Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows Recovery eingefangen

Windows Recovery eingefangen


Log-Analyse und Auswertung: Windows Recovery eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 27.04.2011, 13:24   #1
TT-Fan
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen


Hallo,

ich habe hier schon ein wenig im Forum gelesen und bin beeindruckt wie gut hier Laien geholfen wird. Ich bin selbst in den meisten Sachen am PC selber ein Laie und hoffe ebenfalls kompetente Hilfe zu bekommen.

Gestern habe ich mir den Windows Recovery eingefangen und hoffe das mir wer helfen kann diesen wieder zu entfernen.

Hier die Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6455

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.04.2011 13:45:35
mbam-log-2011-04-27 (13-45-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169774
Laufzeit: 49 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 6

Infizierte Speicherprozesse:
c:\programdata\43900680.exe (Trojan.FakeAlert) -> 3796 -> Failed to unload process.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jhbHQbuAdnkPg (Trojan.FakeAlert) -> Value: jhbHQbuAdnkPg -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\43900680.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\programdata\jhbhqbuadnkpg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Local\Temp\tmp1D02.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\462091\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\462091\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


Und hier die OTL Logs:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.04.2011 14:02:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\462091\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,40 Gb Total Space | 5,92 Gb Free Space | 8,65% Space Free | Partition Type: NTFS
Drive E: | 74,79 Gb Total Space | 52,83 Gb Free Space | 70,64% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: 462091 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\462091\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe (Microsoft Corporation)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\DWRCS.exe (DameWare Development LLC)
PRC - C:\Windows\System32\DWRCST.exe (DameWare Development)
PRC - C:\Programme\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\System Control Manager\edd.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\462091\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SASRKServer) -- File not found
SRV - (IPOSCalcRep) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McTaskManager) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (McAfee, Inc.)
SRV - (McAfeeEngineService) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe (McAfee, Inc.)
SRV - (DWMRCS) -- C:\Windows\System32\DWRCS.exe (DameWare Development LLC)
SRV - (McAfeeFramework) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (NishService) -- C:\Programme\System Control Manager\edd.exe ()
SRV - (UNS) Intel(R) -- C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\DRIVERS\iaNvStor.sys (Intel Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (dwvkbd) -- C:\Windows\System32\drivers\dwvkbd.sys (DameWare)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (MGHwCtrl) -- C:\Windows\System32\drivers\MGHwCtrl.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Programme\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.0.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.01 12:11:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.01 12:10:54 | 000,000,000 | ---D | M]
 
[2008.10.08 00:30:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\462091\AppData\Roaming\mozilla\Extensions
[2011.04.15 12:51:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions
[2011.04.02 12:03:06 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.03.19 13:09:55 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.10.23 15:44:13 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\firefox@tvunetworks.com
[2011.04.01 12:11:19 | 000,000,000 | -H-D | M] (WEB.DE Toolbar) -- C:\Users\462091\AppData\Roaming\mozilla\Firefox\Profiles\zkv71rr6.default\extensions\toolbar@web.de
[2011.04.17 19:38:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-1.xml
[2010.01.13 11:02:36 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-10.xml
[2010.01.21 17:21:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-11.xml
[2010.03.25 12:45:38 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-12.xml
[2010.04.10 09:10:27 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-13.xml
[2010.07.01 16:31:56 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-14.xml
[2010.07.08 12:22:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-15.xml
[2010.07.24 12:12:39 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-16.xml
[2010.07.25 11:02:37 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-17.xml
[2010.07.29 14:21:42 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-18.xml
[2010.09.23 19:19:49 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-19.xml
[2009.05.11 16:01:09 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-2.xml
[2010.09.23 20:05:04 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-20.xml
[2011.04.01 12:11:54 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-21.xml
[2009.05.11 17:49:52 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-3.xml
[2009.06.15 08:57:25 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-4.xml
[2009.07.23 13:22:11 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-5.xml
[2009.08.11 13:44:33 | 000,000,950 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-6.xml
[2009.09.21 22:43:45 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-7.xml
[2009.11.09 13:25:28 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-8.xml
[2009.11.11 09:18:58 | 000,000,961 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin-9.xml
[2011.02.20 12:21:20 | 000,000,168 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.gif
[2011.02.20 12:21:20 | 000,000,618 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\462091\AppData\Roaming\Mozilla\Firefox\Profiles\zkv71rr6.default\searchplugins\icqplugin.xml
[2011.04.01 12:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.01 12:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.03.12 08:45:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.09.12 13:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2011.01.01 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.01 12:10:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.04.01 12:10:58 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- 
[2008.09.12 13:19:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}
[2011.01.01 11:46:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{DF4E4DF5-5CB7-46B0-9AEF-6C784C3249F8}.XPI
() (No name found) -- C:\USERS\462091\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZKV71RR6.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2009.09.02 03:00:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.06 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2011.01.01 11:45:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.20 14:20:42 | 000,000,823 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 209.59.135.116 hxxp://www.playforyourclub.com
O1 - Hosts: 209.59.135.116 www.playforyourclub.com
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\System32\DWRCST.exe (DameWare Development)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: awd.de ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: awd.de ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: awd.de ([kvonline] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.15 12:34:27 | 000,000,095 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2008.06.05 12:36:42 | 000,000,095 | ---- | M] () - C:\autoexec.002 -- [ NTFS ]
O32 - AutoRun File - [2008.08.28 11:53:50 | 000,000,095 | ---- | M] () - C:\autoexec.003 -- [ NTFS ]
O32 - AutoRun File - [2009.02.24 13:48:11 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.r2 -- [ NTFS ]
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843822-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{16843824-5949-11de-abfd-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508d-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{25ea508f-6b9a-11de-b668-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f21b-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f23a-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2dd-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell - "" = AutoRun
O33 - MountPoints2\{4805f2df-43db-11de-8e85-000000000000}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{54f21cdf-4f6b-11de-b0b7-000000000000}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe UEMKEN.vbs
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.27 13:59:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\462091\Desktop\OTL.exe
[2011.04.27 12:51:03 | 000,000,000 | -H-D | C] -- C:\Users\462091\AppData\Roaming\Malwarebytes
[2011.04.27 12:50:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.27 12:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.27 12:50:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.04.27 12:50:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.27 12:50:35 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.26 18:25:40 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.04.26 18:12:49 | 000,000,000 | -H-D | C] -- C:\Users\462091\AppData\Local\Sunbelt Software
[2011.04.26 18:04:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EBDD7DE0-D012-47DF-859B-DB1061E2D512}
[2011.04.26 18:04:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Lavasoft
[2011.04.26 18:04:22 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2011.04.26 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.26 17:36:05 | 123,916,352 | -H-- | C] (Lavasoft ) -- C:\Users\462091\Desktop\Ad-Aware902Install.exe
[2011.04.26 17:06:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.04.26 14:18:00 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2011.04.26 14:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2011.04.14 08:31:35 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.14 08:31:35 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.14 08:31:29 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.14 08:31:28 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.14 08:31:24 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.14 08:31:18 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.14 08:31:16 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.14 08:31:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.14 08:31:16 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.14 08:31:15 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.14 08:31:15 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.14 08:31:15 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.14 08:31:15 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011.04.14 08:31:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.14 08:31:14 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.14 08:31:09 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 08:31:08 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.14 08:31:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.14 08:31:05 | 000,191,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FXSCOVER.exe
[2011.04.14 00:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011.04.04 15:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.04.04 15:17:24 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.04.04 15:17:21 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.04.04 15:17:19 | 000,000,000 | ---D | C] -- C:\Programme\PDFCreator
[2011.03.31 16:22:38 | 000,000,000 | -H-D | C] -- C:\Users\462091\Desktop\USB
[2008.01.24 10:11:48 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008.01.24 10:11:47 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.27 14:05:03 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{697CB72C-A473-4DF5-BC8B-CA29E7EFCA00}.job
[2011.04.27 14:00:10 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\462091\Desktop\OTL.exe
[2011.04.27 13:50:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.27 13:49:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.27 13:48:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 13:48:45 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.27 13:48:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.27 13:48:05 | 2121,437,184 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.27 12:50:42 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 18:04:49 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.26 17:37:23 | 123,916,352 | -H-- | M] (Lavasoft ) -- C:\Users\462091\Desktop\Ad-Aware902Install.exe
[2011.04.26 13:53:05 | 000,000,040 | -H-- | M] () -- C:\ProgramData\~43900680
[2011.04.21 09:03:19 | 000,730,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 09:03:19 | 000,680,210 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 09:03:19 | 000,132,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 09:03:18 | 000,164,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.15 03:39:43 | 000,380,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.14 00:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2011.04.04 15:17:29 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.04.01 12:11:04 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 12:50:42 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 18:04:49 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.26 13:51:04 | 2121,437,184 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.26 13:38:35 | 000,000,040 | -H-- | C] () -- C:\ProgramData\~43900680
[2011.04.04 15:17:29 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.04.04 15:17:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.04.01 12:11:04 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.02.18 04:13:32 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.02.18 04:13:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.02.17 08:24:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.04.12 17:13:06 | 000,007,567 | -H-- | C] () -- C:\Windows\SigPlus.ini
[2009.12.29 13:20:55 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.12.11 01:26:17 | 000,135,704 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009.09.28 13:37:19 | 000,722,944 | ---- | C] () -- C:\Windows\System32\DWRCSMSI.exe
[2009.09.28 08:01:41 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.12.09 23:20:49 | 000,038,464 | -H-- | C] () -- C:\Users\462091\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2008.08.21 11:55:58 | 000,000,066 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2008.07.27 13:10:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.23 13:27:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.05.25 19:47:49 | 000,019,456 | -H-- | C] () -- C:\Users\462091\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 09:04:57 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2008.05.25 09:04:57 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.05.23 11:18:15 | 000,000,728 | ---- | C] () -- C:\Windows\System32\DWRCCMDError.ini
[2008.05.19 10:42:15 | 000,010,752 | ---- | C] () -- C:\Windows\System32\KOAZXJAL.DLL
[2008.05.15 12:56:48 | 000,008,837 | ---- | C] () -- C:\Windows\System32\Dwrcs.ini
[2008.05.15 12:56:08 | 000,045,056 | R--- | C] () -- C:\Windows\System32\unredmon.exe
[2008.05.15 12:56:07 | 000,116,224 | R--- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.05.15 12:55:57 | 000,081,920 | ---- | C] () -- C:\Programme\uninstgs.exe
[2008.05.15 12:30:31 | 000,000,201 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.05.15 12:30:31 | 000,000,185 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.05.15 10:14:44 | 000,094,208 | ---- | C] () -- C:\Windows\System32\AWDBCenter.dll
[2008.05.15 09:51:46 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.15 09:45:51 | 000,000,280 | ---- | C] () -- C:\Windows\System32\epoPGPsdk.dll.sig
[2008.05.14 19:53:47 | 000,840,586 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008.01.24 10:11:49 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008.01.24 10:11:48 | 012,033,024 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008.01.24 10:11:48 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008.01.24 10:00:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\MGHwCtrl.dll
[2008.01.24 10:00:22 | 000,032,768 | ---- | C] () -- C:\Windows\System32\MGFPCtrl.dll
[2008.01.24 09:39:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008.01.24 09:30:24 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.01.24 09:07:47 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008.01.24 09:07:47 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.01.24 09:07:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008.01.24 09:07:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007.11.28 08:40:25 | 000,163,840 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2006.12.05 14:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 17:42:41 | 000,730,196 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:42:41 | 000,164,236 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:43 | 000,380,832 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:33:01 | 000,680,210 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,132,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 22:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== Files - Unicode (All) ==========
[2011.03.10 11:01:16 | 000,000,014 | ---- | M] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
[2011.03.10 11:01:16 | 000,000,014 | ---- | C] ()(C:\Windows\System32\????) -- C:\Windows\System32\둨—께—
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:8CEFE51A
 
< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2011 14:02:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\462091\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 35,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68,40 Gb Total Space | 5,92 Gb Free Space | 8,65% Space Free | Partition Type: NTFS
Drive E: | 74,79 Gb Total Space | 52,83 Gb Free Space | 70,64% Space Free | Partition Type: NTFS
 
Computer Name: XXX46209C | User Name: 462091 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-935411637-121726556-1431338135-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2D8732F6-88B4-4A13-BFC2-C4411716B923}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service | 
"{7B30BF8E-7E9D-45EF-92E8-E143936AB067}" = lport=6129 | protocol=6 | dir=in | name=dameware mini remote control service | 
"{869877AA-1F97-480B-B3C8-70D0E6F05D7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F6BD56-AAB6-4587-A5F7-DEDF5A98A2FB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{05E09CEC-6346-4988-998C-9E1019CCA3B6}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{08893E58-3A6E-4E3C-A170-F031BC362B99}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\java.exe | 
"{0CE3A1E0-CD04-4935-BDDA-B531039423C3}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe | 
"{0EE3936E-3996-485C-8FFE-40A2849C014B}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiskernel.exe | 
"{0F3B5DD0-6DF9-442B-9FB0-00EF699507AA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{239D1002-2ACA-4D10-AA7D-23C80BDF7B66}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{3B937718-1C4E-42E4-A138-07760A1B0672}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3F18E429-8A24-468E-BBDD-7C7609C5B527}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{40A7A5D2-A071-46CB-8F4C-63B2D9BB2EFC}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{486FF173-0201-482A-ADE1-930070323A26}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\java.exe | 
"{4F8D78F6-2225-4773-BA22-A80543FA6F5A}" = protocol=6 | dir=in | app=c:\windows\system32\dbeng8.exe | 
"{60006537-0142-4542-99F7-563E1BDE7224}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\java.exe | 
"{624B5F08-7AA6-4F43-98AD-F298250B1E51}" = protocol=17 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe | 
"{69C72108-CBF6-42FF-A21E-806F3DA10319}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7648B61B-B798-4175-A24E-546C14DFCF8F}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiskernel.exe | 
"{82970A7E-60BE-41E6-8D05-21DD40E840E9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{8582BE6B-B48E-4DEC-9300-DF818BB1801A}" = protocol=17 | dir=in | app=c:\windows\system32\dbeng8.exe | 
"{917AD671-6BD8-4135-B2A8-F633EBC8CE46}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{92BBB555-3484-41F1-BE90-94E1A81AA071}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9472C504-1F3A-4D89-A7C5-C254BF692EF5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{95E1162A-F1D2-4A23-9505-D9A48F428D08}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{9F9EC1F3-033B-4766-9C4C-04D185D7E07D}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | 
"{9FC6C93A-5D7C-433B-B4E0-D4141703801B}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe | 
"{ABDE08B2-D4C7-48D7-8A6D-D54A2208E823}" = protocol=6 | dir=in | app=c:\windows\system32\dwrcs.exe | 
"{ADDFCE54-75D9-49D9-9FCD-CE5198D9A122}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"{B1A3691E-A0F0-4B59-9962-5F5A05694D86}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{B6D5B5EA-D3B8-4A29-A775-2469D26C5852}" = protocol=6 | dir=in | app=c:\awd\av-butler\vm\bin\javaw.exe | 
"{B78A2CF3-7A31-49A8-8DED-D933F0D8B6F6}" = protocol=17 | dir=in | app=c:\windows\system32\dwrcs.exe | 
"{D138E65C-635B-470D-A2D3-47F3CB83C933}" = protocol=6 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\tnameserv.exe | 
"{D15342DC-E59B-40FB-91C0-F243B85E6054}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D66CE919-6F40-4E51-822C-DECD584E5E15}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7D747C4-61F8-4DD1-A2FB-E0C6F90C6A5D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E654FEE1-F581-417B-A21E-00190C636ED4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F7023B72-5B25-4237-A1C8-21C130F64498}" = protocol=17 | dir=in | app=c:\awd\angwin\rk\skn\tiscorba\jre\bin\tnameserv.exe | 
"{FCA2494C-3B1F-4BE3-B99B-4929504A5EA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FE91E045-03E3-4052-B407-022012BC945B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{29FD5D2C-32AF-4C9F-BEDF-601624A2C7CD}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"TCP Query User{2FBFFDB8-B8D7-493A-A8FE-3A7EA57AB320}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{357E562F-6F5A-4B0F-A3AD-F6E1D462A800}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{384C23FF-DDAE-47D2-AD67-5A14336ABFBC}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{3D621536-0FF3-4BB1-A81D-589901C06577}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe | 
"TCP Query User{450D1C4F-903D-4C4E-8DA2-C801446D9196}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{5DA4BFD6-E819-405B-BE11-2BA74586F9D1}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"TCP Query User{64A28E2A-8483-4CBE-A87A-B072C5699974}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{679E8B12-2A19-448A-BD1E-B0BC6A864B7A}C:\windows\system32\mmc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mmc.exe | 
"TCP Query User{6D618B1A-17C6-43CD-9B6D-95024D313408}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | 
"TCP Query User{7B3A6A8A-5CC0-4133-A3FF-A78C073267E4}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"TCP Query User{8348B279-B103-422B-811B-44DAF7F9505E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{9FA877CC-F298-4CEF-A4D5-BD12D68391CD}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe | 
"TCP Query User{AB34A0B7-5D50-42AA-A664-1A4784D54832}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe | 
"TCP Query User{AFBA441B-6B1F-448D-A5EC-64A3C8E66702}C:\users\462091\documents\ftpserv\ftpserv.exe" = protocol=6 | dir=in | app=c:\users\462091\documents\ftpserv\ftpserv.exe | 
"TCP Query User{BBE54EF4-80FE-4A35-B9C1-6FBA6DBC80EF}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe | 
"TCP Query User{CCA81D28-F0CA-4561-BCE9-87BB920DCC99}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{CEBEC37C-863E-4A2A-A150-AF95528369DF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E10B705F-F1D1-4980-843F-9EAEA7F6579E}C:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe | 
"TCP Query User{EE7EFB3D-064E-4F4D-B0C3-81C9610255AA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{F5A6E2E1-53D0-4935-8E37-6663847F91DB}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{0F78FAF4-BAAB-4A8B-AE53-C2DABF7E756A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{1C0F719F-FE79-4D97-B588-D2D001686E0F}C:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files\pokerstrategy\pokerstrategy equilator\equilator.exe | 
"UDP Query User{1CCE3E22-E9A0-468A-85E6-E189CFB91156}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{29CA3654-A900-4304-A516-CC84CBCC4268}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{35336A4F-180A-441F-A858-AF92EB37DD13}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"UDP Query User{35A58FEA-46EE-4389-99D9-9FD3FD64B9F6}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe | 
"UDP Query User{3EB16204-21FD-42B0-9EB2-B1CB5AC3D596}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{4245985B-4E45-4206-AB1B-06CD04147249}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe | 
"UDP Query User{44565E01-F150-4BA8-A2F4-2CC3E714E0A3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{4A4ACD07-EED8-4753-9361-01DB9CDE4D5E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{60BA25B0-AC65-441C-B09C-C992384FF55B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8500B913-D603-4892-AA12-9A2AC85D0DE2}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe | 
"UDP Query User{90D49AAC-5126-4CCD-B475-3442CB95FCA9}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"UDP Query User{A61499C6-B38C-45A2-BE4A-1175EF1442B3}C:\program files\java\jre1.5.0_03\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_03\bin\javaw.exe | 
"UDP Query User{A9CCEF6D-6ED9-46C5-BDFB-EEAC222A2F84}C:\program files\java\jre1.5.0_14\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.5.0_14\bin\javaw.exe | 
"UDP Query User{B5889BD0-3BBB-4FF6-A4D0-364B3D564611}C:\windows\system32\mmc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mmc.exe | 
"UDP Query User{BABFCDC5-5E02-42B7-88B1-0E149F64ED82}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{D5FBD825-4930-47FF-8E72-45326D63F0FE}C:\users\462091\documents\ftpserv\ftpserv.exe" = protocol=17 | dir=in | app=c:\users\462091\documents\ftpserv\ftpserv.exe | 
"UDP Query User{E2062A73-5BEB-4709-B455-FDF5A5D7F793}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{E23720C8-6B57-4E78-9425-D03C36E62A8F}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EE462FA1-80EB-4C74-B322-EF4938C0808D}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1996809B-2215-4C99-9DE3-E75C8FE3B8C9}" = Tournament Shark
"{1DE22109-B91A-4292-986B-DCB622FEA45F}" = RSA ACE/Agent
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{20E75CE0-2DAC-4ECC-8BF2-7F3550D631EB}" = DameWare Mini Remote Control Client Agent Service
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{34D121D1-62B3-4B42-98A3-4DE3D1B70706}" = AWD Kommunikationscenter
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AD96D37-7CAF-4295-A274-E403F1F38065}" = Tools für Microsoft SQL Server 2005
"{3B83CD21-49F3-404F-A498-2C5AA515D1D0}" = Outlook Ersteinrichtung
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4186FEBC-F0CC-4185-A406-24292BC9877A}" = Nokia Software Updater
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{44918223-7D61-451D-89FE-5BC2B130926C}" = Ikarus Vorlagen
"{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4D3D8D17-73B9-4CDE-917A-34357DF2E552}" = Interaktive Präsentationsmappe
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E616211-01C7-47C6-A5DD-96C6A1BCB41C}" = Heureka
"{63F77981-887E-4586-841E-4C5B37929981}" = MasterSetup 26.00.0009, DVD-Stand 0026_20090911
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera (SN9C201&202)
"{75C16BE5-3302-4143-8790-36D24C41660E}" = bAV-Analyse Pro
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EDA7179-9B8E-465B-A3F8-CECB27F90FE0}" = PFS 2005
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86EF9EB6-DE10-4ABB-B221-D61972BB3C09}" = Collaboration Data Objects 1.2.1
"{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"{88D041CC-C3B6-41BB-8CFB-6107C26D5C2A}" = Outlook Ersteinrichtung
"{8D78B3DF-C142-4553-AC4E-E677D471E571}" = AWD Business Center
"{8DE11CA6-32A5-4505-82DF-E758C2B73DA2}" = AWD Business Center
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9243CB37-6943-4534-9293-4D850A716E4E}" = DameWareClient
"{985EB102-3DB9-49E1-A61A-83E08EA7AE6C}" = SMART Digitale Beratungsmappe
"{9D4E62AC-C8CB-4221-8ABF-2589584B6875}" = UpdateStar
"{A08FCF63-BCF4-4748-8F66-C869B7A86FD2}" = AWDSecurity
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2289997-10A3-48F2-AA03-99180D761661}" = Protector Suite QL 5.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7D1E02A-9BBF-44BC-BB0E-60211E4A2BE0}" = AWD Word Vorlagen
"{BE1219DB-22F8-491C-B3FE-FE0A4FB794F6}" = signotec SignoSign-Web - eDocBox V7.2.276
"{C2C599FE-4FCA-40D0-8C9B-050122D727EF}" = AWD Angebotsmappe
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF78AB2B-1CA0-42D2-A2F1-FDEBC7876EF0}" = Microsoft SQL Server 2005 (AWDVERTRIEB)
"{D21ADE43-3AC8-4942-82BC-9C1D6063F046}" = Bild-Steuer 2009
"{D4EB3763-9586-405D-B376-DE98C8C9285E}" = PokerStrategy Equilator
"{D7DCC734-7F6F-4E82-9B74-0BAB4BB36C4A}" = PokerStrategy Elephant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DED55849-00F7-4F40-B9E5-E73952DCB97D}" = Ikarus
"{E31B071D-877F-4C86-BF5D-1C20E031304F}" = Microsoft SQL Server Management Studio Express
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2969393-2D4D-4977-8166-B1251B08EF12}" = McAfee Agent
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"033AF7005E28212C588F4A6A7C70FC337035B868" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"2EC71483DB9F72339C87003A2DD75619594C70DD" = Windows-Treiberpaket - UPEK (TcUsb) Biometric (03/10/2007 1.9.2.0093)
"68C0F080293D2F762A22106C594B4792339BE161" = Windows Driver Package - Intel (NETw4v32) net (02/25/2007 11.1.0.86)
"7-Zip" = 7-Zip 4.42
"8333FFE8B8D391F641E11CBFBC132644ED829C65" = Windows-Treiberpaket - Sonix (SNP2STD) Image (05/08/2007 5.7.21.001)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AMCap" = AMCap
"Applian FLV Player2.0.24" = Applian FLV Player
"Avidemux 2.5" = Avidemux 2.5
"AWD Nuernberger-Version 0108 " = AWD Nürnberger Version 01.2008
"AWD Nuernberger-Version 0109 " = AWD Nürnberger Version 01.2009
"AWDEASY0" = easy in C:\Program Files\AWDEASY
"CCleaner" = CCleaner (remove only)
"D378CF7D7829BEE3D6C6016D3E4A00DF2B5B858B" = Windows Driver Package - Intel (NETw2v32) net (02/14/2007 9.1.1.13)
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FLV Player" = FLV Player 2.0, build 24
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"IHMC CmapTools v5.03" = IHMC CmapTools v5.03
"InstallShield_{87D9045F-5DE3-4AED-B56E-3A2927F2AF91}" = Fujitsu NetCOBOL Free Run-time
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Joerg Loehr Screensaver 2009" = Joerg Loehr Screensaver 2009
"Joerg Loehr Screensaver 2010" = Joerg Loehr Screensaver 2010
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"MSI PR400" = MSI PR400 Screen Saver
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SopCast" = SopCast 3.0.3
"Speed Gear_is1" = Speed Gear v6.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"True DBGrid Pro 6.0" = APEX True DBGrid Pro 6.0
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR archiver
"XiphQT" = Xiph QuickTime Components
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Persönliche Finanzstrategie" = Persönliche Finanzstrategie
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Skat-Online V8" = Skat-Online V8
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---


Ich bedanke mich schonmal im vorraus für eure Mühen.

 

Themen zu Windows Recovery eingefangen
7-zip, ad-aware, alternate, autorun, bho, bonjour, c:\windows\system32\rundll32.exe, desktop, druck, enigma, error, excel, failed, firefox, flash player, google chrome, iexplore.exe, installation, location, logfile, microsoft office word, mmc.exe, mozilla, object, office 2007, oldtimer, picasa, plug-in, realtek, registry, remote control, saver, searchplugins, security, security update, senden, server, shell32.dll, shortcut, software, start menu, studio, updates, vista, windows, wscript.exe


« kryptik.NIT-Trojaner in C:\Users\Alexander\AppData\Roaming\Yvap\ulnoa.exe | Windows Recovery entfernen und pc wiederherstellen »


Ähnliche Themen: Windows Recovery eingefangen


  1. File Recovery Virus eingefangen
    Log-Analyse und Auswertung - 11.09.2012 (1)
  2. Data Recovery Malware eingefangen und gemäß Anleitung hier bekämpft
    Log-Analyse und Auswertung - 06.11.2011 (1)
  3. Windows XP Recovery GAU
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (15)
  4. Windows Recovery
    Log-Analyse und Auswertung - 10.06.2011 (20)
  5. windows xp recovery eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (7)
  6. Windows 7 recovery
    Log-Analyse und Auswertung - 24.05.2011 (9)
  7. Windows Recovery eingefangen!
    Log-Analyse und Auswertung - 18.05.2011 (37)
  8. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  9. Windows Recovery auf PC
    Log-Analyse und Auswertung - 08.05.2011 (6)
  10. Windows Recovery Trojaner eingefangen
    Log-Analyse und Auswertung - 08.05.2011 (1)
  11. Windows recovery eingefangen
    Log-Analyse und Auswertung - 04.05.2011 (31)
  12. Windows Recovery
    Log-Analyse und Auswertung - 04.05.2011 (7)
  13. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  14. Windows Recovery eingefangen - OTL Logs angefügt
    Log-Analyse und Auswertung - 27.04.2011 (1)
  15. Windows recovery
    Log-Analyse und Auswertung - 26.04.2011 (13)
  16. Windows Recovery :(
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (1)
  17. Windows Recovery eingefangen
    Log-Analyse und Auswertung - 23.04.2011 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows Recovery eingefangen - Hallo, ich habe hier schon ein wenig im Forum gelesen und bin beeindruckt wie gut hier Laien geholfen wird. Ich bin selbst in den meisten Sachen am PC selber ein - Windows Recovery eingefangen...
Archiv
Du betrachtest: Windows Recovery eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130