-28 18:34	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\CELSYS

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 16:20 . 2008-12-16 18:33	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\WTablet
2010-09-14 16:20 . 2010-05-04 14:11	--------	d-----w-	c:\program files\Common Files\Akamai
2010-09-14 15:06 . 2008-04-16 11:11	621952	----a-w-	c:\windows\system32\perfh007.dat
2010-09-14 15:06 . 2008-04-16 11:11	123852	----a-w-	c:\windows\system32\perfc007.dat
2010-09-14 08:10 . 2008-11-01 09:47	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\ICQ
2010-09-14 07:58 . 2009-12-09 00:42	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\vlc
2010-09-14 07:19 . 2009-08-26 13:36	--------	d-----w-	c:\program files\Easy Paint Tool SAI
2010-09-14 06:59 . 2008-12-13 09:03	--------	d-----w-	c:\program files\phase5
2010-09-14 06:57 . 2009-01-02 18:41	--------	d-----w-	c:\program files\Java
2010-08-31 14:52 . 2008-10-31 14:32	205880	----a-w-	c:\users\MeinUserName\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-30 07:32 . 2010-06-19 19:11	--------	d-----w-	c:\program files\ICQ7.2
2010-08-04 16:57 . 2009-01-07 18:29	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\EPSON
2010-07-28 16:19 . 2010-04-01 17:25	--------	d-----w-	c:\users\MeinUserName\AppData\Roaming\DivX
2010-07-22 13:07 . 2010-07-22 13:04	--------	d-----w-	c:\program files\Flobo PSD Recovery
2008-07-02 02:28 . 2008-07-02 02:28	61440	----a-w-	c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 . 2008-05-22 16:35	51962	----a-w-	c:\program files\Common Files\banner.jpg
2007-06-12 17:34 . 2007-06-12 17:34	35822	----a-w-	c:\program files\Common Files\ASPG_icon.ico
1999-07-07 00:00 . 1999-07-07 00:00	6	--sh--r-	c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08	143360	----a-w-	c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-10-08 21:18	77824	----a-w-	c:\users\MeinUserName\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\MeinUserName\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-05 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744]
"ASUSTPE"="c:\windows\system32\ASUSTPE.exe" [2007-10-12 106496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acrobat Assistant 8.0"="c:\program files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
" Malwarebytes Anti-Malware  (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Philips SA19xx Gere-Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Philips SA19xx Gere-Manager.lnk
backup=c:\windows\pss\Philips SA19xx Gere-Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2009-02-27 14:54	38768	----a-w-	c:\program files\CS4Master\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58	611712	----a-w-	c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32	203264	----a-w-	c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2008-09-20 17:12	47672	----a-w-	c:\windows\AsScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2008-09-20 17:13	33136	----a-w-	c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2007-02-02 16:26	283136	----a-w-	c:\program files\avmwlanstick\FRITZWLANMini.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-01-15 14:14	147456	----a-w-	c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 02:52	104936	----a-w-	c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX100 Series]
2008-02-05 06:00	188928	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-05 15:29	135664	----atw-	c:\users\MeinUserName\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40	155648	----a-w-	c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-14 01:11	210216	----a-w-	c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 vdkybrvg;vdkybrvg;c:\windows\system32\drivers\vdkybrvg.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2006-04-06 264704]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-21 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-21 8320]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2008-12-09 24636]
R4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-19 721904]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-01-19 2789160]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000Core.job
- c:\users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 15:29]

2010-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000UA.job
- c:\users\Nell\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-05 15:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Mit Bamboo Link annotieren - c:\program files\Wacom\Bamboo Link\AnnotateWithErgo.html
FF - ProfilePath - c:\users\Nell\AppData\Roaming\Mozilla\Firefox\Profiles\sambz7ad.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\users\Nell\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3564)
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
c:\users\Nell\AppData\Roaming\Dropbox\bin\DropboxExt.3.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\WUDFHost.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-14  18:31:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-14 16:31
ComboFix2.txt  2010-09-14 15:19

Vor Suchlauf: 12 Verzeichnis(se), 81.870.843.904 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 81.211.752.448 Bytes frei

- - End Of File - - 08555F02A5D0596800BABA92EDA4965C
         

Alt 14.09.2010, 19:03   #12
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



ok, jetzt wird erst mal geupdatet.
1. windows update seite aufsuchen, servicepack 2 aufspielen + sonstige wichtigen updates. auch internetexplorer 8
2.
Secunia:
http://www.trojaner-board.de/83959-s...ector-psi.html
und file hippo update checker:
FileHippo.com Update Checker - FileHippo.com
das file Hippo Symbol wird im infobereich neben der uhr auftauchen, mache bitte nen rechtsklick darauf, wähle settings, results, setze einen haken bei "hide beta updates" klicke ok.
alle updates instalieren, die programme behalten, damit du in zukunft siehst, was nen update benötigt. so verringerst du das risiko einer infektion!!
3. neue otl logs erstellen und posten.
4. berichte, wie der pc läuft.

Alt 14.09.2010, 20:57   #13
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



die updates haben problemlos funktioniert, danke schonmal!

hier noch OTL logs
Code:
ATTFilter
OTL logfile created on: 14.09.2010 20:45:10 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 76,65 Gb Free Space | 51,43% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Pictures\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\ASPG.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Windows\System32\ASUSTPE.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Pictures\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3746.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vdkybrvg) -- C:\Windows\System32\drivers\vdkybrvg.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1902280874-368981522-578756865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.14 19:57:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.14 20:43:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.14 20:13:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.09.14 20:43:37 | 000,000,000 | ---D | M]
 
[2010.09.14 20:13:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.09.14 20:13:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.14 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions
[2009.10.10 17:09:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nell\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.14 14:04:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.06.19 21:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.21 00:08:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.09.14 10:21:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.06.27 15:47:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.04.07 18:41:46 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009.07.11 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\moveplayer@movenetworks.com
[2010.02.17 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\personas@christopher.beard
[2009.05.22 12:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sambz7ad.default\extensions\tabkit@jomel.me.uk
[2009.04.13 18:44:13 | 000,002,357 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\photobucket.xml
[2009.04.17 09:55:36 | 000,001,032 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\sambz7ad.default\searchplugins\wikipedia-eng.xml
[2010.09.14 19:57:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.14 08:57:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.06.30 23:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
 
O1 HOSTS File: ([2010.09.14 18:20:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKU\S-1-5-21-1902280874-368981522-578756865-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\CS4Master\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUSTPE] C:\Windows\System32\ASUSTPE.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902280874-368981522-578756865-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nell\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.11 12:01:15 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.14 20:41:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.09.14 20:25:22 | 043,425,624 | ---- | C] (                                   ) -- C:\Users\***\Pictures\Desktop\AdbeRdr934_en_US.exe
[2010.09.14 20:17:31 | 011,285,608 | ---- | C] (Nullsoft, Inc.) -- C:\Users\***\Pictures\Desktop\winamp5581_full_emusic-7plus_en-us.exe
[2010.09.14 20:10:30 | 009,425,128 | ---- | C] (Mozilla) -- C:\Users\***\Pictures\Desktop\Thunderbird Setup 3.1.3.exe
[2010.09.14 19:59:15 | 001,247,568 | ---- | C] (Microsoft Corporation) -- C:\Users\***\Pictures\Desktop\wlsetup-custom.exe
[2010.09.14 19:54:24 | 008,539,024 | ---- | C] (Mozilla) -- C:\Users\***\Pictures\Desktop\Firefox Setup 3.6.9.exe
[2010.09.14 19:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2010.09.14 19:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010.09.14 19:51:32 | 000,734,168 | ---- | C] (Secunia) -- C:\Users\Nell\Pictures\Desktop\PSISetup1502secunia.exe
[2010.09.14 19:33:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.09.14 19:33:05 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.09.14 19:33:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.09.14 19:33:01 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.09.14 19:33:01 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.09.14 19:31:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.09.14 19:24:15 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.09.14 19:24:15 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.09.14 19:24:14 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.09.14 19:22:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.09.14 19:22:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.09.14 19:09:57 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.09.14 19:09:49 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.09.14 19:09:49 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.14 19:09:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.09.14 19:09:48 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.09.14 19:09:48 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.14 19:09:46 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.14 19:09:46 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.14 19:09:46 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.09.14 19:09:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.09.14 19:09:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.14 19:09:46 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.09.14 19:09:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.09.14 19:09:30 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.09.14 19:09:26 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.09.14 19:09:25 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.09.14 19:08:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.14 19:08:32 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.09.14 19:08:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.09.14 19:08:30 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.09.14 19:08:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.09.14 19:08:25 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.09.14 19:08:25 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.09.14 19:08:14 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.09.14 19:08:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.09.14 18:31:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.09.14 18:31:42 | 000,000,000 | ---D | C] -- C:\Users\Nell\AppData\Local\temp
[2010.09.14 18:21:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.09.14 18:04:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.14 16:51:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.14 16:51:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.09.14 16:51:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.14 16:51:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.14 16:49:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.14 14:50:46 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Nell\Pictures\Desktop\OTL.exe
[2010.09.14 08:58:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.09.14 08:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.09.14 08:57:52 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.09.14 08:57:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.14 08:57:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.09.13 14:15:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.09.13 14:15:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.13 14:15:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.13 14:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.13 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.09.13 11:12:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.09.13 11:12:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.09.12 13:50:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore
[2010.08.28 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.08.17 18:39:59 | 000,000,000 | ---D | C] -- C:\Users\***\Pictures\Desktop\hjsplit-2-4
[2008.06.03 08:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.14 20:45:01 | 007,077,888 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.09.14 20:43:38 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.14 20:37:25 | 043,425,624 | ---- | M] (                                   ) -- C:\Users\Nell\Pictures\Desktop\AdbeRdr934_en_US.exe
[2010.09.14 20:24:23 | 001,364,522 | ---- | M] () -- C:\Users\***\Pictures\Desktop\wrar393.exe
[2010.09.14 20:19:57 | 011,285,608 | ---- | M] (Nullsoft, Inc.) -- C:\Users\***\Pictures\Desktop\winamp5581_full_emusic-7plus_en-us.exe
[2010.09.14 20:13:18 | 000,001,757 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.14 20:12:53 | 009,425,128 | ---- | M] (Mozilla) -- C:\Users\***\Pictures\Desktop\Thunderbird Setup 3.1.3.exe
[2010.09.14 19:59:24 | 001,247,568 | ---- | M] (Microsoft Corporation) -- C:\Users\Nell\Pictures\Desktop\wlsetup-custom.exe
[2010.09.14 19:57:35 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.14 19:56:30 | 008,539,024 | ---- | M] (Mozilla) -- C:\Users\***\Pictures\Desktop\Firefox Setup 3.6.9.exe
[2010.09.14 19:52:39 | 000,252,991 | ---- | M] () -- C:\Users\***\Pictures\Desktop\FileHippoSetup.exe
[2010.09.14 19:52:23 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.14 19:52:23 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.14 19:52:23 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.14 19:52:22 | 001,453,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.14 19:52:22 | 000,127,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.14 19:51:38 | 000,734,168 | ---- | M] (Secunia) -- C:\Users\Nell\Pictures\Desktop\PSISetup1502secunia.exe
[2010.09.14 19:51:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000UA.job
[2010.09.14 19:46:10 | 004,457,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.14 19:45:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:45:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.14 19:44:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.14 19:44:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.14 19:42:34 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.14 19:40:33 | 000,524,288 | -HS- | M] () -- C:\Users\Nell\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.14 19:40:33 | 000,065,536 | -HS- | M] () -- C:\Users\Nell\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.14 19:40:29 | 001,930,818 | -H-- | M] () -- C:\Users\Nell\AppData\Local\IconCache.db
[2010.09.14 18:21:14 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.09.14 18:20:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.14 16:44:08 | 003,844,155 | R--- | M] () -- C:\Users\***\Pictures\Desktop\ComboFix.exe
[2010.09.14 14:50:49 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\***\Pictures\Desktop\OTL.exe
[2010.09.14 10:56:20 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.09.14 10:03:29 | 000,156,672 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 21:32:56 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.09.12 11:14:49 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.11 14:28:46 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.31 16:52:52 | 000,205,880 | ---- | M] () -- C:\Users\***AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.23 00:51:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1902280874-368981522-578756865-1000Core.job
[2010.08.22 20:12:10 | 001,099,819 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 20:10:12 | 001,418,929 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 20:10:04 | 001,353,751 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.08.18 15:25:08 | 001,093,522 | ---- | M] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
 
========== Files Created - No Company Name ==========
 
[2010.09.14 20:43:38 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.14 20:23:02 | 001,364,522 | ---- | C] () -- C:\Users\Nell\Pictures\Desktop\wrar393.exe
[2010.09.14 20:13:18 | 000,001,757 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.14 19:57:35 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.09.14 19:52:36 | 000,252,991 | ---- | C] () -- C:\Users\***\Pictures\Desktop\FileHippoSetup.exe
[2010.09.14 16:51:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.14 16:51:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.14 16:51:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.14 16:51:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.14 16:51:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.14 16:40:33 | 003,844,155 | R--- | C] () -- C:\Users\***\Pictures\Desktop\ComboFix.exe
[2010.08.26 13:30:38 | 001,093,522 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9009.JPG
[2010.08.22 19:59:59 | 001,099,819 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9014.JPG
[2010.08.22 19:58:53 | 001,418,929 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9012.JPG
[2010.08.22 19:58:53 | 001,353,751 | ---- | C] () -- C:\Users\***\Pictures\Desktop\IMG_9011.JPG
[2010.07.20 16:06:03 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.13 14:36:59 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2010.05.07 19:27:51 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.05.04 18:09:10 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.01.21 15:01:00 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.26 21:32:10 | 000,001,869 | ---- | C] () -- C:\Windows\TVAfaDrv.ini
[2009.07.07 21:37:26 | 000,001,428 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2009.07.07 21:24:26 | 000,000,144 | ---- | C] () -- C:\Windows\ard.INI
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.06.30 11:27:15 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.06.30 11:27:15 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.06.30 11:27:15 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.06.27 16:01:08 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.06.27 16:01:08 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.06.07 20:07:55 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.06.07 20:07:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.28 16:15:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.14 17:01:10 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.02.11 12:32:00 | 000,009,971 | ---- | C] () -- C:\Users\Nell\AppData\Roaming\UserTile.png
[2009.02.07 20:16:14 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009.01.07 17:53:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.01.07 17:01:15 | 000,000,025 | ---- | C] () -- C:\Windows\CDESX100DEFGIPS.ini
[2009.01.05 18:32:51 | 000,117,607 | ---- | C] () -- C:\Users\Nell\AppData\Local\debuggee.mdmp
[2008.12.15 17:11:00 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008.11.19 13:57:38 | 000,005,515 | ---- | C] () -- C:\Windows\fmachine.ini
[2008.11.15 09:40:49 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2008.11.05 20:06:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.01 01:41:37 | 000,156,672 | ---- | C] () -- C:\Users\Nell\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.01 00:38:55 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.07.02 04:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 18:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2008.03.09 16:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.01 08:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.06.12 19:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico
[2007.05.09 09:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 03:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2008.11.19 15:06:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ambient Design
[2009.02.07 20:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2009.11.25 15:28:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Autodesk
[2010.08.28 20:34:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CELSYS
[2010.06.12 11:12:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.10 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.05.19 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.04.13 13:24:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.08.04 18:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2009.01.04 15:53:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ergo
[2010.01.21 00:04:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2009.10.25 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDRsoft
[2010.09.14 10:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.05.19 16:23:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2009.06.19 12:33:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfoRapid KnowledgeMap
[2009.10.18 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2009.02.07 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2008.11.09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.09.25 12:15:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking
[2009.06.23 01:06:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2010.03.03 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smith Micro
[2008.11.02 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2009.08.26 13:01:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2010.09.14 20:13:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.12.26 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toon Boom Animation
[2010.09.14 19:41:38 | 000,032,516 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:63238B95
< End of report >
         

Alt 14.09.2010, 20:59   #14
markusg
/// Malware-holic
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



kein servicepack 2instaliert, kein internet explorer 8. bitte windows update seite besuchen, instalieren und neues otl log.

Alt 14.09.2010, 20:59   #15
beebee
 
Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Standard

Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites



und die extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 14.09.2010 20:45:10 - Run 2
OTL by OldTimer - Version 3.2.12.0     Folder = C:\Users\***\Pictures\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 76,65 Gb Free Space | 51,43% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 106,10 Gb Free Space | 76,17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0255D2D3-0824-4DD3-B5F0-A0DDFC6F4F51}" = rport=137 | protocol=17 | dir=out | app=system | 
"{0B3DA253-F612-418E-890F-C591ACA7334E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0CA6529B-DED3-459E-ABC6-24CA759A6ADA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1592685D-82DF-4B39-A7A3-DAB09B52210E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{21F2141D-88EE-4BBA-8E47-1FA5810C39FB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2310366D-61C9-402F-8E4E-B610F382573F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2585134A-B889-4FDB-90ED-584B2BC90116}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29146AFC-5592-4C04-990E-3B6A56B9BF95}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3309E4BC-0CA1-4844-8F27-4DF586D041D1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A545E5E-E09C-4289-9923-3EE9C5369046}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{3C147766-2BD6-4A9B-9EA2-B5219661B251}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4C88D1C9-E183-4F6A-BC5E-05B8392CDECA}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{5591D9D7-95BB-4300-B543-464197ACC799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7900F3C0-E59E-4B53-A211-BF189D35F538}" = lport=139 | protocol=6 | dir=in | app=system | 
"{839020D1-AE17-42F4-8B16-9704CFAD9D29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8568912C-F849-4AA7-99E4-40EF1320A46D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{93810CF9-4CA5-4629-8245-01641EAE6486}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{A2B5E0F9-E3EB-4098-A9C8-06BE57DAAEB7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A4D2EBC4-ABFC-4AC0-A9BD-03A700C80832}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{AA91EA73-93A9-4FDC-AD10-FE918A5DBA1D}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{BEC22CBA-5B27-4B27-A27E-39D91D6488E5}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{D2CBDAF3-429E-41B4-9BF0-C509D4CA9329}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D9C95402-770C-4072-95D3-94C5FAD3B0EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDE94B84-B444-4E7D-B1D0-E808F8C12224}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F17FADDC-AEA5-425B-848D-75F6DDA63A64}" = rport=445 | protocol=6 | dir=out | app=system | 
"{FCB3E432-F203-4447-B225-48FC3D05FCD4}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server | 
"{FE34C042-4B9D-45A1-876B-9EBB62DB1C7A}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09B6DE89-2746-41BF-AA2E-3F1323B5C414}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{13F632B1-8EBB-459B-96D0-2308986F0CFB}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{17C9B2F9-6FAE-404A-B4D6-CE17C057BDD0}" = protocol=17 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{211210DF-31A0-4FDC-89B6-B9AA76EE8AA2}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{2379EA31-A062-42CE-ACBB-F350E8CF339D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{26D94BCC-012E-4C03-BBC3-3459D4C45089}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{275DBE00-1457-4F07-B8A3-72468BC3D243}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{2AB84766-5CDB-441C-A60B-39E13B38A76C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{37FB04A4-D202-4295-A2AA-740815944E23}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{42E634EB-E348-47CA-B2B3-3EE16CC5A0A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4388F2A3-4151-4BA0-8D9D-D50733A3852B}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe | 
"{45498C46-E805-4BE2-94A8-83CEA7C13496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{491BE2B3-F3A0-43B4-B63B-F059FAD74EFC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4E04A3B9-4B92-4769-96E6-D9A8D5D6EE9C}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{54CFB749-C6A1-459B-B66F-25AB0CCEE3B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{6C0FCA62-1385-4EC1-96FA-676031F0ABCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{7037A1CB-3DCA-4260-A013-3335033680E5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{7088D84D-93B9-4BD5-B651-C0D436FD2C1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{773176F8-80B3-4EB4-BDB8-52FC6ECF94D3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{77BFD588-7E63-449E-B9AF-50D82D7CC8C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8A7BA692-5295-4715-AFA7-2E3F10775DA6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A83BADCD-BF84-4A18-8C71-0B3F95073D15}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A8C80329-72F6-4D63-82D9-0DEB3DBDB451}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{A8F94C7A-11F7-4C04-8E2E-8A9AB95E2A04}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe | 
"{BDACD7C6-5B23-432A-B8DE-85AF2000DF7C}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe | 
"{C03B55AF-BF57-4A41-9E10-8CA7F4A14B35}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C15800E9-C919-4477-84A3-B0178122FB83}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{C2C95D94-EE75-4CE1-B4BE-5AF3CAC3C236}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C594F7F4-081B-4BA5-B66E-D94ED8206810}" = protocol=6 | dir=in | app=c:\program files\msi\totalmedia 3.5\totalmedia.exe | 
"{CD76DFFB-6EDA-49A7-82A4-24EAFDD91AAE}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe | 
"{D421A6F2-217E-470E-BCE5-31F0F4CD4C6C}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{D663EC76-275B-429A-951B-B97995248F89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC70C821-5A76-485F-B17B-1AB6895E9626}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe | 
"{EC654771-6668-41D9-A9AC-2A24AFE9E8B4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FFFC8CCA-10FC-47F1-A001-4A857B26460A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"TCP Query User{347CCAF7-1EAF-491F-AA34-A2F0339BD1C3}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{41C6FC3E-0B2C-4EC0-B497-B8C54E09206B}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{5B2C2A14-B7DE-47A3-8EC6-32BD4631655B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{5D4ACB67-F674-4435-BA90-EC363DF81DD8}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{6AA83415-26E7-4A87-8621-24956A665CB5}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{A0D55E3A-C439-4FCD-8060-7C1B42C802E0}C:\program files\msn backup\msnbackup.exe" = protocol=6 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"TCP Query User{BBB381CD-6BA8-4E86-B6F5-68D4021BAE7A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{DC133570-8F47-49B7-A6D0-B9E2D8D2BCEE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{ECE0E72A-EADA-47B9-B8E4-08687E6028A5}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"TCP Query User{EEF4BD77-0D4E-446F-892D-320F66C0486A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{00571C99-3CD9-461C-A53F-34405055F658}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{16D21D97-E986-486F-886B-AB702EA20EE5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{23155057-81B2-41D0-BD0C-845058F58A6B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{357A2751-E57D-4E77-88CF-7CBC8F06D7F8}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{3E4FF792-A79E-4081-BC31-47B1F11526CC}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{720A7EE6-6C7A-4BDF-964D-193FD0DDE630}C:\program files\msn backup\msnbackup.exe" = protocol=17 | dir=in | app=c:\program files\msn backup\msnbackup.exe | 
"UDP Query User{72D503C5-0F29-4953-A4B6-D8B63FAF9DFE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{7747252B-0D3A-4903-BA75-9E7E3C481E84}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"UDP Query User{9EA4F382-D5D5-4CA7-AAD8-0AC9E4070EDE}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{BB590F7A-94DC-4CFC-8AA7-C95643D47245}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian
"{0CE473E5-4187-4D59-8CC0-0983395B37DC}" = GoGear SA19xx Device Manager
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager
"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}" = ArcSoft TotalMedia 3.5
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch
"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42F7C377-2A1F-44FB-A17F-053C29E81031}" = Nero 7 Premium
"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU
"{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek
"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian
"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61563672-84C4-47A2-A037-B4322C38FFCE}" = Manga Studio EX 4.0
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai
"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_911" = Adobe Acrobat 9.1.1 - CPSID_49013
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2
"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese
"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BD61A916-AE14-4B3B-BDBE-CD9583DFAC22}" = Toon Boom Animate Pro PLE
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C438DF2B-C5DF-4783-9CA5-9B89E501FA62}" = Works Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista
"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish
"{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = MSI DigiVox Duo Utilities
"{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common
"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard
"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface
"ArtRage_is1" = ArtRage 2.1
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Setup.divx.com" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla" = FileZilla (remove only)
"HijackThis" = HijackThis 1.99.1
"ImgBurn" = ImgBurn
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"IrfanView" = IrfanView (remove only)
"JTablet" = JTablet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"Pen Tablet Driver" = Stifttablett
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAfaDrv" = MSI DigiVox Duo BDA Driver
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"xampp" = XAMPP 1.7.1
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1902280874-368981522-578756865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.08.2010 04:51:11 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 21.08.2010 04:52:10 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.08.2010 04:52:10 | Computer Name = *** | Source = Google Update | ID = 20
Description = 
 
Error - 21.08.2010 12:23:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Photoshop.exe, Version 12.0.0.0, Zeitstempel
 0x4bbc56b6, fehlerhaftes Modul msxml3.dll, Version 8.100.4001.0, Zeitstempel 0x4a7ffdcd,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000062e2,  Prozess-ID 0x1148, Anwendungsstartzeit
 01cb4134d72fe782.
 
Error - 25.08.2010 04:36:03 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.08.2010 04:36:03 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 25.08.2010 04:37:06 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.08.2010 04:29:19 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.08.2010 04:29:19 | Computer Name = *** | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 26.08.2010 04:30:04 | Computer Name = *** | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 15.02.2009 11:20:37 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 08.12.2009 11:22:10 | Computer Name = *** | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 30.01.2009 15:38:27 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:04:48 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:38:16 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 16:50:23 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 30.01.2009 17:02:30 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:35:13 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 03:37:13 | Computer Name = *** | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 31.01.2009 03:37:20 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:16:34 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
Error - 31.01.2009 04:43:25 | Computer Name = *** | Source = ipnathlp | ID = 34001
Description = ICS_IPV6 konnte den IPv6-Stapel nicht konfigurieren.
 
 
< End of report >
         

Antwort

Themen zu Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites
adobe, agere systems, antivir, antivir guard, avg, avira, bho, bonjour, computer, cs3, defender, desktop, excel, firefox, frage, hijackthis, hängen, hängt, local\temp, logfile, mozilla, neue tabs, neuer tab, problem, security, server, software, svchost.exe, system



Ähnliche Themen: Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites


  1. Firefox öffnet neue Tabs und überall Pop-Ups
    Log-Analyse und Auswertung - 11.08.2014 (15)
  2. Firefox öffnet ungewollt neue Fenster, Popupseiten und Werbung
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (4)
  3. Firefox öffnet ungewollt Tabs mit Werbung/Gewinnspielwebseiten
    Plagegeister aller Art und deren Bekämpfung - 15.07.2014 (9)
  4. Firefox öffnet willkürlich neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 13.07.2014 (18)
  5. Windows 7 Ultimate: Google Chrome öffnet von alleine neue Fenster mit Werbung oder neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (19)
  6. Mozilla Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 27.04.2014 (3)
  7. Firefox öffnet ungewollt neue Tabs/fenster. Kaspersky schlägt alarm
    Plagegeister aller Art und deren Bekämpfung - 27.03.2014 (7)
  8. Firefox öffnet dubiose Tabs
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (39)
  9. Firefox öffnet selbstständig neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (3)
  10. Firefox öffnet automatisch neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 13.09.2013 (21)
  11. Firefox öffnet ungewollt neue Tabs mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (1)
  12. Firefox öffnet ungewollt Websites + Generic Host Problem
    Log-Analyse und Auswertung - 22.11.2010 (45)
  13. Firefox öffnet ungewollt Werbe-Tabs / Systemperformance leidet scheinbar
    Log-Analyse und Auswertung - 20.11.2010 (16)
  14. Firefox öffnet neue Tabs mit Werbung
    Log-Analyse und Auswertung - 03.05.2010 (24)
  15. Firefox öffnet neue Tabs
    Log-Analyse und Auswertung - 02.05.2010 (10)
  16. Firefox öffnet ungewollt immer neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 07.12.2009 (2)
  17. Firefox öffnet neue Tabs
    Plagegeister aller Art und deren Bekämpfung - 05.12.2009 (13)

Zum Thema Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites - Hallo! Seit einiger Zeit öffnet sich, wenn ich im Firefox bin, einfach so und in unregelmäßigen Abständen ein neuer Tab und leitet mich auf seltsame URLs weiter. Auch passiert es, - Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites...
Archiv
Du betrachtest: Firefox öffnet ungewollt neue tabs oder leitet suchanfragen auf dubiose websites auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.