Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 30.11.2010, 10:33   #1
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo an alle,

Habe irgendwie einen win32:adware.gen an laptop hier das HijackThis Log. - Kann mir vieleicht jemand helfen. Bin Anfänger was PC-Krankheiten bzw. heilen angeht - vielen dank


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:02:03, on 30.11.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\MacroData Inc\NetDrive\netdrive.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Delzo & Lara.Patricia-PC\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ParentalControl Bar - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ParentalControl Bar - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\PROGRA~1\PARENT~1\PARENT~1.DLL
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Thunderbird] "C:\Program Files\Mozilla Thunderbird\thunderbird.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe -tray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Cacheman Service (CachemanService) - Unknown owner - C:\Program Files\Cacheman\CachemanServ.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: HP ProtectTools Gerätesperre/Überwachung (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NetDrive Service (ndsvc) - MacroData Inc. - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7783 bytes

Alt 30.11.2010, 16:35   #2
nochdigger
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo und

Zitat:
Habe irgendwie einen win32:adware.gen an laptop...
welches Programm hat was wo gefunden (Pfad\Dateiname)?

Lass bitte Malwarebytes dein System prüfen und erstelle anschließend ein Log mit OTL, poste entstandenen Logfiles hierher, dann sehen wir weiter.

MFG
__________________

__________________

Alt 30.11.2010, 17:59   #3
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo NochDigger,


Danke für deinen bemühungen, mein Antivirus programm ist folgendes:

avast! Free Antivirus 5.0.677

dieses findet auch den Virus/Trojaner oder so..

welches programm genau infisziert ist weis ich nicht genau:

aber er schreibt was von svchost.exe im win32 ordner bzw. ist es manchmal eine Datei die er blockt bzw. eine Webseite.

Malwarebyte LOG File:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5220

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

30.11.2010 19:40:55
mbam-log-2010-11-30 (19-40-54).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 135564
Laufzeit: 6 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 3
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.3.74.0 (Adware.Zango) -> Value: Zango 10.3.74.0 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files\flv direct player (Adware.BHO.FL) -> Delete on reboot.
c:\program files\free registry cleaner for vista (Rogue.FreeRegistryCleanerForVista) -> Delete on reboot.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player (Adware.FLVPlayer) -> Delete on reboot.

Infizierte Dateien:
c:\program files\flv direct player\flvplayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\flv direct player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
c:\program files\free registry cleaner for vista\backuphkcu.reg (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
c:\programdata\microsoft\Windows\start menu\Programs\flv direct player\uninstall flv direct player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.


Danke nochmal

bertl
__________________

Geändert von bertl. (30.11.2010 um 18:44 Uhr)

Alt 30.11.2010, 18:47   #4
nochdigger
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo

wenn du Avast startest, solltest du unter -> Verwaltung -> Virus Container unter Ursprünglicher Ort die Datei sowie den Pfad finden.

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 30.11.2010, 19:04   #5
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Zitat:
Zitat von nochdigger Beitrag anzeigen
Hallo

wenn du Avast startest, solltest du unter -> Verwaltung -> Virus Container unter Ursprünglicher Ort die Datei sowie den Pfad finden.

MFG
Dort ist leider alles lehr !!! Kein Eintrag


Alt 30.11.2010, 19:11   #6
nochdigger
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo

Zitat:
Zitat von bertl. Beitrag anzeigen
Dort ist leider alles lehr !!! Kein Eintrag
schade, nun gut dann weiter im Text
Zitat:
Art des Suchlaufs: Quick-Scan
Führe bitte unbedingt noch ein Komplettscan durch, anschließend wieder Log posten.


MFG
__________________
--> win32:adware.gen hier das HiJackThis Log. - Bitte hilfe

Alt 30.11.2010, 19:28   #7
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.11.2010 20:16:45 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\************\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 178,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,17 Gb Total Space | 20,06 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
Drive D: | 283,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,55 Gb Total Space | 1,24 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,73 Gb Free Space | 9,38% Space Free | Partition Type: NTFS
Drive Z: | 512,00 Gb Total Space | 512,00 Gb Free Space | 100,00% Space Free | Partition Type: NDFS
 
Computer Name: PATRICIA-PC | User Name: ******* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
PRC - C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CachemanService) -- C:\Program Files\Cacheman\CachemanServ.exe File not found
SRV - (ndsvc) -- C:\Program Files\MacroData Inc\NetDrive\ndsvc.exe (MacroData Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SNP325) USB PC Camera (SNPSTD325) -- C:\Windows\System32\DRIVERS\snp325.sys File not found
DRV - (pfc) -- C:\Windows\System32\drivers\pfc.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (ndfs) -- C:\Program Files\MacroData Inc\NetDrive\NDFS.sys (MacroData Inc.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (phmburnr) -- C:\Windows\system32\DRIVERS\phmburnr.sys (Phantombility, Inc)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (GemCCID) -- C:\Windows\System32\drivers\GemCCID.sys (Gemalto)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (s117obex) -- C:\Windows\System32\drivers\s117obex.sys (MCCI Corporation)
DRV - (s117mdm) -- C:\Windows\System32\drivers\s117mdm.sys (MCCI Corporation)
DRV - (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s117mgmt.sys (MCCI Corporation)
DRV - (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM) -- C:\Windows\System32\drivers\s117unic.sys (MCCI Corporation)
DRV - (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS) -- C:\Windows\System32\drivers\s117nd5.sys (MCCI Corporation)
DRV - (s117mdfl) -- C:\Windows\System32\drivers\s117mdfl.sys (MCCI Corporation)
DRV - (s117bus) Sony Ericsson Device 117 driver (WDM) -- C:\Windows\System32\drivers\s117bus.sys (MCCI Corporation)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_AT&c=74&bd=smb&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {30f6ffb8-5a42-d7ba-d1d4-328278d32fd3}:4.6.6.8
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.02.02 23:49:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.09.14 10:50:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.09.14 18:06:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.22 08:55:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.21 08:55:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.11.26 10:31:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.12 10:12:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.09.14 10:50:23 | 000,000,000 | ---D | M]
 
[2010.08.27 00:17:39 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions
[2010.06.02 16:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.27 00:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\{ee53ece0-255c-4cc6-8a7e-81a8b6e5ba2c}
[2010.05.30 10:56:07 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2010.11.30 18:53:38 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.22 16:26:32 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.11.22 16:26:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
[2010.11.20 02:49:48 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\foxmarks@kei.com
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\moveplayer@movenetworks.com
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\mozilla\Firefox\Profiles\r6auzm2f.default\extensions\youtube2mp3@mondayx.de
[2010.11.30 18:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.11 11:10:30 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{30f6ffb8-5a42-d7ba-d1d4-328278d32fd3}
[2008.02.02 23:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@partners.mozilla.com
[2008.08.27 13:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2010.02.21 11:22:32 | 000,712,704 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.11.21 08:55:32 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.21 08:55:32 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.21 08:55:32 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.21 08:55:32 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.21 08:55:32 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.22 07:44:25 | 000,425,799 | R--- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14672 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O3 - HKLM\..\Toolbar: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (ParentalControl Bar) - {A057A204-BACC-4D26-908B-27FCD4A32E85} - C:\Program Files\parentalcontrol\parentalcontrol.dll ( )
O3 - HKCU\..\Toolbar\WebBrowser: () - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Netdrive] C:\Program Files\MacroData Inc\NetDrive\netdrive.exe (MacroData Inc.)
O4 - HKLM..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.02.27 19:09:05 | 000,000,193 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 19:16:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.30 19:16:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.30 11:41:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.11.30 11:41:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.11.30 11:41:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.11.30 11:41:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.11.30 11:40:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.11.30 11:12:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.30 11:10:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.11.24 14:04:25 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\anderer user
[2010.11.24 13:49:20 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FreeCommander
[2010.11.24 13:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\FreeCommander
[2010.11.23 03:10:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.11.23 03:10:17 | 000,000,000 | ---D | C] -- C:\6444ec2b9afe92ec54790833da
[2010.11.23 03:04:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2010.11.22 16:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010.11.22 16:22:19 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\vlc
[2010.11.22 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\Paint.NET
[2010.11.22 07:32:21 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.11.21 00:44:03 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\Zattoo
[2010.11.21 00:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4
[2010.11.20 23:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.11.20 23:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.11.20 23:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.11.20 12:11:57 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Delzo & Lara
[2010.11.20 07:45:37 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Auslogics
[2010.11.20 07:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010.11.19 19:58:22 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack Professional
[2010.11.19 18:38:39 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe
[2010.11.19 17:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.11.09 17:44:51 | 000,000,000 | ---D | C] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Malwarebytes
[2010.11.09 17:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.09 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.11.02 20:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2008.04.15 18:12:20 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll
[2 C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp files -> C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.30 20:20:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7C547F25-2394-4FB2-B48C-8A20756D0333}.job
[2010.11.30 20:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{76DF0194-9A6F-4853-800C-2A621ACFB0A9}.job
[2010.11.30 20:11:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.30 20:00:13 | 002,846,052 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.30 20:00:12 | 007,803,212 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.30 20:00:12 | 002,433,000 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.30 20:00:12 | 002,217,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.30 19:55:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.30 19:55:39 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryDoktor.job
[2010.11.30 19:55:03 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.11.30 19:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 19:54:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 19:54:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 19:54:14 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.30 19:51:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.30 19:24:50 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 08:44:02 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{878EE288-3815-4EAA-8E43-CB257DA751E8}.job
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.24 13:50:42 | 000,000,770 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\FreeCommander.lnk
[2010.11.22 07:44:25 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2010.11.21 08:34:09 | 000,331,316 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Documents\cc_20101121_083335.reg
[2010.11.21 08:28:29 | 000,000,764 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\CCleaner.lnk
[2010.11.21 02:22:22 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101122-074425.backup
[2010.11.21 02:20:56 | 000,425,799 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101121-022222.backup
[2010.11.21 00:45:01 | 000,017,408 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\WebpageIcons.db
[2010.11.20 23:41:09 | 000,001,031 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Spybot - Search & Destroy.lnk
[2010.11.20 17:37:39 | 000,000,376 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Downloads - Verknüpfung.lnk
[2010.11.20 12:17:37 | 000,012,800 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.20 10:47:43 | 000,084,353 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA Application.pdf
[2010.11.20 10:45:08 | 000,092,815 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA-Antrag.pdf
[2010.11.19 19:16:10 | 000,509,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.19 18:38:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\OTL.exe
[2010.11.19 17:39:34 | 000,000,020 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\defogger_reenable
[2010.11.19 16:58:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.11.18 08:48:24 | 000,089,190 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\XXXXXXXXXXXXXXXXXXXX.pdf
[2010.11.17 08:56:39 | 000,007,386 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\.recently-used.xbel
[2010.11.09 17:30:48 | 000,000,036 | ---- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\housecall.guid.cache
[2010.11.08 10:06:20 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$itish Bespoke Weeks.doc
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010.11.05 11:55:42 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$stenvoranschlag Smoking - Goldwein.doc
[2010.11.01 20:06:06 | 000,000,162 | -H-- | M] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$hr geehrte Damen und Herren.htm
[2 C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp files -> C:\Users\Delzo & Lara.Patricia-PC\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.30 19:18:08 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.30 11:41:43 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.11.30 11:41:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.11.30 11:41:43 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010.11.30 11:41:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.11.30 11:41:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.11.24 13:50:42 | 000,000,770 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\FreeCommander.lnk
[2010.11.21 08:33:44 | 000,331,316 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Documents\cc_20101121_083335.reg
[2010.11.21 08:28:29 | 000,000,764 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\CCleaner.lnk
[2010.11.21 00:44:03 | 000,017,408 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\WebpageIcons.db
[2010.11.20 23:41:09 | 000,001,031 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Spybot - Search & Destroy.lnk
[2010.11.20 17:37:39 | 000,000,376 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\Downloads - Verknüpfung.lnk
[2010.11.20 10:47:51 | 000,084,353 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA Application.pdf
[2010.11.20 10:37:56 | 000,092,815 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\ESTA-Antrag.pdf
[2010.11.19 17:39:14 | 000,000,020 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\defogger_reenable
[2010.11.18 08:48:41 | 000,089,190 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\XXXXXXXXXXXXXXXXXXXX.pdf
[2010.11.17 08:56:39 | 000,007,386 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\.recently-used.xbel
[2010.11.09 17:30:48 | 000,000,036 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\housecall.guid.cache
[2010.11.08 10:06:20 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$itish Bespoke Weeks.doc
[2010.11.05 11:55:42 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$stenvoranschlag Smoking - Goldwein.doc
[2010.11.01 20:06:06 | 000,000,162 | -H-- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\Desktop\~$hr geehrte Damen und Herren.htm
[2010.06.16 15:57:36 | 000,000,680 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\d3d9caps.dat
[2010.03.17 19:55:30 | 000,012,800 | ---- | C] () -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.21 08:58:47 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.12 11:22:05 | 000,000,000 | ---- | C] () -- C:\Windows\KeyScript.ini
[2010.01.08 20:15:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.02.15 14:11:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.01.12 21:17:03 | 000,000,748 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.12 16:06:37 | 000,000,724 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.01.05 15:24:26 | 000,000,162 | ---- | C] () -- C:\Windows\SecurityandPrivacy3.ini
[2008.11.07 09:51:21 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.10.30 11:31:01 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.10.30 11:29:54 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.09.24 07:53:33 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.07.01 10:09:16 | 000,404,480 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.07.01 10:09:16 | 000,200,704 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2008.07.01 10:09:16 | 000,114,688 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008.07.01 10:09:15 | 003,049,984 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.03.28 18:54:31 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.02.21 21:39:25 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.02.21 21:39:25 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.08.24 13:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007.08.24 13:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.24 13:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.08.24 13:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2004.10.26 23:39:05 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== LOP Check ==========
 
[2010.10.26 09:01:40 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\8C060AFB33B665B53E1FCDE57F8A63DF
[2010.11.20 07:45:37 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Auslogics
[2010.06.15 20:11:15 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Canneverbe_Limited
[2010.08.27 00:39:44 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Claws-mail
[2010.09.03 02:01:57 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FileZilla
[2010.11.25 08:16:53 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\FreeCommander
[2010.08.27 00:41:07 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\gnupg
[2010.11.20 02:49:45 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\gtk-2.0
[2010.11.20 02:49:45 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\KDE
[2010.05.22 07:35:38 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\MAGIX
[2010.11.20 02:49:49 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\NetDrive
[2010.06.16 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Nokia
[2010.06.16 16:03:21 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Nokia Ovi Suite
[2010.03.17 21:41:09 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\OpenOffice.org
[2010.03.23 11:16:11 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Orbit
[2010.03.17 12:27:53 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Parental Control FF
[2010.06.16 16:00:57 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\PC Suite
[2010.09.13 09:17:37 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\SampleView
[2010.11.20 02:49:51 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Spicebird
[2010.11.20 02:49:52 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\Thunderbird
[2010.06.15 17:11:48 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack 2010
[2010.11.19 19:58:22 | 000,000,000 | ---D | M] -- C:\Users\Delzo & Lara.Patricia-PC\AppData\Roaming\TweakNow PowerPack Professional
[2010.11.30 19:55:39 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryDoktor.job
[2010.11.30 18:51:57 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.06.09 16:00:48 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\TuneUp DiskDoctor.job
[2010.11.30 20:20:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{76DF0194-9A6F-4853-800C-2A621ACFB0A9}.job
[2010.11.30 20:20:00 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7C547F25-2394-4FB2-B48C-8A20756D0333}.job
[2010.11.30 08:44:02 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{878EE288-3815-4EAA-8E43-CB257DA751E8}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0F8F5844

< End of report >
         
--- --- ---

Alt 30.11.2010, 19:30   #8
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.11.2010 20:16:45 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\*********\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.015,00 Mb Total Physical Memory | 178,00 Mb Available Physical Memory | 18,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65,17 Gb Total Space | 20,06 Gb Free Space | 30,79% Space Free | Partition Type: NTFS
Drive D: | 283,73 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 1,55 Gb Total Space | 1,24 Gb Free Space | 79,78% Space Free | Partition Type: NTFS
Drive F: | 7,80 Gb Total Space | 0,73 Gb Free Space | 9,38% Space Free | Partition Type: NTFS
Drive Z: | 512,00 Gb Total Space | 512,00 Gb Free Space | 100,00% Space Free | Partition Type: NDFS
 
Computer Name: PATRICIA-PC | User Name: ********* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{151F9A91-CB16-4023-8E17-4156898D6D2D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1899E6CA-4D9F-4045-BE8A-FB1422EE6802}" = rport=1723 | protocol=6 | dir=out | app=system | 
"{1A3D3A77-FB06-4D37-81E0-48CAD083F8EF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{399A7CC1-C0BB-4A6E-88CC-AA08B137CF52}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{3C444B39-CF7F-4A38-809B-FF92BFAAC041}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{41410579-D6C6-443B-914C-A26EC593BA3D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D4C5948-4C06-49D9-BF29-F1A5DB7A552D}" = lport=10547 | protocol=6 | dir=in | name=bitcomet 10547 tcp | 
"{5194C363-05FB-4B09-B14F-11C008214146}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5625666E-A8C4-4930-96F1-2B6A8AB2EBED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6585813A-A7D7-4D98-995A-F0A6F4A94EA7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{70D1C314-820C-4A5D-8513-A4BB4235EF49}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{71DB3B61-05E9-4A06-BA5C-A88751F7E259}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7E15B375-0580-42FF-A24A-92C72893F306}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{84CBC78B-467B-457A-8E9B-58B3E0F9F61D}" = lport=10547 | protocol=17 | dir=in | name=bitcomet 10547 udp | 
"{86DC84FD-EE3D-40AE-8A3B-B2DFE7A6A320}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A3C3027F-DE74-405A-B9B1-B9BD4759A38D}" = rport=1701 | protocol=17 | dir=out | app=system | 
"{A429EAE2-6E77-420D-806F-12D4BA6ADEE3}" = lport=1701 | protocol=17 | dir=in | app=system | 
"{A7D93049-5AD1-4434-A19E-342F6E853FD5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9753AE4-1035-43B0-AE7A-03EF0501FCB7}" = lport=10547 | protocol=17 | dir=in | name=bitcomet 10547 udp | 
"{BB9618FD-BFA6-49BC-B1F4-DD9CE8347594}" = lport=1723 | protocol=6 | dir=in | app=system | 
"{D4A931C8-458A-4EF2-A98D-A42281C99D7B}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{D57CE7AE-F9DB-4B13-A2C9-6CE7B93E9974}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E028A771-62E8-4F26-8FB7-F0D750859937}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E42DC522-719D-4220-8885-7CFA4926F9C5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E5755B6D-CFDF-4004-B010-699880BD6F38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EF38CB08-0637-45CD-8B22-11CFEC850BC5}" = lport=60133 | protocol=6 | dir=in | name=utorrent port | 
"{F7387062-227C-4EB1-BB48-28C04CF8822E}" = lport=10547 | protocol=6 | dir=in | name=bitcomet 10547 tcp | 
"{FD5894F5-FCDD-41C3-91BD-70F383FEE071}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DDCD95-1064-4C3C-8B12-ACC46EDD811C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{024FAE02-CDF2-401D-9A0B-D7A9859A47FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04A1558B-E32C-4538-A700-1E913D936681}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{04D66BAC-0ABF-442F-93BD-F58F4E4EEDCD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05458C39-17CD-4E80-9594-079260524790}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{06758D58-55AC-4288-9DFF-158B5024BF50}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{06CF57EA-B941-401A-AEB7-62F55158B064}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0842EEB1-2A8C-4C82-A6AC-16B9A737980A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0986D2A2-5E21-4674-99DB-E87A0C0E3A09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0AE15572-44F0-4B46-A8A7-A2CB716BC6E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B9D278A-7A4F-4F5E-A814-DB70D6D95482}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F0979CC-F515-4379-A8E5-201EF8FC8DEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F853C5D-93C3-459F-A916-A9F2C72EC486}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{13471DF2-59C5-41C0-8452-454F85F57984}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14B1E86B-66C6-4FCA-B730-D83F6E1DF21A}" = protocol=17 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{14BFDC5B-5954-4E43-B2D1-8B75C4C58317}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14CC0267-7657-4519-9BA3-90E2F5EC806E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{1506BE41-87E6-4409-B47D-700ECFF918EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15D90CEB-8892-4492-A217-6E2EAEB8FC65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{16C4B590-A29A-407D-BA32-AD3C05FF5461}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{19C866DE-EC65-4689-BCB4-7DB6CCFE16A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1EA796CF-AC01-4CBC-8025-23A2F362426A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F61A69D-177C-4493-A287-2F16F4A47686}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{1F95B22E-1EFF-4926-91BA-3ED68D381955}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1F9FDE66-EE66-4082-B7D3-DF060D832E32}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2005B802-BD60-4E46-9810-36F58081900A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21187073-228D-46EA-A97D-DFC55536A87A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2126B436-D250-4900-8A37-CE54BC2EE791}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21CB11FB-E3C3-47B1-8587-19582F6E7AEC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{265129A4-0402-4FC2-9872-36309FA11562}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{277ABC62-A970-40B0-AE84-3F8491FFAF6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{27C024C6-366E-4B58-BE86-CE08DB522066}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{28926E25-E286-497C-927B-EFA9C74D88DE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29EC9488-82C4-4BD1-B7B6-1E48A3597145}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A531F11-5B37-40DA-9603-FD3F0F0A4C4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BBE8660-C0D2-43B3-843F-27ADF21EC6D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2BEB4E5E-F9A1-483D-9CA7-9E57BEFCDEC7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CA53988-0BD9-469F-95F3-B5A43DDE3218}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E9A7CAA-9616-4EC9-8BAE-5E04D27E93A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2EC6D217-9BFB-4E37-9C4E-73A63C1DEF4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2F68FB79-607E-478D-81E0-D8FDDDBA3DE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2FADCCB0-92FD-49DD-8C8A-28380CFCAD41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{306D07D8-7299-43B4-A2A3-F5D46FA5B0C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30A808E5-7EC4-4824-81BB-30D07FAEAD61}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3200A410-2FD2-4B31-8179-FCB9E8496202}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3265E2A2-26C2-435E-957C-9A7A4CCB76B6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{369FE786-E820-4925-A8EE-311016E0D76F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3870A048-5D1E-43B5-B836-FF5249798C05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A040BAE-5F45-46CE-AE3D-D1D4DC0D4EA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3AE52325-A4CF-4843-B9CA-D1838523FB31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C4ACE42-E6D3-45BA-A1E9-23A9A7AD1ED7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C52F762-9E89-496A-BC0A-566BA6132923}" = protocol=17 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{40E7F394-1C98-4561-8317-982D5133D677}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{41D94DC6-B6B2-4A74-B2BE-7E67FFECEC02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42D3CA52-D57F-45D8-BDF2-A6B7622F8517}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4459E754-E2DE-4C4A-B6D7-80766DB48567}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45536A99-00B5-4830-B953-9991514CF31F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{45BDF09F-1A27-4E78-AAF4-125BB1BE7062}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{45E25D27-9C26-4454-94F3-CD64355DC678}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46187F44-72C7-4C98-824C-4C5FD358A60C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46F48EEC-B6F2-4CD0-BC6B-BA70B6E70053}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{474440A8-5C7B-44C9-BDE9-5D775BC3BABA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{49C6F0A2-DDEC-4D3B-AB48-0CA966D84F61}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{49CADDB8-6204-47F4-B8BA-67FF8FB0A95B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4A6E4DA9-B995-4CF7-BA04-AC07A75B63F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AB1861D-C65A-4051-A53B-7D0CD5B83671}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4DA4CD08-85BC-4B40-9E5A-5B242532A341}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DF37251-3AC0-4B90-AB5F-B5FA455DFA12}" = protocol=6 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{4EB7DE32-FDD6-4F82-9EB9-A4E6F733E7C8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4F954797-206A-4E52-8C98-6327398F86F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5087F291-2AF5-4384-828C-50E8C2A7AE6D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{50C1C6DC-F5C4-4F81-ACD7-6287357D829E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{525E500B-6F0B-42DF-A223-3B52A8DFBDD2}" = protocol=17 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{536DC157-5670-40E5-A9F9-90BE2DF195D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53AA70DA-96AB-45DD-968A-10ED8FE3FC9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54FAEA1D-870C-4DE1-99C3-95878BAFBFDB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5ACBA85D-AD67-403A-8B37-FF14769276A9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C515B57-8B4F-4B58-A6F9-626ED85241DA}" = protocol=6 | dir=in | app=c:\program files\aon\aoninstaller\aoninstaller.exe | 
"{5D4AA8AD-CA17-4887-9B32-C25F0B83C9AE}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{5DEA79EA-5EB5-4960-9C4B-46F4619F7A2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60539FE7-6B1C-434D-935E-4E0E02A8BE24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{619D9FD5-4E11-4DB3-AFF4-DA64349DEB7A}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{61D7A437-1C98-41AF-97B8-D742616C5FA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64496E44-FD14-4D04-BE29-FD9EE3DF79CE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68EF59E5-7532-4478-BD25-4A51A3F4191D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{692C8848-7871-4A11-9BC7-955EBDB9E049}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B76E5DE-372E-406C-B585-2CF3821A710C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6BF8CDC1-B9B8-4ED0-BC93-82F6F3D6DD48}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DB15483-7CAA-48E2-BAAA-7EB1D7979FF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6DC25A6B-63E4-4F70-A84D-081F1BC63F72}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EEB1B38-C601-453B-A481-77B8A5E76EC4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6EF5BCB9-AC6F-4115-8304-EE552F53F53B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6F425CEC-C41A-425F-A957-A65879336B2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7235BBF0-22DD-4EC1-88B1-BAE214B3DD15}" = protocol=6 | dir=in | app=c:\program files\macrodata inc\netdrive\ndsvc.exe | 
"{7574100B-2488-4E56-9919-72BFE5630CD1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75910C18-1964-4C3C-95D0-A0D743DD1D59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{764D65B3-40F2-4410-A09F-BF11006CFD81}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7677B61D-C680-4436-A7B8-02FCDF2D560E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7934B71F-D7AC-41A9-9C96-01E3FFCACF5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A01A404-C07E-4576-8401-51AE55056094}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7A98EE95-EE4F-4830-8A4A-94D56FCA8D9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7AA7FEB6-7960-48A4-A5D9-D49C9E35B5E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7B04CBD4-4CF4-4148-85C7-3E7B1E5873CB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{7B7930E7-A464-4B51-933F-E06CB8CC9BF4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7CA47998-F1A9-4505-BC0B-DB562755E52C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{80A90A7E-E6B2-4E62-9552-80BAD42A86B3}" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"{80F6B4B2-495E-46AA-8D57-18E8EEB0C8AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{812BFA5F-9E47-4052-BC8F-14DF2F817902}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81B9C27B-7CE2-456E-9B11-BD79F006FDAA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83163D68-21EF-4FD0-B289-A6DA09F3BD75}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8330A8C9-C938-49A4-AD08-AEAF5B0169EA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8421D696-82B6-43BF-8ED3-1E81F0488623}" = protocol=6 | dir=out | app=system | 
"{851782F7-CF1B-4F63-920A-1C951958F708}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{874D510D-45DD-4994-9367-556C9986E3BD}" = protocol=17 | dir=in | app=c:\program files\aon\aoninstaller\aoninstaller.exe | 
"{87D74DB4-06C8-4DE9-B48F-C50B365B7B23}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{88AFA2C9-D149-4D04-8E13-FEF93CEDDF84}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8A8713D4-AB3D-4298-BAB6-DF9E2853F204}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{8B21A11B-C77F-4ECA-9DB9-69F50624D4DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BB68EAF-BE67-4CE5-8C83-CCCD035021D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8FEE9C57-D0DB-4F66-B36A-C44D39D9EA1B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90668FAB-07B1-40B5-AFBF-6E92D32C98FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{90801DD4-3A48-41C3-8734-71FCED7BCE93}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91D27580-4E25-4C20-9B2F-950175B72729}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{926145B6-3E21-4E7F-BDA8-D9688FEE7BDA}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{92EAE996-D163-431C-92EA-FE319C8091B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9406E78D-83AA-4AAE-96AB-C81A8566D450}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94936087-6F42-40A2-9747-73A16C9F7767}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94EADA1E-8912-42C3-A1AF-A8D09A8A638F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{95129BCD-65FA-40B9-B748-9845DDC35705}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{953EE7EA-2D90-4C0B-BCD5-69BD6E16C6F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9AA9EB86-9558-4B09-A767-ADA8955694E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B410162-D3C6-4A95-88D6-D407173F7F0B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9BC4A877-6AA9-4141-998B-7FD6D8571458}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E1505F7-2490-4DD5-B72E-710419682AB7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A06CA1B9-E98F-4513-A110-F876F3E1B511}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A170BE23-2B15-4E15-9ED5-91F737F53EE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A348ED33-1276-4A08-A873-918F179B8C71}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A3CAB9B6-8BCF-4494-9D5C-32B9CBD52673}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A42CA525-CEE5-455A-9AB3-4D4C19CBDCE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A51345DF-D164-4205-84BD-5C52CCF26DFE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{A5447DE3-ECE9-4D70-B529-F4A4BC7A7CE0}" = protocol=17 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{A6D11123-DBC3-4038-AEC9-88FE6BE45518}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A90571E7-DF23-463F-B157-4702D73ABBE8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9A4FBA3-FA6B-4427-BC66-ADB5BFCC5F0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A9E1B9FA-04FF-489C-90EC-ED817C9C31F3}" = protocol=17 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{AC85A7C5-2B5E-4F76-BA55-06A4C5528536}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACFFE6A1-37D7-47C2-AB34-2F968164166C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD810276-6390-4DDE-A1D3-6AA4795938E9}" = protocol=6 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{ADBD0D5F-2F81-4B78-9565-BF110A2FA388}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B01A42E6-7908-4691-B485-52F60D263EC1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B27BC266-805D-4FF6-86B9-188F1B326B2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B29A6B47-1AFF-4BB0-A87F-DD7DA64FCA2A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6A2F614-2C2C-45D5-92F3-C51697229D92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B79AE705-1A96-4D5F-8CE4-670620FC8239}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7BA8015-EE21-4256-A242-261EDEA8DCCF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7C40F9F-8B5F-4C99-A977-4E9FCA1BF1A8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9338773-E79B-4353-8EE6-53E3FDDE3241}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BAD8BB0F-F507-4A3B-BEC0-79DFF26D1307}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB776F2D-E1E0-4ED4-A627-D2FFA04B8039}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{BC83171F-85AD-4F19-BF4D-72328AC8E486}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BCE5D02B-CC1F-40AB-9734-9F70B5EB8D58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BCEE7EB5-CAF4-459B-A99F-65D5F0E55B17}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD2C19AA-4492-4A41-A4A7-F3A3ED14D388}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDFEA092-5362-4F93-91F1-A5420CA8D5F1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{BE3CD425-75EF-4308-A987-A8362D68F8B1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BEBFA68C-4BF1-4D4E-B354-63724AFED7FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFEF9162-A54D-42AE-86BB-0E0FF18B7745}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C0F124A5-E857-43CF-AE5A-0C6F0C0616A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C1C8E5EF-54A9-44E5-B78B-078E990B90C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3895654-6497-480A-B2E9-FF563CC7186A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5E7DD81-66CB-42C8-B3CB-68E72E8310B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C6F5AEBD-37D9-4A77-BBFE-DCC9A9C82025}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C76AFF67-F9E6-479D-A7F6-5AC2B95C9B33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C9AC0E00-9B7D-451C-902C-5F94234E83D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA15A77D-6635-45B7-BB49-FB89F309C4F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CAC94D2B-A2BE-4E86-A872-03422437F881}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CAEF1881-CB0C-4412-BFFB-52A15C3F75B9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{CAF0AC5E-0C3B-41A2-87B8-59BEE8D6DBF0}" = protocol=6 | dir=in | app=c:\program files\aon\aoncontroller\aoncontroller.exe | 
"{CBDA719E-F974-44BB-81A1-46ECD3284E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC3822FF-83F3-4A51-A7BD-3B898091FC5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CDAA4FFA-9EA9-456A-A23D-99387C047969}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF22F63B-B4A6-42D3-BCB9-A00C2028F40B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF8AFBA1-8C94-4FA0-9129-EC3378095AD4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D11C8B8B-082B-44D1-9609-DE78450C4099}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D12B4D24-72B6-414E-9BBA-D98C9D79F28D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D4100DEC-5E15-49A5-A9D7-594A1436189D}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D426F5E9-C747-419A-A50A-E9E40242536D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D552B0C0-8A03-4E4E-93AA-E627877C16CF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6A83932-4ABB-4B14-8C5A-0EADF33C2A43}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D7A6B346-49E7-4E09-B68D-D21524AD0708}" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"{D8E5A94F-A904-4245-A4AD-4918B8BB4B8A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD76F029-5EFF-4785-B9D9-A54F7225ACCC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DDF1160D-9475-4B10-90AA-70C786E32660}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DEA54D7D-3F64-4AA1-A8BE-13BEC7ACFF5F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E12B0840-9070-4F1B-8224-13E9F0204737}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E1D48CDF-9195-48F5-9B64-C9F875BF2D13}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E22BAA25-F7E6-45F7-BD65-8B37603761B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E2F47ABC-4F32-4109-B791-8D5EA3F05E42}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3BC4B02-2123-4337-A5F8-82B4770F1926}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E3D01D0F-891A-4BFB-BECE-C79B6CEE3792}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E4125817-8A1C-41B0-A3D5-0E398FB984A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E43EAD36-D36B-4335-87D7-03D9FABC2169}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E6EAFDD8-C50F-4635-9437-9D03571DB39C}" = protocol=6 | dir=in | app=c:\windows\temp\aoninstaller.exe | 
"{E87E925F-9ED1-471D-9D25-A3BE56FF88F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9C4F466-BBB7-446D-A43C-92EE0DD890CD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB86D95A-8E35-450C-9B26-6420FB7B334C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECAFE8B7-D070-4790-90E5-DC83CA405F86}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED368117-1E51-4780-95EB-515AAB18C715}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F0346E0C-AD38-434D-8582-09B1EFF3FA3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F165D56B-C968-48D4-910C-C123F183BBFA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F1F5907D-0825-4F15-B9BD-D4D611B1C338}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F3E3CF26-E5AE-437F-8C26-53127DA18445}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4B44302-9057-4B69-B1DB-A9B2C0D48C6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F4D0638A-44B0-4A5F-98F8-B163D995D3A0}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{F60559D4-90AD-43C4-9BE9-8FD518749BDD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F96A19D8-EEB1-4495-B820-56A295925885}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC05625E-E89E-4A10-9A42-5F39E347E2A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC318EBC-CCF9-4BC9-A121-3E819B49DB9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC95F6A0-4CB3-416F-82B7-5DA9280508C9}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{FFEA3375-865F-4F93-A4A2-4EC0B3DAB8C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{054D4915-E51D-4E1E-BBDD-745C5F7C1C1D}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{0666F094-EBD5-45A8-8912-F625E0CACAC2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{230CB771-29A0-4D20-A057-747DB905BFC7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{322A1837-3134-4F28-8ACD-5D3EB88552ED}C:\users\admin\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\admin\program files\utorrent\utorrent.exe | 
"TCP Query User{3371531B-26B5-4E91-9A49-31CC394075BC}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"TCP Query User{3BCE3FC7-628F-4E3C-8F2B-CA864EBE9C7D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{456016F0-F9D2-4200-9745-51DB50A4179E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{5DB34EF6-2CC0-4816-808F-B779150BDA23}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{607926C7-8B39-45FC-AE12-FB1977E3CF36}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{6E7ED965-2ADA-4705-A8CE-A0E0047BDA0C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{78C45276-5FB5-4D8E-A815-F9CCFE42151C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7B3D61F2-134F-4933-A7F5-ABC4BBEEBD17}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{9F2D6850-53C7-4B21-A9D0-2CF95F52B15D}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{A1FB061B-5952-4E53-A4EC-661BAA2B2A9C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{A88965FB-129D-45D6-A383-A8B075EB5AE6}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{B4D7C8C8-8705-460F-B2FB-B5FB128173C6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{B9621548-E8A7-4258-86FB-8579AFD0E025}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"TCP Query User{BA9B4C13-935A-49DD-AFAE-403246522ADE}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{C2C98DC1-A986-4D23-AEE9-508EFB4705CC}C:\program files\itsolution\trustdesk basic\bin\logging.exe" = protocol=6 | dir=in | app=c:\program files\itsolution\trustdesk basic\bin\logging.exe | 
"TCP Query User{C66F85F8-4D02-4826-B920-4378195FB4A6}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"TCP Query User{D4A602E9-B019-41CD-8918-4CFE5EE6E068}C:\windows\system32\hotsign.exe" = protocol=6 | dir=in | app=c:\windows\system32\hotsign.exe | 
"TCP Query User{D84A8586-0F52-4C6E-931C-7DF5937C93D6}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{D9FA5868-A79D-4174-8EBF-9B0C0B32DBE5}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E536D8F0-5000-497B-8F65-A79FA7348C94}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{F6CCDE15-0969-42A7-8D00-9921638A7169}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{F74B24FA-6854-4715-B4B1-E439D864EAAC}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"TCP Query User{FDA01FE6-0E6D-4106-A69C-9EFF4781EFFF}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{047AC21F-1709-4A80-BC7A-03A1ADA598F6}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{06B3892C-ABF8-4F9E-9043-8930E6D28503}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{07C3DC70-229B-4455-978B-2AD973090112}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{22A06D64-89FA-463E-BF09-E13A4B3BD34F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{252D88D4-CD6F-42CE-8948-0A97B3BB06A9}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe | 
"UDP Query User{27287BC8-B23F-48E2-8A4D-B4D55F620325}C:\program files\itsolution\trustdesk basic\bin\logging.exe" = protocol=17 | dir=in | app=c:\program files\itsolution\trustdesk basic\bin\logging.exe | 
"UDP Query User{322DD299-C6DB-4406-962F-19155165C5E1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{34E39279-7686-4E97-B78D-1477BE3CAFB4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{36C86A07-5FB8-43EC-A149-DA18F7F8ED95}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{38A2C428-F225-49EC-B15B-F75EF09342BE}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"UDP Query User{51C177E3-EBD8-4C00-8353-60CC2CF85F7D}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{648B9CF2-BDE5-4E31-BA7B-200B8EDCD43D}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{6B297197-01B7-4FBC-804C-78C5356FB57C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{710464F0-5F05-437E-B66A-5E6B3DEA9ABD}C:\windows\system32\hotsign.exe" = protocol=17 | dir=in | app=c:\windows\system32\hotsign.exe | 
"UDP Query User{98EA4938-8549-4AE3-8EBD-F886BE5213CA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A0052860-1C8A-444A-B2BB-6FEAA1DED858}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{A7C769CC-6022-4723-98F3-ED9930F033CB}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe | 
"UDP Query User{AA9461A0-353E-4C93-9E9D-18364C5C54C5}C:\users\admin\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\admin\program files\utorrent\utorrent.exe | 
"UDP Query User{AB19678C-5B6A-4145-96CC-34C8108167FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{BF3679EB-6F75-407A-9991-58036FEBA112}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{D4937171-F386-4CBF-83B0-1A86DA194BE4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D5E23393-F89B-417E-9037-83080C9BA82B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{DCA0ADA8-0458-4AC4-87B9-8694383F14B4}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{DE092F0B-7DE5-4520-88E6-EBEDE87E673A}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{F14F79BB-E095-40BD-ADB5-92CF6432F74A}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{F19FE186-7B46-4142-9F2A-CF1C6600EB17}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{F2756167-D022-40D2-9B0F-14DD15614962}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{91130407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2CC971C-AB9B-4DC2-9575-2F7DC0E8DAF1}" = Common Feeds List
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E95207E1-DF5F-42AF-8D03-8E51AA13BA65}" = Kontor.NET 2008
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{FBF81222-8404-4FCF-B76A-7CFAD7BB1451}" = PC CCID
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"avast5" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DivX Setup.divx.com" = DivX Setup
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FreeCommander_is1" = FreeCommander 2009.02b
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"MSMONEYV80" = Microsoft Money 2000
"NetObjects Fusion Essentials" = NetObjects Fusion Essentials
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"parentalcontrol" = ParentalControl Bar
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.4
"WinGimp-2.0_is1" = Gimp 2.6.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xvid_is1" = Xvid 1.1.3 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 17.06.2009 20:14:17 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 14.12.2009 09:26:30 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 14.12.2009 09:26:31 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 14.12.2009 09:27:18 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 04:30:53 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 04:30:53 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 04:30:59 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 04:32:58 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 07:02:19 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.03.2010 09:25:14 | Computer Name = Patricia-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:03 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:04 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:04 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:04 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 19.03.2009 16:41:04 | Computer Name = Patricia-PC | Source = Windows Search Service | ID = 3013
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


ICH hoffe das hilft dir weiter

lg

Bertl

Alt 01.12.2010, 09:55   #9
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo NochDigger,

Danke nochmals für deine Hilfe, hier wie beschrieben der Fullscan vom malwarebyte:


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5220

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

01.12.2010 10:48:00
mbam-log-2010-12-01 (10-48-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|)
Durchsuchte Objekte: 274645
Laufzeit: 1 Stunde(n), 15 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\Java\itsolution\trustdesk basic\bin\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\program files\Java\itsolution\trustdeskbasic\bin\msvcp60.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.



Ich hoffe das es hilft um meine Laptop zu gesunden.

lg

bertl

Alt 01.12.2010, 10:54   #10
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Habe nach dem kompletten scan & verlangten restart folgende Meldung von AVAST (siehe Anhang)

mfg
Miniaturansicht angehängter Grafiken
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe-boesartige-webseite-blockiert.jpg  

Alt 01.12.2010, 16:52   #11
nochdigger
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo

Deinstalliere bitte die ASK-Toolbar sowie alle alten Javaversionen.

Dann deaktiviere bitte den Teatimer von Spybot S&D
Zitat:
Starte Spybot S&D --> klicke auf "Modus" --> hake an "Erweiterte Modus" --> mit "Ja" bestätigen --> klicke auf "Werkzeuge" -->
klicke auf "Resident" --> das Häkchen entfernen aus der "Resident "TeaTimer" (Schutz aller Systemeinstellungen) --> beende Spybot S&D.
Lass bitte diese Dateien:

C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\SWXCACLS.exe

hier Virustotal, hier virscan.org
oder hier Jotti überprüfen (kann einige Minuten dauern),
poste die gesamten Ergebnisse mit der Angabe der Größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben oder verlinke auf die Auswertung,
bitte auch wenn nichts gefunden wurde.

Löschen mit OTL
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
:OTL


O4 - HKCU..\Run: []  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O32 - AutoRun File - [2001.02.27 19:09:05 | 000,000,193 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004.04.30 17:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{590a2852-d115-11dc-9d96-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE -- [2001.02.28 22:15:51 | 000,488,864 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 14 bytes -> C:\Windows\system.ini:c1_encryption_d
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:0F8F5844


:Commands
[purity]
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf .
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Warum ist auf deinem Rechner Combofix zu finden?

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 01.12.2010, 19:04   #12
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo nochmals bekomme beim deinstallieren des ASK Toolbars folgende fehlermeldung (siehe attachment)

COMBOFIX ???

Ich glaube den habe ich mal im anfall meiner unwissenheit installiert um meine viren loszuwerden. (Glaube ich zumindest)

Bin mir aber net sicher

Java geschichten sind deinstalliert.

mfg

bertl
Miniaturansicht angehängter Grafiken
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe-ask-toolbar-deinstall-error-message.jpg   win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe-ask-toolbar-deinstall-error-message-ccleaner.jpg  

Geändert von bertl. (01.12.2010 um 19:27 Uhr)

Alt 02.12.2010, 18:16   #13
nochdigger
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo

Zitat:
...bekomme beim deinstallieren des ASK Toolbars folgende fehlermeldung (siehe attachment)
OK, darum kümmern wir uns später.

Zitat:
COMBOFIX ???

Ich glaube den habe ich mal im anfall meiner unwissenheit installiert um meine viren loszuwerden. (Glaube ich zumindest)

Bin mir aber net sicher
Ich glaub schon, versuch es mal so los zu werden:
Klicke Start -> Alle Programme -> Zubehör -> Ausführen und schreib Combofix -u rein -> Enter

MFG
__________________
Kein Support per PN - Bitte im Forum posten.

Alt 02.12.2010, 18:44   #14
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Combofix hat gefragt ob ich updaten will. > Habe nein geklickt

jetzt schreibt er:

Bitte Warten.
Combofix wird vorbereitet, um ausgeführt zu werden.


Ist das Ok

Weiter warten?

mfg

Alt 02.12.2010, 19:09   #15
bertl.
 
win32:adware.gen  hier das HiJackThis Log. - Bitte hilfe - Standard

win32:adware.gen hier das HiJackThis Log. - Bitte hilfe



Hallo hab ein gröberes Problem !!!!

Combofix hat irgendwas von infizierten Bootsector oder so geschrieben.

Verlangte nach dem ausschalten dea aktuellen Antivirusprogramm, bevor ich Ok drücke.

nach dem Ok verlangte er einen neustart seid dem immer bluescreen bei neustart, nur im abgesicherten modus ist es möglich zuzugreifen.

WAS JETZT????? HILFE

DANKE

mfg

Antwort

Themen zu win32:adware.gen hier das HiJackThis Log. - Bitte hilfe
adobe, antivirus, avast, avast!, bho, cdburnerxp, excel, explorer, firefox, google, hijack, hijackthis, internet, internet explorer, micro, microsoft, mozilla, mozilla thunderbird, pdf, rundll, safer networking, security, server, software, system, vista, windows, winlogon



Ähnliche Themen: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe


  1. habe einen Worm.Win32.fujack.n, bitte um hilfe (inkl. hijackthis logdatei)
    Log-Analyse und Auswertung - 22.09.2009 (14)
  2. Bitte um Hilfe! Win32 Adware.Virtumnote etc.
    Log-Analyse und Auswertung - 22.09.2008 (0)
  3. Win32/Adware.Virtumonde - Win32/PrivacyRemover.M64 - TR/Zlob.KA.2 - Hilfe benötigt!
    Log-Analyse und Auswertung - 29.08.2008 (9)
  4. Hilfe, mein Computer zeigtan: WIN32/Adware.Virtumonde&Win32/PrivacyRemover.M64
    Log-Analyse und Auswertung - 25.08.2008 (2)
  5. TR/Dropper hier mein Log, bitte um Hilfe
    Mülltonne - 07.08.2008 (1)
  6. Viren??Würmer..HILFE! Bitte um Hilfe bei der Auswertung meines hijackthis-log
    Mülltonne - 14.11.2007 (0)
  7. Habe Problem mit svchost.exe (Win32.WormP2P.Puce.G)hier mein Logfile bitte um Prüfung
    Mülltonne - 12.11.2007 (2)
  8. Problem: win32.delf.uc / Bitte um HiJackThis log Püfung
    Log-Analyse und Auswertung - 07.09.2007 (15)
  9. Internet funktioniert nicht mehr. Hier mein HiJackThis-Log.Bitte Um Ratschläge
    Log-Analyse und Auswertung - 05.07.2007 (6)
  10. Ich habe hier ein oder mehrere Porbleme, bitte um Hilfe
    Log-Analyse und Auswertung - 19.11.2006 (4)
  11. Hilfe 1 Adware Eingefangen Schnelle Hilfe Bitte!!
    Mülltonne - 08.10.2006 (1)
  12. Bitte um Hilfe - Hier mein Log
    Log-Analyse und Auswertung - 28.04.2005 (1)
  13. SOS Antivir versagt hier der Logfile bitte um Hilfe
    Log-Analyse und Auswertung - 23.03.2005 (1)
  14. SOS Antivir versagt hier der Logfile bitte um Hilfe
    Log-Analyse und Auswertung - 23.03.2005 (3)
  15. Bin neu hier und bitte um Hilfe
    Log-Analyse und Auswertung - 12.02.2005 (13)
  16. Hier Mein Logfile! Bitte Um Hilfe!
    Log-Analyse und Auswertung - 17.11.2004 (1)
  17. windnsd.exe und lol.exe ---> Hier mein Logfile mit Bitte um Hilfe
    Log-Analyse und Auswertung - 04.11.2004 (2)

Zum Thema win32:adware.gen hier das HiJackThis Log. - Bitte hilfe - Hallo an alle, Habe irgendwie einen win32:adware.gen an laptop hier das HijackThis Log. - Kann mir vieleicht jemand helfen. Bin Anfänger was PC-Krankheiten bzw. heilen angeht - vielen dank Logfile - win32:adware.gen hier das HiJackThis Log. - Bitte hilfe...
Archiv
Du betrachtest: win32:adware.gen hier das HiJackThis Log. - Bitte hilfe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.