Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 21.10.2010, 19:04   #1
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



hi leude. . .

ich habe ein Virenproblem ( gehe davon aus ). . .

Kann viele Programme nicht mehr starten, installieren u.s.w. ( steht immer öffnet mit )

systemwiederherstellung geht nicht und meine antivirus programme kann ich auch nicht mehr öffnen, um mein pc scannen zu lassen.

ich hoffe das ihr mir helfen könnt.

hier ist mein hijack logfile...

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:55, on 21.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21293)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Programme\FRITZ!DSL\StCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\FolderSize\FolderSizeSvc.exe
C:\Programme\Hotspot Shield\bin\openvpnas.exe
C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
C:\Programme\Hotspot Shield\bin\hsswd.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programme\Tunngle\TnglCtrl.exe
C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcm.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://facebook.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe -0
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [Google Update] "C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe
O4 - HKCU\..\Run: [IJKUK66HMN] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcl.exe
O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Pcm.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Ad-Watch Live!] C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\jc_link.htm
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} (NeoLauncherCtl Class) - hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Programme\FolderSize\FolderSizeSvc.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Programme\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Programme\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Programme\Hotspot Shield\bin\hsswd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Programme\Tunngle\TnglCtrl.exe
O24 - Desktop Component 1: (no name) - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101

--
End of file - 13726 bytes
         

Alt 21.10.2010, 19:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.10.2010, 22:04   #3
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



also dies kam von der Malwarebytes raus . . .

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4904

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21.10.2010 23:02:40
mbam-log-2010-10-21 (23-02-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 354999
Laufzeit: 2 Stunde(n), 25 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 4
Infizierte Dateien: 46

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> No action taken.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{cd6c7865-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cd6c7866-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cd6c7867-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cd6c7868-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntwqivlzewzu (Rootkit.TDSS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Rootkit.TDSS) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\java update manager (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> No action taken.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818 (Trojan.Agent) -> No action taken.
C:\Programme\Spyware Cease (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\RegistryBackup (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update (Rogue.SpywareCease) -> No action taken.

Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> No action taken.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> No action taken.
C:\WINDOWS\IFinst27.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\dmocx.dll (Malware.Packer.Gen) -> No action taken.
C:\Naze\sonstiges\Eiskalt\VDOWNLOADER\vdownloader_setup.exe (Adware.ADON) -> No action taken.
C:\Programme\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\bcfile.lst (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\bmgac (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\dxddd (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\idamx (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\iflee (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\md5.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\SCHelper.exe (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\tmp5 (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\twcfile.lst (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update1 (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update2 (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update3 (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\vf (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\wcfile.lst (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\xxcum (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update\Update.ini (Rogue.SpywareCease) -> No action taken.
C:\Programme\Spyware Cease\update\uplist.up (Rogue.SpywareCease) -> No action taken.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> No action taken.
C:\a.txt (Worm.Traces) -> No action taken.
C:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> No action taken.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> No action taken.
         
__________________

Alt 21.10.2010, 22:17   #4
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



dies kam bei OTL raus. . .

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2010 23:05:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 288,44 Gb Free Space | 61,93% Space Free | Partition Type: NTFS
 
Computer Name: asbiebgiqep | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Trend Micro Inc.)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Trend Micro Inc.)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll (Trend Micro Inc.)
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll ()
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found
DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found
DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found
DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found
DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found
DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found
DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found
DRV - (RkHit) -- C:\WINDOWS\system32\drivers\RKHit.sys ()
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (SPLITCAM) -- C:\WINDOWS\system32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ftsata2) -- C:\WINDOWS\System32\drivers\ftsata2.sys (Promise Technology, Inc.)
DRV - (Si3114r5) -- C:\WINDOWS\System32\drivers\Si3114r5.sys (Silicon Image, Inc)
DRV - (Si3132r5) -- C:\WINDOWS\System32\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV - (Si3132) -- C:\WINDOWS\System32\drivers\si3132.sys (Silicon Image, Inc.)
DRV - (Si3124) -- C:\WINDOWS\System32\drivers\si3124.sys (Silicon Image, Inc.)
DRV - (ulsata2) -- C:\WINDOWS\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-DE&FORM=MICGEP&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.17 17:02:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.20 00:08:49 | 000,000,000 | ---D | M]
 
[2010.01.26 22:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions
[2010.01.28 12:03:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.01.27 23:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 12:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010.08.06 12:48:18 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.02.20 13:41:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.24 00:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\plugin@yontoo.com
[2010.08.11 19:13:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\support@predictad.com
[2010.09.12 14:22:28 | 000,002,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\askcom.xml
[2010.02.12 23:05:33 | 000,002,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\bing.xml
[2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\conduit.xml
[2010.02.13 17:22:43 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\sweetim.xml
[2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.06 21:03:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.20 00:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.20 00:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.29 23:15:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.29 23:15:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.29 23:15:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.23 18:32:42 | 000,003,803 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\MyHeritage.xml
[2010.01.29 23:15:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.29 23:15:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.21 18:23:25 | 000,423,844 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 14607 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe (QW Computer)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [IJKUK66HMN] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe File not found
O4 - HKCU..\Run: [NtWqIVLZEWZU] C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Ad-Watch Live!] C:\Programme\Lavasoft\Ad-Aware\Ad-Aware.exe (Lavasoft)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab (NeoLauncherCtl Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 () - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (sasnative32) -  File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:437c090b2) -  File not found
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 20:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.10.21 20:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.21 20:33:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.21 20:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.21 20:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 20:32:27 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.10.21 20:31:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.10.21 19:46:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
[2010.10.21 19:23:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.10.21 19:12:06 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.21 19:09:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
[2010.10.21 18:54:57 | 000,000,000 | RHSD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818
[2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.21 13:36:19 | 000,421,888 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll
[2010.10.19 13:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mihriban
[2010.10.17 17:51:11 | 000,000,000 | ---D | C] -- C:\My Music
[2010.10.16 18:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\usb stick
[2010.10.15 11:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2010.10.15 02:12:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010.10.15 02:10:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010.10.15 02:10:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.15 02:10:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.15 02:10:27 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.15 01:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AeriaGames
[2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh
[2010.10.13 23:26:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\__MACOSX
[2010.10.13 14:00:49 | 000,000,000 | ---D | C] -- C:\Programme\Gravity
[2010.10.13 11:50:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
[2010.10.11 20:56:02 | 000,000,000 | ---D | C] -- C:\GamerKraft
[2010.10.11 20:05:54 | 000,000,000 | ---D | C] -- C:\pakour spiel
[2010.10.09 03:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\gimme some house
[2010.10.02 15:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.10.02 09:17:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unsere Möbel
[2010.10.02 00:10:16 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2010.10.01 20:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\HD Wallpaper
[2010.10.01 19:16:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\EA Games
[2010.10.01 19:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\EA Games
[2010.10.01 17:51:33 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2010.09.24 19:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Client
[2010.09.24 19:45:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.09.24 02:20:32 | 000,000,000 | ---D | C] -- C:\gamigo
[2010.08.11 19:12:58 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\AskToolbarInstaller.exe
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.21 23:07:06 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.21 22:52:17 | 000,000,304 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.21 22:28:00 | 000,000,262 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.21 22:22:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500UA.job
[2010.10.21 22:21:02 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.10.21 20:33:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.21 20:32:55 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.10.21 20:31:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.10.21 19:23:06 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.10.21 19:16:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.21 19:14:05 | 000,002,213 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2010.10.21 19:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.21 19:12:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2010.10.21 18:23:25 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.21 18:22:58 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182325.backup
[2010.10.21 18:22:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500Core.job
[2010.10.21 18:14:04 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.10.21 16:33:59 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.21 16:33:51 | 003,410,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3
[2010.10.21 13:36:19 | 000,421,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\sshnas21.dll
[2010.10.21 03:13:17 | 000,012,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG
[2010.10.21 01:43:27 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.20 15:25:25 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk
[2010.10.19 20:29:21 | 003,138,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy'm - Tout Est Dit - Reflets ( bonne version ).mp3
[2010.10.19 20:20:22 | 002,563,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3
[2010.10.19 20:17:42 | 004,457,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010.10.19 20:13:04 | 004,492,719 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3
[2010.10.19 20:05:04 | 002,672,507 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3
[2010.10.19 20:02:18 | 005,965,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert  Sick Dubstep Remix.mp3
[2010.10.19 19:56:05 | 003,622,946 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3
[2010.10.18 13:34:07 | 004,364,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3
[2010.10.17 00:52:25 | 000,001,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2010.10.17 00:52:25 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182258.backup
[2010.10.15 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.15 09:15:19 | 002,151,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.13 23:55:28 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010.10.13 18:41:49 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk
[2010.10.13 18:41:49 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk
[2010.10.13 14:00:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\IFinst27.exe
[2010.10.13 00:47:10 | 001,290,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG
[2010.10.12 20:27:21 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT
[2010.10.11 14:48:27 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D'assaut - Desole.mp3
[2010.10.11 13:16:21 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D'assaut - Desole.mp3
[2010.10.11 12:40:32 | 002,554,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3
[2010.10.11 12:19:18 | 005,159,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe
[2010.10.10 11:10:43 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk
[2010.10.10 10:37:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx
[2010.10.07 22:04:44 | 000,555,614 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.07 22:04:44 | 000,505,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.07 22:04:44 | 000,116,596 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.07 22:04:44 | 000,088,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.06 21:23:43 | 003,103,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3
[2010.10.06 20:38:40 | 000,000,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat
[2010.10.02 20:11:18 | 000,115,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg
[2010.10.01 22:12:29 | 010,422,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3
[2010.09.30 17:39:30 | 000,154,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf
[2010.09.30 17:37:54 | 000,073,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt
[2010.09.30 17:11:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt
[2010.09.27 18:24:04 | 478,959,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw
[2010.09.26 21:51:45 | 000,120,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3
[2010.09.26 21:51:04 | 000,011,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.09.25 15:48:46 | 479,012,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw
[2010.09.24 21:31:18 | 000,423,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg
[2010.09.24 19:45:39 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2010.09.24 14:58:24 | 000,001,546 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk
[2010.09.24 14:58:24 | 000,001,324 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk
[2010.09.23 19:40:01 | 000,091,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg
[2010.09.23 19:39:56 | 000,099,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg
[2010.09.23 19:39:51 | 000,105,388 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg
[2010.09.23 19:39:43 | 000,066,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg
[2010.09.23 19:39:39 | 000,071,404 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg
[2010.09.23 19:39:35 | 000,092,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg
[2010.09.23 19:39:33 | 000,102,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg
[2010.09.23 19:39:15 | 000,078,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg
[2010.09.23 19:39:11 | 000,081,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg
[2010.09.23 19:39:08 | 000,086,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg
[2010.09.23 19:39:04 | 000,089,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg
[2010.09.23 19:38:59 | 000,089,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.21 20:33:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.21 19:23:06 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.10.21 18:14:04 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.10.21 16:31:10 | 003,410,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3
[2010.10.21 13:36:33 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.10.21 13:36:29 | 000,000,304 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.21 13:36:24 | 000,000,262 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.10.21 03:13:17 | 000,012,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG
[2010.10.16 17:18:01 | 003,622,946 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3
[2010.10.16 17:13:47 | 004,364,406 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3
[2010.10.16 17:13:33 | 003,138,949 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy'm - Tout Est Dit - Reflets ( bonne version ).mp3
[2010.10.16 17:13:27 | 002,563,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3
[2010.10.16 17:13:18 | 004,457,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010.10.13 23:25:59 | 005,159,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe
[2010.10.13 18:41:49 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk
[2010.10.13 18:41:49 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk
[2010.10.13 00:46:54 | 001,290,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG
[2010.10.12 20:27:21 | 000,230,432 | ---- | C] () -- C:\PA7302.DAT
[2010.10.11 12:58:54 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D'assaut - Desole.mp3
[2010.10.11 12:35:13 | 004,492,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3
[2010.10.11 12:35:04 | 002,554,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3
[2010.10.11 12:35:00 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D'assaut - Desole.mp3
[2010.10.11 12:34:53 | 002,672,507 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3
[2010.10.11 12:34:47 | 005,965,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert  Sick Dubstep Remix.mp3
[2010.10.10 11:10:43 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk
[2010.10.10 10:37:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx
[2010.10.06 21:23:43 | 003,103,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3
[2010.10.05 15:28:13 | 479,012,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw
[2010.10.05 15:20:42 | 478,959,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw
[2010.10.02 20:11:18 | 000,115,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg
[2010.10.01 17:47:31 | 010,422,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3
[2010.09.30 17:39:29 | 000,154,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf
[2010.09.30 17:11:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt
[2010.09.30 17:11:52 | 000,073,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt
[2010.09.26 21:51:45 | 000,120,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3
[2010.09.26 21:25:47 | 000,011,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.09.25 01:05:56 | 000,423,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg
[2010.09.24 23:03:26 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat
[2010.09.24 19:45:39 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2010.09.24 14:58:24 | 000,001,546 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk
[2010.09.24 14:58:24 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk
[2010.09.23 19:40:01 | 000,091,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg
[2010.09.23 19:39:56 | 000,099,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg
[2010.09.23 19:39:51 | 000,105,388 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg
[2010.09.23 19:39:42 | 000,066,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg
[2010.09.23 19:39:38 | 000,071,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg
[2010.09.23 19:39:35 | 000,092,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg
[2010.09.23 19:39:32 | 000,102,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg
[2010.09.23 19:39:15 | 000,078,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg
[2010.09.23 19:39:11 | 000,081,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg
[2010.09.23 19:39:07 | 000,086,633 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg
[2010.09.23 19:39:04 | 000,089,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg
[2010.09.23 19:38:59 | 000,089,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg
[2010.09.15 03:48:10 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2010.09.15 03:20:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.09.10 03:03:54 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2010.08.25 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.08.12 03:57:54 | 000,706,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.07 19:02:03 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.21 20:19:05 | 000,164,864 | ---- | C] () -- C:\Programme\UNWISE.EXE
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010.03.20 20:53:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010.02.23 00:10:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.02.14 18:50:02 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.02.14 18:50:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.02.05 12:50:32 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2010.01.30 14:30:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.01.30 14:29:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.27 00:16:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.26 23:53:23 | 000,139,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 21:59:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.26 21:50:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.26 21:48:14 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010.01.26 21:38:52 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010.01.26 21:33:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.07.09 03:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.06.18 15:00:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini
[2008.06.18 14:59:00 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll
[2008.06.18 14:58:59 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll
[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.04.23 20:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2007.03.20 17:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

< End of report >
         
--- --- ---

[/CODE]

und das . . .

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.10.2010 23:05:48 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 288,44 Gb Free Space | 61,93% Space Free | Partition Type: NTFS
 
Computer Name: abqueobgoqe | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
exefile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [7zip Packen und SFX Erstellen] -- C:\Programme\7-zip\7z_SFX-GUI-Pack.exe   "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster
"58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"11:TCP" = 11:TCP:*:Enabled:WarriorEpic
"11:UDP" = 11:UDP:*:Enabled:WarriorEpic
"882:TCP" = 882:TCP:*:Enabled:WarriorEpic
"882:UDP" = 882:UDP:*:Enabled:WarriorEpic
"575:TCP" = 575:TCP:*:Enabled:WarriorEpic
"575:UDP" = 575:UDP:*:Enabled:WarriorEpic
"60:TCP" = 60:TCP:*:Enabled:WarriorEpic
"60:UDP" = 60:UDP:*:Enabled:WarriorEpic
"56:TCP" = 56:TCP:*:Enabled:WarriorEpic
"56:UDP" = 56:UDP:*:Enabled:WarriorEpic
"629:TCP" = 629:TCP:*:Enabled:WarriorEpic
"629:UDP" = 629:UDP:*:Enabled:WarriorEpic
"150:TCP" = 150:TCP:*:Enabled:WarriorEpic
"150:UDP" = 150:UDP:*:Enabled:WarriorEpic
"704:TCP" = 704:TCP:*:Enabled:WarriorEpic
"704:UDP" = 704:UDP:*:Enabled:WarriorEpic
"584:TCP" = 584:TCP:*:Enabled:WarriorEpic
"584:UDP" = 584:UDP:*:Enabled:WarriorEpic
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster
"58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster
"6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
"6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
"6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher
"6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher
"6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"K:\Erdem\Garena\Garena.exe" = K:\Erdem\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Programme\Aqua\AquaDownloadern.exe" = C:\Programme\Aqua\AquaDownloadern.exe:*:Enabled:AquaDownloadern -- (CDNetworks)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\Street Fighter IV\StreetFighterIV.exe" = C:\Programme\Street Fighter IV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Java\jre1.6.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe:*:Enabled:FreeJack_Downloader -- File not found
"C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- ()
"C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe:*:Enabled:Java Update Manager -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01AE8E54-F235-74C5-9875-A655C6555634}" = CCC Help Italian
"{027AA9DB-7176-2929-ED2E-38C0317F3566}" = Catalyst Control Center Localization All
"{050227B0-1E77-D377-A63D-EB5F12318FB8}" = Catalyst Control Center Localization Korean
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{071E5FA3-20CA-BE1D-7AE4-D0514507E1C3}" = CCC Help Danish
"{07F31E45-2E01-8663-1B57-E826FCDA09E3}" = Catalyst Control Center Localization Japanese
"{0834403C-CC0C-D2A3-1684-D04C82D04FE4}" = Catalyst Control Center Localization Russian
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DE817CB-9294-F350-64F0-36E42D7B27F2}" = CCC Help French
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E2E9FD2-3C63-FBAD-F41E-736CF1DA5BC0}" = Catalyst Control Center Localization Chinese Standard
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{116A277E-6809-825D-BDCB-E32DCDA231E2}" = Catalyst Control Center Graphics Light
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{142D633B-6D5E-43FC-ADCD-BF71C495F91C}_is1" = EKRO Fullclient v1.0
"{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{160625BC-937E-6F4A-58F7-6BCB7C74148B}" = ccc-core-preinstall
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17EAC83B-F259-B0FE-BABC-802E06E03654}" = CCC Help Turkish
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1BF23060-E1E1-2EE1-037D-264D9EC15CBD}" = ccc-core-preinstall
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EFE9082-F3EC-13CA-FD37-E1490531CDF3}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232D00D0-F1CE-BEE3-58DD-2C826007D917}" = CCC Help Greek
"{23FC20B7-0119-B007-B788-0A4EB46336DA}" = Catalyst Control Center Localization Spanish
"{241647C2-9318-D048-67BA-E64ED5F2CCC4}" = Catalyst Control Center Core Implementation
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2959C2F1-5C0C-AAEE-1D94-8B3AE1806C31}" = Catalyst Control Center Localization Norwegian
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2B274D3F-8D66-91B3-0555-C0ED7019F3C6}" = CCC Help Russian
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30F4418F-6CBF-9CC2-1AC3-25234DCAD4CE}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{391F4C49-7ADF-84E6-2028-19310E7AC8E1}" = Catalyst Control Center Localization Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC0DC58-B167-51D7-4440-2E02F63C942E}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{3FD5A0F7-A39B-06D3-07E5-E0C5DE3267B7}" = CCC Help Japanese
"{40EF588A-3C0D-5779-0951-74C0BCA661C2}" = Catalyst Control Center Localization Dutch
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{4514B9C2-8E75-CF9D-B148-8ED40CAA35F0}" = Catalyst Control Center HydraVision Full
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{465AE684-39DF-F8BC-A702-81860DE6EBCF}" = CCC Help Spanish
"{46C6315A-8E24-F30C-0EB1-3D22DFACBCD8}" = Catalyst Control Center Localization Turkish
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4956D70D-E758-7CDC-D131-2895E8A5DAD4}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A66FB4E-F08F-6DCD-1823-4BDACC6F7D67}" = CCC Help Hungarian
"{4D7BE862-435C-0F6F-0558-B3E6DCA839E2}" = CCC Help Portuguese
"{5091043D-D941-E17E-1E0F-0B2F1DBE4D9E}" = ccc-core-static
"{520AE942-F7F0-8A53-4F34-FED00ADAC639}" = Catalyst Control Center Localization Czech
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{526A494F-8A59-3E10-EEF4-52400B4D72F3}" = Catalyst Control Center Localization Italian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{583F8A3F-2D92-E13B-AF5D-E362DDFA13E7}" = Catalyst Control Center Core Implementation
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6347B976-4310-4555-A35F-91D607708F07}" = CCC Help Thai
"{63886E34-F9F8-378B-A7FB-710C6ED9AAEB}" = ATI Catalyst Install Manager
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{648C8BCF-424F-4C68-AF43-9AB9CF87859E}_is1" = UPXShell 3.2.5.2006
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66064139-314F-44B2-805A-0AAC71A32E02}" = ccc-utility
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English
"{6D0955B9-C1D6-CB1C-6CE3-BFAC9696A882}" = CCC Help Polish
"{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility
"{6EDCACF0-12BD-2BD2-6161-54ABE116B185}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7409D3F5-CB81-8ECF-656C-9C096AA7FA7A}" = CCC Help French
"{745D2782-BB1E-51EA-5BDB-1E1BE7590594}" = CCC Help English
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7B7435AF-62A9-224E-94F2-A5C0408E7894}" = Catalyst Control Center Localization French
"{7B8F4AA8-0426-64EF-1727-6E4911446307}" = Catalyst Control Center Localization Portuguese
"{7C6B146C-735F-2E95-8A96-450911F3446B}" = CCC Help Portuguese
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D724F-05A2-81D1-B3D0-801761E9EB94}" = Catalyst Control Center Localization German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{88F1EB35-7E38-AFA6-49DD-ABD004ACA1B1}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C377565-02FD-493A-B85F-8D9A33D326F0}" = Aion
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94928C91-8A2E-A94E-A7EF-C41FBE515718}" = Catalyst Control Center Graphics Previews Common
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility
"{97AA05F0-CF31-4CFA-F3BD-B6F3A0022579}" = CCC Help Korean
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9879DD41-CD73-4BBC-ADEA-85005979F7F8}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{A15102F8-B63C-31C5-EDBC-D3614AFAA13D}" = CCC Help Norwegian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A454D257-0E6D-BCD1-2A10-78FEDB5BB21E}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D4FC6F-5BE6-4ECB-49CC-AFD566A93F23}" = Catalyst Control Center Graphics Full Existing
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A73FBA2D-7C64-F293-3140-EB02DDBEFA2E}" = Catalyst Control Center Localization Hungarian
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509
"{AC2B4022-8F75-6AA5-612F-9598EFD31C9B}" = Catalyst Control Center InstallProxy
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD0F1745-3B34-443B-E137-A21271A17D74}" = CCC Help Chinese Traditional
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEBE3F70-585E-17C7-C91D-964C91772410}" = ccc-utility
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3542011-52A1-8782-EEB9-B72AB9EC7336}" = Catalyst Control Center Graphics Light
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1D27535-0AD9-1BFB-7F76-2E74BED09A41}" = Catalyst Control Center Localization Danish
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam 
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common
"{CC37A914-E541-4A79-0DF8-B746444E7D5A}" = Catalyst Control Center Localization Polish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD23CF9D-7B10-C68C-7390-97EC5087E1F4}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D5D0178D-57E4-C32C-5275-401F384303A7}" = CCC Help Hungarian
"{D70552B4-B68A-367B-F669-552E97667F32}" = CCC Help German
"{D824F44B-B6AF-E93D-F7A3-19E02319B751}" = Catalyst Control Center Localization Finnish
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DBAA7DF5-7DE0-DD8D-A748-5A35AC2DA420}" = CCC Help Italian
"{DD7C56A2-8E85-AABA-D807-F61C135CC1AE}" = Catalyst Control Center Graphics Full Existing
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E320ECE8-FE7F-425C-8F8C-33C1D9907F93}" = SlimDrivers
"{E41B53EF-A153-4A11-5155-AE9DEF42EDE2}" = Catalyst Control Center Localization Greek
"{E7137FEB-B06C-781F-2ACF-962AF992FC2D}" = Catalyst Control Center Localization Swedish
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8D57727-8BC3-F093-A3EE-94BDD55305F5}" = CCC Help Czech
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9BB066A-632F-4849-CDD4-5B7BCFB285B6}" = Catalyst Control Center Graphics Full New
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEDE89A0-9412-52AF-563D-A335D6C00BA5}" = CCC Help Swedish
"{F08826AF-C414-6921-9A50-D39972C7D975}" = CCC Help German
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1972370-E7EE-B572-761B-FB7FAE17595F}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F454F142-7241-D804-D067-CCCE016643C3}" = Skins
"{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_14cffbe014b566bef9e9125ea146ab9" = Adobe Creative Suite 4 Master Collection
"Akamai" = Akamai NetSession Interface
"AquaDownloadern" = AquaDownloadern 2,1,56,0
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutocompletePro3_is1" = AutocompletePro
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative WebCam Center" = 
"Daniusoft Video Converter_is1" = Daniusoft Video Converter(Build 2.1.1.0)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.49
"ie7" = Internet Explorer 7
"IL Download Manager" = IL Download Manager
"Inception RO Installer 1.00" = Inception RO Installer 1.00
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam 
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"League of Legends_is1" = League of Legends
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.5.13)" = Mozilla Firefox (3.5.13)
"Neffy" = Neffy 1,3,29,0
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PoiZone" = PoiZone
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ragnarok Online" = Ragnarok Online
"Runtimes" = Allgemeine Runtime Dateien
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Spyware Cease_is1" = Spyware Cease v6.4.0
"Street Fighter IV_is1" = Street Fighter IV
"TaskSwitchXP" = TaskSwitchXP
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Theme 1.00" = Theme 1.00
"TuneUp Utilities" = TuneUp Utilities
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.6
"Vindictus" = Vindictus
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WarOfAngels" = War Of Angels
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Sidebar" = Windows Sidebar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
"XPize Darkside" = XPize Darkside 2.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.6
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.10.2010 18:11:07 | Computer Name = nsavneqiovnieqp| Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = vnqvoeqnvo | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = bqnioeofqcgqe | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = bqnvcqeovqe | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = abuvqeov | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = bqenjeqovb | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = qbnuqoevneq | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = qevnuobqebq | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = abeqbqehqeqebv | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = aebqeefqhbqfqbq | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 17.10.2010 19:20:12 | Computer Name = avedqbeqbeqbq | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:26:01 | Computer Name = abeqeqfvqehbeq | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:26:01 | Computer Name = avbeqbneqfeqfq | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:34:27 | Computer Name = aberwhabab | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:34:27 | Computer Name = avgbnqibqenbq | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 18:10:07 | Computer Name = avbeqbeqbeqgqef | Source = DCOM | ID = 10010
Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 20.10.2010 20:53:16 | Computer Name = eqbeqbeqfgaf | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 20:53:16 | Computer Name = aebeqbqebeqbqe| Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 21:04:23 | Computer Name = aebqbeabeha | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 21:04:23 | Computer Name = abeabeqbegagea | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
 
< End of report >
         
--- --- ---

Alt 21.10.2010, 22:17   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Zitat:
-> No action taken.
Du musst die Funde schon entfernen. Bitte nachholen falls nicht gemacht...

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.10.2010, 22:19   #6
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



ups sry >.<

hier ist malwarebyte again^^

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4904

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

21.10.2010 23:18:20
mbam-log-2010-10-21 (23-18-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 354999
Laufzeit: 2 Stunde(n), 25 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 12
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 6
Infizierte Verzeichnisse: 4
Infizierte Dateien: 46

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> Unloaded process successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> Unloaded process successfully.

Infizierte Speichermodule:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd6c7865-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd6c7866-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cd6c7867-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd6c7868-5864-11d0-abf0-0020af6b0b7a} (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware cease_is1 (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RkHit (Rogue.SpywareCease) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IJKUK66HMN (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ntwqivlzewzu (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ijkuk66hmn (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\java update manager (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\batfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\comfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\piffile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" %*) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\RegistryBackup (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update (Rogue.SpywareCease) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\WINDOWS\system32\sshnas21.dll (Rootkit.TDSS) -> Delete on reboot.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcm.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\Pcl.exe (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\IFinst27.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmocx.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Naze\sonstiges\Eiskalt\VDOWNLOADER\vdownloader_setup.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\RkHitApi.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\spkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\AutoUpdate.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\bcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\bmgac (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\dxddd (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\hrdb.hrl (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\idamx (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\iflee (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\LSR.lsr (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\md5.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\mtools.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\networkdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\opfile.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\QAreaDLL.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\SCHelper.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\sctdll.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\SpywareCease.chm (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\SpywareCease.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\SpywareCease.url (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\tmp5 (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\twcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\udefend.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\unins000.dat (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\unins000.exe (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update1 (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update2 (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update3 (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\ussafe.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\vf (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\wcfile.lst (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\xxcum (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\zlib1.dll (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update\Update.ini (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\Programme\Spyware Cease\update\uplist.up (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\a.txt (Worm.Traces) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winrtsnr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         

Alt 21.10.2010, 22:25   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Dann bitte neue OTL-Logs erstellen und posten, wenn sie jetzt erst entfernt wurden.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.10.2010, 22:31   #8
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



oki hier sind beide von OTL. . .

1.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.10.2010 23:29:40 - Run 3
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 288,55 Gb Free Space | 61,95% Space Free | Partition Type: NTFS
 
Computer Name: ALKAN-4A88F3B7D | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
PRC - C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_062a651.dll ()
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (HotspotShieldService) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (libusbd) -- C:\WINDOWS\system32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found
DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found
DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found
DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found
DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found
DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found
DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SPLITCAM) -- C:\WINDOWS\system32\drivers\splitcam.sys (LoteSoft Co.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (asusgsb) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (ftsata2) -- C:\WINDOWS\System32\drivers\ftsata2.sys (Promise Technology, Inc.)
DRV - (Si3114r5) -- C:\WINDOWS\System32\drivers\Si3114r5.sys (Silicon Image, Inc)
DRV - (Si3132r5) -- C:\WINDOWS\System32\drivers\Si3132r5.sys (Silicon Image, Inc)
DRV - (Si3132) -- C:\WINDOWS\System32\drivers\si3132.sys (Silicon Image, Inc.)
DRV - (Si3124) -- C:\WINDOWS\System32\drivers\si3124.sys (Silicon Image, Inc.)
DRV - (ulsata2) -- C:\WINDOWS\System32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (PAC7302) -- C:\WINDOWS\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (ASUSVRC) -- C:\WINDOWS\system32\drivers\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys ()
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.1
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.2.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Ask.com"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "hxxp://de.msn.com"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-DE&FORM=MICGEP&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.21 23:26:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.21 23:26:03 | 000,000,000 | ---D | M]
 
[2010.01.26 22:23:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions
[2010.01.28 12:03:47 | 000,000,000 | ---D | M] (FireShot) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.01.27 23:46:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 12:44:39 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010.08.06 12:48:18 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.02.20 13:41:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.24 00:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\plugin@yontoo.com
[2010.08.11 19:13:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\support@predictad.com
[2010.09.12 14:22:28 | 000,002,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\askcom.xml
[2010.02.12 23:05:33 | 000,002,147 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\bing.xml
[2010.06.08 11:29:10 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\conduit.xml
[2010.02.13 17:22:43 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\searchplugins\sweetim.xml
[2010.10.21 18:57:13 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.06 21:03:24 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.20 00:08:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.09.20 00:08:07 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.29 23:15:03 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.29 23:15:03 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.29 23:15:03 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.23 18:32:42 | 000,003,803 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\MyHeritage.xml
[2010.01.29 23:15:03 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.29 23:15:03 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.21 18:23:25 | 000,423,844 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1				practivate.adobe.com
O1 - Hosts: 127.0.0.1				ereg.adobe.com
O1 - Hosts: 127.0.0.1				activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-3.adobe.com
O1 - Hosts: 127.0.0.1				3dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1				adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1				ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1				activate-sea.adobe.com
O1 - Hosts: 127.0.0.1				activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1				wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1				wip3.adobe.com
O1 - Hosts: 74.208.10.249 gs.apple.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 14607 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Client\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\phozw1v9.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.80.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [SCHelper.exe] C:\Programme\Spyware Cease\SCHelper.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Java Update Manager] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe File not found
O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\WINDOWS\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {490746C1-AEC2-4ADA-AEB5-393DE5D02017} hxxp://dist.cdnetworks.co.kr/cdndist/neomapa/bin/NeoLauncher.cab (NeoLauncherCtl Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop Components:1 () - hxxp://itunes.apple.com/de/album/around-the-world-ep/id28127101
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (sasnative32) -  File not found
O34 - HKLM BootExecute: (aswBoot.exe /M:437c090b2) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.21 23:21:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2010.10.21 20:33:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.10.21 20:33:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.10.21 20:33:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.10.21 20:33:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.10.21 20:33:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.21 20:32:27 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.10.21 20:31:38 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.10.21 19:46:36 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe
[2010.10.21 19:23:29 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.10.21 19:22:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
[2010.10.21 19:09:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Sunbelt Software
[2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.21 18:13:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.10.19 13:34:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mihriban
[2010.10.17 17:51:11 | 000,000,000 | ---D | C] -- C:\My Music
[2010.10.16 18:16:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\usb stick
[2010.10.15 11:43:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2010.10.15 02:12:24 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010.10.15 02:10:36 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010.10.15 02:10:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010.10.15 02:10:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010.10.15 02:10:27 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010.10.15 01:36:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AeriaGames
[2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh
[2010.10.13 23:26:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\__MACOSX
[2010.10.13 14:00:49 | 000,000,000 | ---D | C] -- C:\Programme\Gravity
[2010.10.13 11:50:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neuer Ordner
[2010.10.11 20:56:02 | 000,000,000 | ---D | C] -- C:\GamerKraft
[2010.10.11 20:05:54 | 000,000,000 | ---D | C] -- C:\pakour spiel
[2010.10.09 03:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\gimme some house
[2010.10.02 15:06:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
[2010.10.02 09:17:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unsere Möbel
[2010.10.02 00:10:16 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2010.10.01 20:54:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\HD Wallpaper
[2010.10.01 19:16:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\EA Games
[2010.10.01 19:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\EA Games
[2010.10.01 17:51:33 | 000,000,000 | ---D | C] -- C:\Programme\EA GAMES
[2010.09.24 19:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TS3Client
[2010.09.24 19:45:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.09.24 02:20:32 | 000,000,000 | ---D | C] -- C:\gamigo
[2010.08.11 19:12:58 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Gemeinsame Dateien\AskToolbarInstaller.exe
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.21 23:25:43 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\Automatic troubleshooting.job
[2010.10.21 23:25:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.21 23:23:17 | 000,002,213 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk
[2010.10.21 23:23:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.21 23:21:23 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat
[2010.10.21 22:22:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500UA.job
[2010.10.21 20:33:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.21 20:32:55 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.10.21 20:31:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.10.21 19:23:06 | 000,000,847 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.10.21 18:23:25 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.10.21 18:22:58 | 000,423,844 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182325.backup
[2010.10.21 18:22:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-117609710-1801674531-500Core.job
[2010.10.21 16:33:59 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.10.21 16:33:51 | 003,410,996 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3
[2010.10.21 03:13:17 | 000,012,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG
[2010.10.21 01:43:27 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.10.20 15:25:25 | 000,002,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk
[2010.10.19 20:29:21 | 003,138,949 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&amp;#39;m - Tout Est Dit - Reflets ( bonne version ).mp3
[2010.10.19 20:20:22 | 002,563,002 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3
[2010.10.19 20:17:42 | 004,457,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010.10.19 20:13:04 | 004,492,719 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3
[2010.10.19 20:05:04 | 002,672,507 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3
[2010.10.19 20:02:18 | 005,965,189 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert  Sick Dubstep Remix.mp3
[2010.10.19 19:56:05 | 003,622,946 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3
[2010.10.18 13:34:07 | 004,364,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3
[2010.10.17 00:52:25 | 000,001,360 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2010.10.17 00:52:25 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101021-182258.backup
[2010.10.15 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.10.15 09:15:19 | 002,151,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.13 23:55:28 | 000,001,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010.10.13 18:41:49 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk
[2010.10.13 18:41:49 | 000,000,670 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk
[2010.10.13 00:47:10 | 001,290,889 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG
[2010.10.12 20:27:21 | 000,230,432 | ---- | M] () -- C:\PA7302.DAT
[2010.10.11 14:48:27 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&amp;#39;assaut - Desole.mp3
[2010.10.11 13:16:21 | 003,191,612 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&amp;#39;assaut - Desole.mp3
[2010.10.11 12:40:32 | 002,554,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3
[2010.10.11 12:19:18 | 005,159,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe
[2010.10.10 11:10:43 | 000,001,858 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk
[2010.10.10 10:37:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx
[2010.10.07 22:04:44 | 000,555,614 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.10.07 22:04:44 | 000,505,106 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.07 22:04:44 | 000,116,596 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.10.07 22:04:44 | 000,088,952 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.06 21:23:43 | 003,103,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3
[2010.10.06 20:38:40 | 000,000,076 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat
[2010.10.02 20:11:18 | 000,115,663 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg
[2010.10.01 22:12:29 | 010,422,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3
[2010.09.30 17:39:30 | 000,154,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf
[2010.09.30 17:37:54 | 000,073,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt
[2010.09.30 17:11:54 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt
[2010.09.27 18:24:04 | 478,959,325 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw
[2010.09.26 21:51:45 | 000,120,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3
[2010.09.26 21:51:04 | 000,011,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.09.25 15:48:46 | 479,012,625 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw
[2010.09.24 21:31:18 | 000,423,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg
[2010.09.24 19:45:39 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2010.09.24 14:58:24 | 000,001,546 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk
[2010.09.24 14:58:24 | 000,001,324 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk
[2010.09.23 19:40:01 | 000,091,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg
[2010.09.23 19:39:56 | 000,099,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg
[2010.09.23 19:39:51 | 000,105,388 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg
[2010.09.23 19:39:43 | 000,066,206 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg
[2010.09.23 19:39:39 | 000,071,404 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg
[2010.09.23 19:39:35 | 000,092,839 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg
[2010.09.23 19:39:33 | 000,102,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg
[2010.09.23 19:39:15 | 000,078,093 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg
[2010.09.23 19:39:11 | 000,081,695 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg
[2010.09.23 19:39:08 | 000,086,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg
[2010.09.23 19:39:04 | 000,089,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg
[2010.09.23 19:38:59 | 000,089,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.21 20:33:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.21 19:23:06 | 000,000,847 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Ad-Aware.lnk
[2010.10.21 16:31:10 | 003,410,996 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Whoopi Goldberg - Sister Act - Oh Maria.mp3
[2010.10.21 03:13:17 | 000,012,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenanntdgfdsg.JPG
[2010.10.16 17:18:01 | 003,622,946 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Christina Milian - Am To Pm (instrumental).mp3
[2010.10.16 17:13:47 | 004,364,406 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Stromae - .Alors on danse.mp3
[2010.10.16 17:13:33 | 003,138,949 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Shy&amp;#39;m - Tout Est Dit - Reflets ( bonne version ).mp3
[2010.10.16 17:13:27 | 002,563,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Aidonia - Wine N Bubble [Lyrics].mp3
[2010.10.16 17:13:18 | 004,457,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mt Eden Dubstep - Still Alive.mp3
[2010.10.13 23:25:59 | 005,159,936 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe
[2010.10.13 18:41:49 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO Updater.exe.lnk
[2010.10.13 18:41:49 | 000,000,670 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Inception RO.exe.lnk
[2010.10.13 00:46:54 | 001,290,889 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\SDC15486.JPG
[2010.10.12 20:27:21 | 000,230,432 | ---- | C] () -- C:\PA7302.DAT
[2010.10.11 12:58:54 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Sexion D&amp;#39;assaut - Desole.mp3
[2010.10.11 12:35:13 | 004,492,719 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Major Lazer - Bruk Out (Foamo Remix).mp3
[2010.10.11 12:35:04 | 002,554,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Mc Cidinho-1 Funk.mp3
[2010.10.11 12:35:00 | 003,191,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sexion D&amp;#39;assaut - Desole.mp3
[2010.10.11 12:34:53 | 002,672,507 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Wiz Khalifa - The Statement [Official Video].mp3
[2010.10.11 12:34:47 | 005,965,189 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Lloyds Tsb Advert  Sick Dubstep Remix.mp3
[2010.10.10 11:10:43 | 000,001,858 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Die Sims™ 2 Deluxe.lnk
[2010.10.10 10:37:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument (2).docx
[2010.10.06 21:23:43 | 003,103,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\cardigans.lovefool.mp3
[2010.10.05 15:28:13 | 479,012,625 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2.1_7B405_Restore.ipsw
[2010.10.05 15:20:42 | 478,959,325 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\iPad1,1_3.2_7B367_Restore.ipsw
[2010.10.02 20:11:18 | 000,115,663 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\my-name-is-khan-wallpaper-1.jpg
[2010.10.01 17:47:31 | 010,422,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\01. Pas.mp3
[2010.09.30 17:39:29 | 000,154,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\AUFTRAG.pdf
[2010.09.30 17:11:54 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\~$UFTRAG.odt
[2010.09.30 17:11:52 | 000,073,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\AUFTRAG.odt
[2010.09.26 21:51:45 | 000,120,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Track13.mp3
[2010.09.26 21:25:47 | 000,011,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Neu Microsoft Office Word-Dokument.docx
[2010.09.25 01:05:56 | 000,423,455 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Foto-0084.jpg
[2010.09.24 23:03:26 | 000,000,076 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\aionmemo_c1b89fb0.dat
[2010.09.24 19:45:39 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2010.09.24 14:58:24 | 000,001,546 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\War Of Angels.lnk
[2010.09.24 14:58:24 | 000,001,324 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WarOfAngelsRegistration.lnk
[2010.09.23 19:40:01 | 000,091,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59440_143272119050133_100001020366314_210611_3351625_n.jpg
[2010.09.23 19:39:56 | 000,099,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58714_143272032383475_100001020366314_210608_4668506_n.jpg
[2010.09.23 19:39:51 | 000,105,388 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\62955_143271972383481_100001020366314_210606_6658374_n.jpg
[2010.09.23 19:39:42 | 000,066,206 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58576_143271569050188_100001020366314_210596_486803_n.jpg
[2010.09.23 19:39:38 | 000,071,404 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\59904_143271512383527_100001020366314_210594_634072_n.jpg
[2010.09.23 19:39:35 | 000,092,839 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58778_143271465716865_100001020366314_210592_3616781_n.jpg
[2010.09.23 19:39:32 | 000,102,457 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60862_143271442383534_100001020366314_210591_4554289_n.jpg
[2010.09.23 19:39:15 | 000,078,093 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60285_143271232383555_100001020366314_210584_6636367_n.jpg
[2010.09.23 19:39:11 | 000,081,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60373_143271209050224_100001020366314_210583_4643076_n.jpg
[2010.09.23 19:39:07 | 000,086,633 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\63791_143271179050227_100001020366314_210582_5452682_n.jpg
[2010.09.23 19:39:04 | 000,089,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\58457_143271149050230_100001020366314_210581_1581744_n.jpg
[2010.09.23 19:38:59 | 000,089,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\60235_143271125716899_100001020366314_210580_7620129_n.jpg
[2010.09.15 03:48:10 | 000,034,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\RKHit.sys
[2010.09.15 03:20:22 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.09.10 03:03:54 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2010.08.25 23:37:18 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.08.12 03:57:54 | 000,706,624 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.06.07 19:02:03 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2010.05.28 02:04:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010.04.21 20:19:05 | 000,164,864 | ---- | C] () -- C:\Programme\UNWISE.EXE
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010.03.20 20:53:31 | 000,000,354 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2010.02.23 00:10:18 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.02.14 18:50:02 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.02.14 18:50:02 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.02.05 12:50:32 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2010.01.30 14:30:04 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.01.30 14:29:12 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.27 00:16:40 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.01.26 23:53:23 | 000,139,776 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.26 21:59:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.26 21:50:21 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.01.26 21:48:14 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2010.01.26 21:38:52 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2010.01.26 21:33:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.07.09 03:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.06.18 15:00:50 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini
[2008.06.18 14:59:00 | 001,800,192 | ---- | C] () -- C:\WINDOWS\System32\hmtcdres.dll
[2008.06.18 14:58:59 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\hmtcd.dll
[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.04.23 20:00:00 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2007.03.20 17:44:02 | 000,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

< End of report >
         
--- --- ---

[/CODE]


2.

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.10.2010 23:29:40 - Run 3
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 288,55 Gb Free Space | 61,95% Space Free | Partition Type: NTFS
 
Computer Name: ALKAN-4A88F3B7D | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [7zip Packen und SFX Erstellen] -- C:\Programme\7-zip\7z_SFX-GUI-Pack.exe   "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster
"58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"11:TCP" = 11:TCP:*:Enabled:WarriorEpic
"11:UDP" = 11:UDP:*:Enabled:WarriorEpic
"882:TCP" = 882:TCP:*:Enabled:WarriorEpic
"882:UDP" = 882:UDP:*:Enabled:WarriorEpic
"575:TCP" = 575:TCP:*:Enabled:WarriorEpic
"575:UDP" = 575:UDP:*:Enabled:WarriorEpic
"60:TCP" = 60:TCP:*:Enabled:WarriorEpic
"60:UDP" = 60:UDP:*:Enabled:WarriorEpic
"56:TCP" = 56:TCP:*:Enabled:WarriorEpic
"56:UDP" = 56:UDP:*:Enabled:WarriorEpic
"629:TCP" = 629:TCP:*:Enabled:WarriorEpic
"629:UDP" = 629:UDP:*:Enabled:WarriorEpic
"150:TCP" = 150:TCP:*:Enabled:WarriorEpic
"150:UDP" = 150:UDP:*:Enabled:WarriorEpic
"704:TCP" = 704:TCP:*:Enabled:WarriorEpic
"704:UDP" = 704:UDP:*:Enabled:WarriorEpic
"584:TCP" = 584:TCP:*:Enabled:WarriorEpic
"584:UDP" = 584:UDP:*:Enabled:WarriorEpic
"8394:TCP" = 8394:TCP:*:Enabled:League of Legends Launcher
"8394:UDP" = 8394:UDP:*:Enabled:League of Legends Launcher
"58186:TCP" = 58186:TCP:*:Enabled:Pando Media Booster
"58186:UDP" = 58186:UDP:*:Enabled:Pando Media Booster
"6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
"6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
"6893:TCP" = 6893:TCP:*:Enabled:League of Legends Launcher
"6893:UDP" = 6893:UDP:*:Enabled:League of Legends Launcher
"6927:TCP" = 6927:TCP:*:Enabled:League of Legends Launcher
"6927:UDP" = 6927:UDP:*:Enabled:League of Legends Launcher
"6951:TCP" = 6951:TCP:*:Enabled:League of Legends Launcher
"6951:UDP" = 6951:UDP:*:Enabled:League of Legends Launcher
"8395:TCP" = 8395:TCP:*:Enabled:League of Legends Launcher
"8395:UDP" = 8395:UDP:*:Enabled:League of Legends Launcher
"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"K:\Erdem\Garena\Garena.exe" = K:\Erdem\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Programme\Aqua\AquaDownloadern.exe" = C:\Programme\Aqua\AquaDownloadern.exe:*:Enabled:AquaDownloadern -- (CDNetworks)
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe" = C:\Programme\ijji\ijji REACTOR\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\Programme\League of Legends\Air\LolClient.exe" = C:\Programme\League of Legends\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Programme\League of Legends\Game\League of Legends.exe" = C:\Programme\League of Legends\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Programme\Xfire\Xfire.exe" = C:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Programme\Street Fighter IV\StreetFighterIV.exe" = C:\Programme\Street Fighter IV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Programme\Tunngle\TnglCtrl.exe" = C:\Programme\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Programme\Tunngle\Tunngle.exe" = C:\Programme\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Programme\Java\jre1.6.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Vindictus\en-US\NMService.exe" = C:\Nexon\Vindictus\en-US\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe" = C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\FJ_Downloader.exe:*:Enabled:FreeJack_Downloader -- File not found
"C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe" = C:\Dokumente und Einstellungen\Administrator\Desktop\umbrella-4.1.6.exe:*:Enabled:Umbrella - Save your SHSH! -- ()
"C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HEX-5823-6893-6818\manager.exe:*:Enabled:Java Update Manager -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01AE8E54-F235-74C5-9875-A655C6555634}" = CCC Help Italian
"{027AA9DB-7176-2929-ED2E-38C0317F3566}" = Catalyst Control Center Localization All
"{050227B0-1E77-D377-A63D-EB5F12318FB8}" = Catalyst Control Center Localization Korean
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{071E5FA3-20CA-BE1D-7AE4-D0514507E1C3}" = CCC Help Danish
"{07F31E45-2E01-8663-1B57-E826FCDA09E3}" = Catalyst Control Center Localization Japanese
"{0834403C-CC0C-D2A3-1684-D04C82D04FE4}" = Catalyst Control Center Localization Russian
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}" = SplitCam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DE817CB-9294-F350-64F0-36E42D7B27F2}" = CCC Help French
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{0E2E9FD2-3C63-FBAD-F41E-736CF1DA5BC0}" = Catalyst Control Center Localization Chinese Standard
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{116A277E-6809-825D-BDCB-E32DCDA231E2}" = Catalyst Control Center Graphics Light
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{142D633B-6D5E-43FC-ADCD-BF71C495F91C}_is1" = EKRO Fullclient v1.0
"{147AAF68-A89A-8E2E-97EE-A1F1430F9F68}" = Catalyst Control Center Graphics Previews Common
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{160625BC-937E-6F4A-58F7-6BCB7C74148B}" = ccc-core-preinstall
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17EAC83B-F259-B0FE-BABC-802E06E03654}" = CCC Help Turkish
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BA7B068-4719-42A3-B553-D4ED97434F92}" = ASUS Utilities
"{1BF23060-E1E1-2EE1-037D-264D9EC15CBD}" = ccc-core-preinstall
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1EFE9082-F3EC-13CA-FD37-E1490531CDF3}" = CCC Help Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232D00D0-F1CE-BEE3-58DD-2C826007D917}" = CCC Help Greek
"{23FC20B7-0119-B007-B788-0A4EB46336DA}" = Catalyst Control Center Localization Spanish
"{241647C2-9318-D048-67BA-E64ED5F2CCC4}" = Catalyst Control Center Core Implementation
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2959C2F1-5C0C-AAEE-1D94-8B3AE1806C31}" = Catalyst Control Center Localization Norwegian
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2B274D3F-8D66-91B3-0555-C0ED7019F3C6}" = CCC Help Russian
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30F4418F-6CBF-9CC2-1AC3-25234DCAD4CE}" = CCC Help English
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{391F4C49-7ADF-84E6-2028-19310E7AC8E1}" = Catalyst Control Center Localization Thai
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC0DC58-B167-51D7-4440-2E02F63C942E}" = CCC Help Finnish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{3FD5A0F7-A39B-06D3-07E5-E0C5DE3267B7}" = CCC Help Japanese
"{40EF588A-3C0D-5779-0951-74C0BCA661C2}" = Catalyst Control Center Localization Dutch
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{4514B9C2-8E75-CF9D-B148-8ED40CAA35F0}" = Catalyst Control Center HydraVision Full
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{465AE684-39DF-F8BC-A702-81860DE6EBCF}" = CCC Help Spanish
"{46C6315A-8E24-F30C-0EB1-3D22DFACBCD8}" = Catalyst Control Center Localization Turkish
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4956D70D-E758-7CDC-D131-2895E8A5DAD4}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A66FB4E-F08F-6DCD-1823-4BDACC6F7D67}" = CCC Help Hungarian
"{4D7BE862-435C-0F6F-0558-B3E6DCA839E2}" = CCC Help Portuguese
"{5091043D-D941-E17E-1E0F-0B2F1DBE4D9E}" = ccc-core-static
"{520AE942-F7F0-8A53-4F34-FED00ADAC639}" = Catalyst Control Center Localization Czech
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{526A494F-8A59-3E10-EEF4-52400B4D72F3}" = Catalyst Control Center Localization Italian
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{583F8A3F-2D92-E13B-AF5D-E362DDFA13E7}" = Catalyst Control Center Core Implementation
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{6347B976-4310-4555-A35F-91D607708F07}" = CCC Help Thai
"{63886E34-F9F8-378B-A7FB-710C6ED9AAEB}" = ATI Catalyst Install Manager
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{648C8BCF-424F-4C68-AF43-9AB9CF87859E}_is1" = UPXShell 3.2.5.2006
"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
"{66064139-314F-44B2-805A-0AAC71A32E02}" = ccc-utility
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CA5F5DC-33C3-D56F-F399-BD5792397089}" = CCC Help English
"{6D0955B9-C1D6-CB1C-6CE3-BFAC9696A882}" = CCC Help Polish
"{6DA81A72-2C13-34D8-BD98-B60DE6FEB55B}" = ccc-utility
"{6EDCACF0-12BD-2BD2-6161-54ABE116B185}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1" = ConTEXT v0.98.6
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{7409D3F5-CB81-8ECF-656C-9C096AA7FA7A}" = CCC Help French
"{745D2782-BB1E-51EA-5BDB-1E1BE7590594}" = CCC Help English
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{7B7435AF-62A9-224E-94F2-A5C0408E7894}" = Catalyst Control Center Localization French
"{7B8F4AA8-0426-64EF-1727-6E4911446307}" = Catalyst Control Center Localization Portuguese
"{7C6B146C-735F-2E95-8A96-450911F3446B}" = CCC Help Portuguese
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D724F-05A2-81D1-B3D0-801761E9EB94}" = Catalyst Control Center Localization German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
"{88F1EB35-7E38-AFA6-49DD-ABD004ACA1B1}" = CCC Help Polish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C377565-02FD-493A-B85F-8D9A33D326F0}" = Aion
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94928C91-8A2E-A94E-A7EF-C41FBE515718}" = Catalyst Control Center Graphics Previews Common
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96DA8A90-1BD6-F86A-D51B-B46882A80980}" = ccc-utility
"{97AA05F0-CF31-4CFA-F3BD-B6F3A0022579}" = CCC Help Korean
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9879DD41-CD73-4BBC-ADEA-85005979F7F8}" = ccc-core-static
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{A15102F8-B63C-31C5-EDBC-D3614AFAA13D}" = CCC Help Norwegian
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A454D257-0E6D-BCD1-2A10-78FEDB5BB21E}" = Catalyst Control Center Graphics Full New
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4D4FC6F-5BE6-4ECB-49CC-AFD566A93F23}" = Catalyst Control Center Graphics Full Existing
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A73FBA2D-7C64-F293-3140-EB02DDBEFA2E}" = Catalyst Control Center Localization Hungarian
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509
"{AC2B4022-8F75-6AA5-612F-9598EFD31C9B}" = Catalyst Control Center InstallProxy
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AD0F1745-3B34-443B-E137-A21271A17D74}" = CCC Help Chinese Traditional
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEBE3F70-585E-17C7-C91D-964C91772410}" = ccc-utility
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3542011-52A1-8782-EEB9-B72AB9EC7336}" = Catalyst Control Center Graphics Light
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C1D27535-0AD9-1BFB-7F76-2E74BED09A41}" = Catalyst Control Center Localization Danish
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam 
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD87C29-38A1-FEBB-1A29-B8412B47509C}" = Catalyst Control Center Graphics Previews Common
"{CC37A914-E541-4A79-0DF8-B746444E7D5A}" = Catalyst Control Center Localization Polish
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD23CF9D-7B10-C68C-7390-97EC5087E1F4}" = CCC Help Dutch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1DD73EB-36DE-D4E8-421A-88D0C8FD998F}" = ccc-core-static
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D5D0178D-57E4-C32C-5275-401F384303A7}" = CCC Help Hungarian
"{D70552B4-B68A-367B-F669-552E97667F32}" = CCC Help German
"{D824F44B-B6AF-E93D-F7A3-19E02319B751}" = Catalyst Control Center Localization Finnish
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DBAA7DF5-7DE0-DD8D-A748-5A35AC2DA420}" = CCC Help Italian
"{DD7C56A2-8E85-AABA-D807-F61C135CC1AE}" = Catalyst Control Center Graphics Full Existing
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E320ECE8-FE7F-425C-8F8C-33C1D9907F93}" = SlimDrivers
"{E41B53EF-A153-4A11-5155-AE9DEF42EDE2}" = Catalyst Control Center Localization Greek
"{E7137FEB-B06C-781F-2ACF-962AF992FC2D}" = Catalyst Control Center Localization Swedish
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8D57727-8BC3-F093-A3EE-94BDD55305F5}" = CCC Help Czech
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9BB066A-632F-4849-CDD4-5B7BCFB285B6}" = Catalyst Control Center Graphics Full New
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EEDE89A0-9412-52AF-563D-A335D6C00BA5}" = CCC Help Swedish
"{F08826AF-C414-6921-9A50-D39972C7D975}" = CCC Help German
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1972370-E7EE-B572-761B-FB7FAE17595F}" = Catalyst Control Center Localization Chinese Traditional
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F454F142-7241-D804-D067-CCCE016643C3}" = Skins
"{F527C466-971D-B4EE-BBF7-076C805C1F59}" = CCC Help English
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_14cffbe014b566bef9e9125ea146ab9" = Adobe Creative Suite 4 Master Collection
"Akamai" = Akamai NetSession Interface
"AquaDownloadern" = AquaDownloadern 2,1,56,0
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AutocompletePro3_is1" = AutocompletePro
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Burn4Free" = Burn4Free CD and DVD
"CCleaner" = CCleaner
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative WebCam Center" = 
"Daniusoft Video Converter_is1" = Daniusoft Video Converter(Build 2.1.1.0)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 1.49
"ie7" = Internet Explorer 7
"IL Download Manager" = IL Download Manager
"Inception RO Installer 1.00" = Inception RO Installer 1.00
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam 
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"League of Legends_is1" = League of Legends
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.5.14)" = Mozilla Firefox (3.5.14)
"Neffy" = Neffy 1,3,29,0
"NVIDIA Drivers" = NVIDIA Drivers
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"PoiZone" = PoiZone
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ragnarok Online" = Ragnarok Online
"Runtimes" = Allgemeine Runtime Dateien
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Street Fighter IV_is1" = Street Fighter IV
"TaskSwitchXP" = TaskSwitchXP
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Theme 1.00" = Theme 1.00
"TuneUp Utilities" = TuneUp Utilities
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"Unlocker" = Unlocker 1.8.6
"Vindictus" = Vindictus
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WarOfAngels" = War Of Angels
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Sidebar" = Windows Sidebar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
"XPize Darkside" = XPize Darkside 2.1
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XPSP3UPPACK" = Sereby's XP SP3 Updatepack Version 3.8.6
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 20.10.2010 18:11:07 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 21.10.2010 11:02:22 | Computer Name = ALKAN-4A88F3B7D | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 17.10.2010 19:20:12 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:26:01 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:26:01 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:34:27 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 18.10.2010 07:34:27 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 18:10:07 | Computer Name = ALKAN-4A88F3B7D | Source = DCOM | ID = 10010
Description = Der Server "{DC0C2640-1415-4644-875C-6F4D769839BA}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 20.10.2010 20:53:16 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 20:53:16 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 21:04:23 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
Error - 20.10.2010 21:04:23 | Computer Name = ALKAN-4A88F3B7D | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk6\D.
 
 
< End of report >
         
--- --- ---

[/CODE]

Alt 22.10.2010, 14:35   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
Wieso darf Dein Rechner Adobe nicht erreichen?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.10.2010, 14:47   #10
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



wie nicht erreichen? o.o ( hab kein plan wieso )

und falls es hilft wenns auf antivir klicken will kommt ein error :" onDblClick()failed " kann nur mit ok bestätigen.

und wenn ich halt mozilla öffne kommt auch ein error ( was üblicherweise auch nie da war ) :" Auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigung, um auf das Element zugreifen zu können. " mit nem klick auf OK geht mozilla auf. ( als Pfad ist C:\Programme\Java\jre6\lib\deploy\.....\jqsnotify.exe angegeben)

Wenn ich auf Systemsteuerung -> System -> Hardware klicke, ebenfalls ein error das ich auf das angegebene Gerät bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über . . . ..

Bin als Admin drin und hab auch nur dieses Konto.

Hoffe die Infos können bei der Behebung meines Problems helfen >.<

Ahja und wenn ich Ad Aware starten will, steht da failed to connect to service obwohl internet usw besteht ( genau so wie im game League of legends ) und wenn ich den Internet explorer starte und ca eine sek warte, ist es so als ob die maus 1000 mal auf aktualisieren klicken würde ohne ein Ende ( kann es dann nur noch über task manager schließen ).

Geändert von Naze (22.10.2010 um 15:03 Uhr)

Alt 23.10.2010, 14:54   #11
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



und schon eine idee was ich noch machen könnte? . . .

Alt 23.10.2010, 14:54   #12
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



sry wegen doppelpost >.<

Alt 23.10.2010, 19:16   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!!
Wähle die Sprache deiner Wahl und anschließend die Option 1.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 10:23   #14
Naze
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Zitat:
Zitat von cosinus Beitrag anzeigen
Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus. VISTA-User: Rechtsklick => Ausführen als Admin!!
Wähle die Sprache deiner Wahl und anschließend die Option 1.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).
Bekomme nur eine Fehlermeldung, sobald ich es ausführen will ( als Admin ausgeführt )

"C/Lop SD/LopSD.cmd" konnte nicht gefunden werden. Stellen Sie sicher, das sie den Namen korrekt eingegeben haben und wiederholen Sie den Vorgang. Klicken Sie auf "Start" und anschließend auf "Suchen", um eine Datei zu suchen.

Alt 24.10.2010, 14:03   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - Standard

Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten



Naja, dann vergiss mal Lop S&D...

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
DRV - (xhunter1) -- C:\WINDOWS\xhunter1.sys File not found
DRV - (XDva359) -- C:\WINDOWS\System32\XDva359.sys File not found
DRV - (XDva347) -- C:\WINDOWS\System32\XDva347.sys File not found
DRV - (XDva346) -- C:\WINDOWS\System32\XDva346.sys File not found
DRV - (XDva343) -- C:\WINDOWS\System32\XDva343.sys File not found
DRV - (XDva341) -- C:\WINDOWS\System32\XDva341.sys File not found
DRV - (XDva296) -- C:\WINDOWS\System32\XDva296.sys File not found
DRV - (XDva295) -- C:\WINDOWS\System32\XDva295.sys File not found
DRV - (vtany) -- C:\WINDOWS\vtany.sys File not found
DRV - (Video3D) -- C:\WINDOWS\System32\Drivers\Video3D32.sys File not found
DRV - (GarenaPEngine) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\MMZ21.tmp File not found
DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (ADASPROT) -- C:\Programme\Advanced System Optimizer 3\adasprot32.sys File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{0412655f-ab85-11df-bc09-00306724cd87}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\AutoRun\command - "" = K:\muza\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\explore\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{ad4f4174-1aef-11df-bafe-001cdf78a371}\Shell\open\command - "" = K:\muza\\sguza.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\AutoRun\command - "" = K:\rane\kure.exe -- File not found
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\explore\command - "" = K:\
O33 - MountPoints2\{b55eb244-748b-11df-bbb7-00306724cd87}\Shell\open\command - "" = K:\rane\\kure.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\{c2c35c96-197d-11df-baf9-001cdf78a371}\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\POGRJESILA\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\explore\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
O33 - MountPoints2\K\Shell\open\command - "" = K:\POGRJESILA\\maychi.exe -- File not found
[2010.10.13 23:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\.shsh
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten
.com, ad-aware, antivir guard, auswerten, avira, bho, bonjour, browser, desktop, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, hotspot, hotspot shield, hängen, log auswerten, nicht mehr öffnen, problem, scan, senden, server, software, spyware, starten, u.s.w., virus, windows, windows xp, yontoo



Ähnliche Themen: Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten


  1. Windows 7: Auf allen Webseiten erscheinen aus allen richtungen Werbebanner und neue Werbefenster werden automatisch göffnet.
    Log-Analyse und Auswertung - 26.04.2015 (7)
  2. Grün und blauunterstrichene Wörter mit allen möglichen Werbungen
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (8)
  3. Virus der Avira verhindert
    Plagegeister aller Art und deren Bekämpfung - 27.05.2014 (1)
  4. was tuhen wenn adwcleaner mir den Zugang zu prakitsch allen Internetseiten speert?
    Log-Analyse und Auswertung - 05.03.2014 (5)
  5. Virus der Hochfahren verhindert
    Plagegeister aller Art und deren Bekämpfung - 18.02.2012 (9)
  6. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  7. HiJackThis Log zum auswerten
    Log-Analyse und Auswertung - 09.05.2011 (14)
  8. HiJackThis Log auswerten
    Log-Analyse und Auswertung - 05.08.2010 (1)
  9. Trojaner von HiJackThis nicht erkannt! Verhindert starten von Firefox und IExplorer
    Log-Analyse und Auswertung - 28.02.2010 (1)
  10. Virus gefunden! Wer kann HijackThis-Datei auswerten?
    Log-Analyse und Auswertung - 30.06.2009 (1)
  11. HiJackThis File auswerten (virus!?)
    Log-Analyse und Auswertung - 17.05.2009 (3)
  12. Virus verhindert Formatieren? oO
    Plagegeister aller Art und deren Bekämpfung - 22.07.2008 (7)
  13. Könnt Ihr bitte mein HiJackThis Log auswerten, glaube Virus!
    Log-Analyse und Auswertung - 30.04.2008 (10)
  14. HiJackThis Log-File AUSWERTEN! Virus/Trojaner server.exe
    Log-Analyse und Auswertung - 18.03.2007 (1)
  15. hijackthis auswerten
    Log-Analyse und Auswertung - 08.07.2006 (1)
  16. Plagegeist verhindert DSL-Zugang
    Plagegeister aller Art und deren Bekämpfung - 16.04.2006 (5)
  17. ZA verhindert Zugang vom internen Netzwerk
    Antiviren-, Firewall- und andere Schutzprogramme - 21.09.2003 (2)

Zum Thema Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten - hi leude. . . ich habe ein Virenproblem ( gehe davon aus ). . . Kann viele Programme nicht mehr starten, installieren u.s.w. ( steht immer öffnet mit ) systemwiederherstellung - Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten...
Archiv
Du betrachtest: Virus verhindert Zugang zu allen Möglichen. . . pls HijackThis Log auswerten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.