Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert (https://www.trojaner-board.de/106433-achtung-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

JamesP 17.12.2011 17:18
Achtung! Aus sicherheitsgründen wurde ihr Windowssystem blockiert
 
Hallo,

ich habe das selbe problem wie viele anderen hier. Also bildschrim schwarz, taskmanager funzt nicht usw. ihr wisst sicher was ich meine ;). Ich hab mir einige threats hier durchgelesen und wollte es mal ausprobieren. Problem: mein abgesicherter modus startet nicht und hört auf weiter zumachen bzw / hört auf zu arbeiten ab Loaded \windows\system32\drivers\crcdisk.sys

hoffe auf schnelle Hilfe

Mfg

markusg 17.12.2011 17:44
hi, hast du abgesicherter modus mit netzwerk gewählt?

JamesP 17.12.2011 17:47
nein also ganz normal ..

markusg 17.12.2011 18:00
was passiert wenn du abgesicherter modus mit netzwerk wählst, startet der

JamesP 17.12.2011 18:02
nein, auch nicht .. hab mal an dem pc von dem ich hier schreibe geschaut wie lang er braucht bis der abgesicherte modus startet also dauert nicht wirklich lange .. bei meinem gehts wie ich schon sagte nicht mehr voran..

markusg 17.12.2011 18:06
ok is ja kein ding.
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.


Lade OTLpe Download OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD


Bebilderte Anleitung: OTLpe-Scan
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.txt und Extras.txt.

JamesP 17.12.2011 18:09
wie meinst du das, ob ich mit brenner dran komme`?

ah achso ja verlsesen sry ja komme ich ^^

JamesP 17.12.2011 18:54
das mit dem booten muss dann aber auf dem infizierten pc sein oder?

markusg 17.12.2011 19:24
na klar von dem infiziertem pc.

JamesP 17.12.2011 19:33
so hey hab das mit dem booten mal gemacht glaub aber das es icht wirklich funktioniert hat hab die inet verbindung mal von dem infizierten pc entfehrnt diesmal kam diese achtung.. meldung nciht was soll ich jetzt tun ? kann per usb schnell alles rübekopieren.

markusg 17.12.2011 19:35
was maawas hast du gemacht? du sollst doch einfach nur die cd brennen und dann davon den pc starten den infizierten logischerweise alles andere macht ja keinen sinn dann das log erstellen auf nen stick kopieren und hier ins forum stellen.

JamesP 17.12.2011 21:45
OTL
_________________________________OTL Logfile:
Code:
OTL logfile created on: 17.12.2011 21:17:26 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free
6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
PRC - [2011.10.19 21:35:51 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.15 15:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.11.23 12:39:31 | 005,888,696 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2009.11.23 12:39:31 | 005,608,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cc32\webtmr.exe
PRC - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) -- C:\Windows\System32\cchservice.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007.04.07 02:56:47 | 000,132,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jusched.exe
PRC - [2007.02.15 12:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.04.11 07:27:36 | 000,067,584 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (GameConsoleService)
SRV - [2011.12.14 20:40:55 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.29 12:36:13 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.15 15:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.08.19 07:12:52 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.06 00:19:17 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.01.12 23:09:00 | 003,395,532 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.23 12:39:31 | 000,979,632 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\System32\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.28 00:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.25 23:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.02.22 14:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2008.02.22 14:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2008.02.22 14:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2007.12.07 16:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 20:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.05.30 18:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.03.16 10:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2006.12.28 00:02:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.04.28 16:24:42 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2005.12.06 16:11:18 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005.08.10 13:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 14:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003.04.18 23:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 16:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/hypercam/{B29B86EA-3BA9-49F4-9B5C-44AE0D4D645D}
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Compaq | MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Hotmail und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 CE BA 7E ED C2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.99999
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll (WEBZEN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 13:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.13 13:20:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:29:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\Users\Neu\AppData\Roaming\5008
 
[2009.10.28 15:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Extensions
[2011.12.15 16:18:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions
[2010.04.27 20:28:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.11 12:16:52 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.28 20:34:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.13 13:20:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.03.17 21:13:46 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.22 01:10:45 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Neu\AppData\Roaming\mozilla\Firefox\Profiles\i0hef4dc.default\extensions\toolbar@ask.com
[2010.03.06 00:19:22 | 000,001,054 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\conduit.xml
[2010.10.25 17:54:51 | 000,002,286 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\googlede.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-1.xml
[2011.09.01 16:15:12 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-10.xml
[2011.09.09 14:17:41 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-11.xml
[2011.09.27 20:49:09 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-12.xml
[2011.10.01 12:24:31 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-13.xml
[2011.11.13 13:20:57 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-14.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-2.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-3.xml
[2010.10.25 17:54:52 | 000,001,067 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-4.xml
[2010.10.25 19:15:35 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-5.xml
[2010.11.16 20:53:32 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-6.xml
[2011.07.05 10:23:37 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-7.xml
[2011.08.02 16:03:02 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-8.xml
[2011.08.17 21:28:01 | 000,000,950 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\icqplugin.xml
[2010.10.25 17:54:52 | 000,001,695 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\web-search.xml
[2010.10.25 17:54:52 | 000,002,152 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{49877FB4-8465-4100-999B-C8559EF12E4E}.xml
[2010.10.25 17:54:52 | 000,001,834 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{AB9A0B8A-0ACE-4C61-AF60-4F2D682DC47F}.xml
[2010.10.25 17:54:52 | 000,002,041 | ---- | M] () -- C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\searchplugins\{E41A30D2-E0C3-413D-8535-90FE9795A4EE}.xml
[2011.11.13 13:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008.12.03 19:04:05 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.15 11:05:05 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.11.14 16:03:40 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\NEU\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0HEF4DC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.13 13:20:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.10 16:21:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.27 16:13:46 | 000,027,136 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2011.09.09 14:17:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.09 14:17:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.05.04 18:56:22 | 000,001,779 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\clipfish.xml
[2010.05.04 18:56:22 | 000,001,013 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conrad.xml
[2010.05.04 18:56:22 | 000,002,487 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\discount24.xml
[2011.09.09 14:17:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.09 14:17:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.05.04 18:56:22 | 000,001,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\musicload.xml
[2010.05.04 18:56:22 | 000,002,120 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\myvideo.xml
[2010.05.04 18:56:22 | 000,002,023 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\otto.xml
[2010.05.04 18:56:22 | 000,000,758 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\quelle.xml
[2010.05.04 18:56:22 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\telefonbuch-de.xml
[2011.09.09 14:17:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.09 14:17:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2010.05.04 18:56:22 | 000,005,375 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yodl.xml
 
O1 HOSTS File: ([2010.07.17 01:20:48 | 000,000,937 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\System32\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe (AceGain Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Video_deluxe_16_Plus_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Neu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Java developer Script Browse] C:\Users\Public\jusched.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Mpk.exe = C:\Program Files\Crysis\KGB\Mpk.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9387C991-5D8C-40E0-97E4-464102180468}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73713B5-224F-4FCF-AA39-697F40C8AC35}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\ezstor {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\x-asp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-cnote {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-hsp {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\x-zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O18 - Protocol\Handler\zip {8D32BA61-D15B-11d4-894B-000000000000} - C:\Program Files\Common Files\EzTools\hsppp.dll (EzTools Software)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Neu\AppData\Roaming\hotfix.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Neu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.06 10:23:34 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7691ba-774a-11dd-afdf-001fc64b8c08}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{aac97770-ff7e-11dc-95f2-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Nvsetup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\Program Files\Hama\Hama Webcam Suite\Magic-i Visual Effects\Magic-i Visual Effects.exe - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^Users^Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk - C:\Program Files\Screen Capturer\ScreenCapturer.exe - (ScreenCapturer.com)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin)
MsConfig - StartUpReg: ChicoSys - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus DX8400 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RGSC - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: TBPanel - hkey= - key= - C:\Program Files\Vtune\TBPanel.exe ()
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.17 20:46:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
[2011.12.14 14:48:32 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.14 14:48:32 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 14:48:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 14:48:29 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 14:48:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 14:48:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 14:48:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.14 14:48:20 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.14 14:48:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 14:48:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.12.14 14:48:18 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.12.14 14:48:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.12.14 14:48:18 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.12.14 14:48:18 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.12.14 14:48:18 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.14 14:48:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.12.14 14:48:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.12.14 14:48:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.14 14:48:17 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.12.14 14:48:17 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.12.14 14:48:17 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.12.14 14:48:17 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.12.14 14:48:17 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.12.14 14:48:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.11.26 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Roaming\.minecraft
[2011.11.25 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\.minecraft
[2011.11.25 19:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.23 13:29:02 | 000,000,000 | ---D | C] -- C:\Users\Neu\AppData\Local\Chromium
[2011.11.22 21:29:31 | 000,713,312 | ---- | C] (NHN USA) -- C:\Windows\System32\ijjiSetup.exe
[2011.11.22 21:29:31 | 000,062,048 | ---- | C] (NHN USA Inc.) -- C:\Windows\System32\ijjiProcessRestarter.exe
[2011.11.22 21:29:30 | 000,000,000 | ---D | C] -- C:\Program Files\REACTOR
[2011.11.22 21:28:18 | 007,822,632 | ---- | C] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe
[2011.11.22 18:58:55 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\lilli hp
[2011.11.22 18:10:02 | 000,000,000 | ---D | C] -- C:\ijji
[2011.11.22 18:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ijji
[2011.11.21 19:36:00 | 3799,935,896 | ---- | C] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe
[2011.11.20 20:42:07 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\wichtiger gta shit
[2011.11.20 20:36:52 | 000,000,000 | ---D | C] -- C:\Users\Neu\Desktop\CrossFire_1080
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Neu\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Neu\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.17 20:41:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.17 19:24:22 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.17 19:24:15 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.17 19:24:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.17 19:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.17 19:24:01 | 3219,525,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.17 17:25:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neu\Desktop\OTL.exe
[2011.12.15 16:10:38 | 000,465,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.14 21:35:13 | 000,194,654 | ---- | M] () -- C:\Users\Neu\Desktop\hgh.jpg
[2011.12.12 17:58:50 | 000,889,435 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg
[2011.12.12 17:57:58 | 000,942,137 | ---- | M] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg
[2011.12.08 22:12:13 | 000,246,050 | ---- | M] () -- C:\Users\Neu\Desktop\imba8.jpg
[2011.12.08 18:08:21 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.07 22:08:45 | 000,061,973 | ---- | M] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg
[2011.12.06 19:35:37 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.12.06 19:35:24 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.12.06 19:33:55 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011.12.04 22:32:03 | 000,643,366 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.04 22:32:03 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.04 22:32:03 | 000,131,578 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.04 22:32:03 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.30 22:48:59 | 000,269,663 | ---- | M] () -- C:\Users\Neu\Desktop\dhmm.jpg
[2011.11.25 21:42:27 | 001,102,574 | ---- | M] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe
[2011.11.25 19:47:27 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.23 14:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.11.22 21:31:42 | 000,000,171 | ---- | M] () -- C:\Users\Public\Desktop\ijji.url
[2011.11.22 21:31:40 | 000,001,654 | ---- | M] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011.11.22 21:28:45 | 007,822,632 | ---- | M] (Macrovision Corporation) -- C:\Users\Neu\Desktop\IJJI_REACTOR_INST_EN.exe
[2011.11.22 18:57:53 | 000,000,766 | ---- | M] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk
[2011.11.22 00:20:42 | 3799,935,896 | ---- | M] (NHN USA Inc) -- C:\Users\Neu\Desktop\U_AVA_Setup.exe
[2011.11.21 23:41:30 | 000,029,972 | ---- | M] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg
[2011.11.21 23:32:27 | 000,149,600 | ---- | M] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg
[2011.11.20 20:51:47 | 000,000,895 | ---- | M] () -- C:\Users\Neu\Desktop\CrossFire.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.14 21:35:12 | 000,194,654 | ---- | C] () -- C:\Users\Neu\Desktop\hgh.jpg
[2011.12.12 19:06:44 | 000,889,435 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.58.51.jpg
[2011.12.12 19:06:43 | 000,942,137 | ---- | C] () -- C:\Users\Neu\Desktop\2011-12-12 18.57.58.jpg
[2011.12.08 22:12:12 | 000,246,050 | ---- | C] () -- C:\Users\Neu\Desktop\imba8.jpg
[2011.12.07 22:08:44 | 000,061,973 | ---- | C] () -- C:\Users\Neu\Desktop\375530_264254766957614_178866558829769_679430_1849437699_n.jpg
[2011.11.30 22:48:58 | 000,269,663 | ---- | C] () -- C:\Users\Neu\Desktop\dhmm.jpg
[2011.11.25 21:42:21 | 001,102,574 | ---- | C] () -- C:\Users\Neu\Desktop\mcpatcher-2.2.2.exe
[2011.11.25 19:47:27 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.11.22 21:31:42 | 000,000,171 | ---- | C] () -- C:\Users\Public\Desktop\ijji.url
[2011.11.22 21:31:40 | 000,001,654 | ---- | C] () -- C:\Users\Public\Desktop\ijji REACTOR.lnk
[2011.11.22 18:57:53 | 000,000,766 | ---- | C] () -- C:\Users\Neu\Desktop\AVA - Verknüpfung.lnk
[2011.11.21 23:41:29 | 000,029,972 | ---- | C] () -- C:\Users\Neu\Desktop\kid-cudi-arrested1.jpg
[2011.11.21 22:52:53 | 000,149,600 | ---- | C] () -- C:\Users\Neu\Desktop\377954_282778178430442_100000947860374_799212_340569781_n.jpg
[2011.11.20 20:51:47 | 000,000,895 | ---- | C] () -- C:\Users\Neu\Desktop\CrossFire.lnk
[2011.05.29 20:47:28 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2011.02.08 08:27:46 | 000,138,056 | ---- | C] () -- C:\Users\Neu\AppData\Roaming\PnkBstrK.sys
[2011.02.08 08:27:30 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.11.06 22:44:24 | 000,000,024 | ---- | C] () -- C:\Windows\System32\swctl.dll
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.05.27 23:11:38 | 000,002,032 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d9caps.dat
[2010.05.27 23:11:38 | 000,001,648 | ---- | C] () -- C:\Users\Neu\AppData\Local\d3d8caps.dat
[2010.04.29 20:37:08 | 000,000,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\rx_image.Cache
[2010.04.10 13:08:14 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.03.10 21:54:02 | 000,000,091 | ---- | C] () -- C:\Users\Neu\AppData\Local\fusioncache.dat
[2009.11.23 12:39:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.23 12:39:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.11.23 12:38:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.10.30 10:04:33 | 000,044,645 | ---- | C] () -- C:\Windows\System32\httpuurl.dat
[2009.10.30 10:04:33 | 000,001,548 | ---- | C] () -- C:\Windows\System32\nogoapp.dat
[2009.10.30 10:04:29 | 000,000,050 | ---- | C] () -- C:\Windows\System32\ccwt64.dat
[2009.10.28 15:15:17 | 000,024,064 | ---- | C] () -- C:\Users\Neu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.01 05:22:41 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.12 14:30:30 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.11.28 21:31:46 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.11.28 21:31:25 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.11.28 21:31:24 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008.11.28 21:31:24 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.08.31 13:08:43 | 008,090,386 | ---- | C] () -- C:\Windows\System32\httpsurl.dat
[2008.08.31 13:08:42 | 000,000,145 | -H-- | C] () -- C:\Windows\System32\CTLSW.INI
[2008.08.31 13:08:37 | 000,000,529 | ---- | C] () -- C:\Windows\System32\nochook.ini
[2008.08.31 11:53:03 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2008.08.27 22:02:20 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008.08.19 13:37:50 | 000,000,555 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.29 06:30:29 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.07.29 06:30:29 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.07.29 06:27:16 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2008.07.29 06:27:16 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2008.07.28 19:42:23 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.07.28 19:42:23 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.07.28 19:42:23 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.07.28 19:42:23 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.07.28 19:42:23 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.07.28 19:42:23 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.07.28 19:42:23 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.07.28 19:42:23 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.07.28 19:42:23 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.07.28 19:42:23 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.07.28 19:42:23 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.07.28 19:42:23 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.07.28 19:42:22 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.07.28 19:42:22 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.07.28 19:42:22 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.07.28 19:42:22 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.07.28 19:42:22 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.07.28 19:33:51 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008.03.06 17:55:16 | 000,643,366 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.03.06 17:55:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.03.06 17:55:16 | 000,131,578 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.03.06 17:55:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.03.06 10:14:24 | 000,111,448 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008.03.06 09:53:43 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2008.03.06 09:51:10 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008.03.06 09:51:10 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2007.11.14 18:42:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007.11.09 12:01:59 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psyswin32.dll
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Neu\AppData\Local\lame_enc.dll
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,465,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,308 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,742 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Neu\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Neu\AppData\Local\no23xwrapper.dll
[2000.02.28 15:26:02 | 000,092,660 | ---- | C] () -- C:\Windows\System32\bass.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998.05.20 14:17:12 | 000,280,064 | ---- | C] () -- C:\Windows\System32\CNCS232.DLL
 
========== LOP Check ==========
 
[2011.11.26 13:08:42 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\.minecraft
[2009.12.18 22:12:46 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\EverAd
[2009.11.14 19:43:09 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\FreeFLVConverter
[2011.01.05 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\gtk-2.0
[2011.12.16 14:01:13 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\ICQ
[2011.02.08 19:37:32 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\LolClient
[2011.05.29 20:55:49 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\MAGIX
[2010.01.12 19:26:47 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\McLoad
[2010.08.02 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Need for Speed World
[2010.03.06 00:19:17 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\OCS
[2010.03.06 00:19:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Opera
[2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\PhotoScape
[2010.02.16 22:39:55 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Research In Motion
[2010.04.10 13:26:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Samsung
[2011.02.05 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Soldat
[2010.03.21 22:35:23 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TeamViewer
[2010.10.13 20:50:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\TS3Client
[2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\UAs
[2009.11.04 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\WinBatch
[2011.01.16 01:14:33 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\Winsock-Chat
[2010.12.03 22:07:02 | 000,000,000 | ---D | M] -- C:\Users\Neu\AppData\Roaming\xmldm
[2011.12.17 16:10:18 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.10.18 21:06:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.12.13 20:31:43 | 000,000,000 | ---D | M] -- C:\735e1701f0a0219f68334ddc
[2010.04.29 20:28:27 | 000,000,000 | ---D | M] -- C:\AV_LOGS
[2010.01.29 13:18:47 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.24 22:15:34 | 000,000,000 | ---D | M] -- C:\CFLog
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.08.29 21:04:52 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2011.01.21 13:39:17 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.05.23 11:54:11 | 000,000,000 | ---D | M] -- C:\gamigo
[2009.11.18 17:28:23 | 000,000,000 | -H-D | M] -- C:\hp
[2011.11.22 18:10:02 | 000,000,000 | ---D | M] -- C:\ijji
[2008.10.23 18:52:12 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.09 23:22:21 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.11.03 17:15:27 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.22 21:29:30 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.15 21:07:21 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.07.28 18:47:50 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.09.14 22:20:32 | 000,000,000 | ---D | M] -- C:\rads
[2011.12.17 21:03:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.26 12:26:10 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.04 18:04:08 | 000,000,000 | ---D | M] -- C:\The Games Page
[2011.08.24 18:23:47 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.16 14:50:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 21:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\Neu\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_ecc53ff9\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4db4e301\atapi.sys
[2008.03.06 18:30:42 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=B3F2C79318B9BBE87B2C51033682D912 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20693_none_db7d35eb3dc727cc\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_27cad3e5\atapi.sys
[2008.03.06 18:36:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.06 10:03:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\hp\drivers\nvidia_storage\nvstor32.sys
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.07 16:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_0ccbf6f4\nvstor32.sys
[2007.12.07 16:28:10 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=689A2160B851F8BF88F20728FD2F30BD -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_d22c7930\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2008.03.06 18:04:33 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011.01.07 12:05:50 | 000,005,389 | ---- | M] () -- C:\Users\Neu\.recently-used.xbel
[2009.10.28 15:24:08 | 000,000,377 | ---- | M] () -- C:\Users\Neu\Jonas.lnk
[2011.12.17 21:39:33 | 003,670,016 | -HS- | M] () -- C:\Users\Neu\ntuser.dat
[2011.12.17 21:39:33 | 000,262,144 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG1
[2009.10.28 15:00:29 | 000,000,000 | -H-- | M] () -- C:\Users\Neu\ntuser.dat.LOG2
[2011.12.17 16:10:17 | 000,065,536 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.17 16:10:17 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.10.28 22:39:31 | 000,524,288 | -HS- | M] () -- C:\Users\Neu\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.10.28 15:00:29 | 000,000,020 | -HS- | M] () -- C:\Users\Neu\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Neu\Desktop\2011-05-29 - 02.mpg:TOC.WMV
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >
--- --- ---

JamesP 17.12.2011 21:47
EXTRAS
______________OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 17.12.2011 21:17:26 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Neu\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,32% Memory free
6,22 Gb Paging File | 5,01 Gb Available in Paging File | 80,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,69 Gb Total Space | 76,72 Gb Free Space | 16,84% Space Free | Partition Type: NTFS
Drive D: | 10,07 Gb Total Space | 1,38 Gb Free Space | 13,72% Space Free | Partition Type: NTFS
 
Computer Name: JONAS-PC | User Name: Neu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CD8FE75-105D-4186-A97A-BB7EE53D39AB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{157CE713-F56B-40F5-9968-EC194ED07A7A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{33413EB1-8562-4C4D-8C2E-B44894D941DD}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4BCF574E-3CBE-45FB-9629-9456A5355A8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{60F2DC52-2127-4C96-9699-599FC1A1D3FC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D35FA5E-4AEF-4EEE-AAA9-7E6F15FCBA9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A8C6B90-6EC6-44FA-AC4B-E89631D37684}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB5EB706-7320-4000-B47E-559160B53D8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2957BB6-CD00-4367-933A-8C6858C481F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F1D0F820-E5D2-4306-A547-4D0743619A1E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F620CBD3-6745-412A-B9C9-9B26D32E2484}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0041945B-BA87-4EE2-9BA0-4CBFF03CF9BF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{0645BB43-CD81-4B69-959D-4E40383F1F18}" = protocol=6 | dir=in | app=c:\users\jonas\desktop\bf2.exe |
"{09483105-75B8-4BC0-976D-9619971A13DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{09D2E352-9A45-4C09-9499-D52594B4FCCC}" = protocol=6 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe |
"{0BA4942D-A329-4419-A710-CF69AF3087CD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{144076F8-27DE-4D1B-BF79-E9CB549D7E9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CB15FA8-CD09-43D2-8BFF-A2A0734C80D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1CB30A6F-B44D-4CCA-A1FA-02877D913498}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{238F807A-2F01-4A3B-B81B-3CDD23B0D99E}" = protocol=17 | dir=in | app=c:\program files\i-buddy manager\i-buddymanager.exe |
"{2887A703-3E96-4C53-BC4F-5C945CA7FAB8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{29967F15-E18C-4639-B321-BC71A7B80236}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{2F36F780-AEB1-49F0-8C81-E9885ACD2A89}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{34057510-0C0A-4479-A2C8-B41EFB161164}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{36D618E0-A43D-44D9-9F6C-51ADE3A81BCE}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3D543911-BE09-4F0D-A4A8-C71EA936437B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{438BD11A-A14F-48CC-B2E4-29D0E3DEB60D}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{48E96D45-68C7-4AB3-9EF0-5B741D470704}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{4DBDE3D3-FEA3-4D6B-8DD7-1567E6A7C15B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4DD1CD7E-C2CE-463A-B844-FB11C69A6CFC}" = protocol=17 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{52A00628-97FA-4970-94F3-D89946312596}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{54475131-D65E-4D26-9B09-C117E6A2BDC4}" = protocol=6 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe |
"{6080CF54-BC34-4C00-8399-DC9944EAE22A}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{661C2C2F-ADB1-4C30-828C-D4B989599D26}" = protocol=17 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{66AB7BAD-4EC4-4488-978E-F6E15082E271}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{695C2F3B-CED8-43EC-B981-0E8089C302BF}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{6987830B-2325-4467-81D9-C9E183FBD9BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6BF1EC7D-9A06-466B-81B4-4BB460BB08F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{6C3BEFD8-05CE-41C4-BBCE-D856D75F2CC0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6CEA65DB-A6F7-4048-A287-2EAA0A384322}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{7494D9DF-8A41-4F28-8830-B7A43C49FEE0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7615B6DE-4B51-4DC7-9F61-AAB9A8C3652B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B434783-2C48-4D25-B838-FA63C5AD96E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{95169441-6FE0-4054-9BD1-3BC1D110E0BC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{95FC1969-427E-4968-AF6D-195E39F9AE22}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{996FA132-F120-47A0-A6E1-B5DDCC940940}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw.exe |
"{9D3F746D-9D6E-4F4A-B0E3-99B499402F2D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{9FB2F48E-F5AD-4786-8E68-76736EEDBEA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A09721A9-AAE3-4821-80A0-C1856A86FCC5}" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe |
"{A661E410-201F-4232-AEE1-2A910B2A2E2D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AA2D2210-FBE1-44C5-85D7-1DA00BDB9871}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{AF436557-654F-4DB3-9901-4F1D8A64800E}" = protocol=17 | dir=in | app=c:\users\neu\appdata\local\akamai\netsession_win.exe |
"{BAF1C590-0BFF-43AB-97DE-24288AC63E32}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{BC50B70D-273D-45F7-A5B7-2A5F9FF22613}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{BCE66393-9326-4CDF-B9D3-C2578BCA32DA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwawmp.exe |
"{BDECB72C-4062-46EC-96A3-CDC44371F77B}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{BF2A61E0-AA98-4A11-8C9C-982793C5A4A2}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D1615FA5-C02C-4044-903A-3D9E58EECB61}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D3A8EAB6-E24F-4448-AFAF-FD0FE93A8A7D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D49AB8B6-6DB8-4CCE-9BC9-CC4D2EAC5CCF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D80082AA-D3FC-4C5E-B0C8-D96B7C364444}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E0072442-4D5E-47BB-AFB7-C57AABBA17A3}" = protocol=6 | dir=in | app=c:\program files\reactor\ijjioptimizer.exe |
"{E198455C-2BE0-4D19-B703-359CCC7A5A24}" = protocol=17 | dir=in | app=c:\users\jonas\desktop\bf2.exe |
"{E42498B2-F183-411C-B7E4-3A4DEE3FFFE7}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E96CFAA2-187D-4AB5-A612-190B0ED71182}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EA51856D-62C1-435F-9242-E729C1A48346}" = protocol=6 | dir=in | app=c:\program files\gamespy arcade\aphex.exe |
"{EAC8B09B-46B0-4240-BD27-3881410D8FC2}" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fearmp.exe |
"{EBAFCDFC-A7BE-4C0A-87EC-B83B4B6F8388}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{EBD60429-BEF8-42F8-A8A6-7209A1965BF3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EC74283F-7014-4BDA-B695-6098950B2B6B}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142 deluxe edition\bf2142.exe |
"{F75736B2-C565-4315-A752-8C4F43692438}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\portal 2\portal2.exe |
"{F76A4268-0BF6-4504-9897-2B36008B615E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F7C8779E-56D8-4D4B-9DE9-7DB36642CC6F}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{F8989487-8E76-42CC-9CAF-EBB1A9637B8D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F9D364EC-2066-477A-86B8-41A38442C6D3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FE1A33D6-3089-4E64-BB42-34213DF3C42E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{037606DC-5650-4F73-ADF1-394A6A8A7C71}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{0B017C49-8318-4E6A-8483-4B01D10115C8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"TCP Query User{1AB1860E-1F4D-4731-86ED-1D7B3AE12611}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=6 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe |
"TCP Query User{2D085435-37F9-4A31-B265-381E441D3109}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{32F2FA77-36C5-4998-A6AD-FD19BA6BB0C5}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"TCP Query User{466660D9-179C-4A4F-9DCF-5F9A4E42B463}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin |
"TCP Query User{46D70E1C-9CCF-49EE-99E4-D2A5FA12843A}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe |
"TCP Query User{509D2C25-E9C6-43CC-82E4-3DCB124192B4}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin |
"TCP Query User{50B3F2B2-591D-4D04-922F-668431E646B9}C:\program files\crysis\bin32\crysis.exe" = protocol=6 | dir=in | app=c:\program files\crysis\bin32\crysis.exe |
"TCP Query User{589025F1-5E5E-473C-A9B7-E9A197FA83FF}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"TCP Query User{5B47C67E-F203-4557-B80C-EF08A1F7426D}C:\soldat\soldat.exe" = protocol=6 | dir=in | app=c:\soldat\soldat.exe |
"TCP Query User{5EBC75B5-15EA-430E-A538-034EAB471D1A}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=6 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"TCP Query User{619FB7A0-E196-4624-832E-166B2A89A4ED}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"TCP Query User{658DAA1C-C27E-4AC1-8817-27ACE2C1A884}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{7531CC57-B37B-408C-8E33-E8BB98D005FB}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe |
"TCP Query User{8BF401A2-ED19-438C-A88D-EA3CEEB957F1}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=6 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
"TCP Query User{92CB3F9C-22CE-4A3F-9717-E62E73FD82BA}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe |
"TCP Query User{9CED6B91-E294-4E4A-B806-91EC3CAFED3F}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A2C83B2C-2D07-4D7F-AD45-D0766D762B5D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{A5696E75-8F49-4AD1-8C4D-9383888938BC}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe |
"TCP Query User{A7A5CDC6-6A68-4918-BF6A-EA1ED6C5733A}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"TCP Query User{AF9EC5A6-60E4-4E11-BA60-F7B7ABAD12B9}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe |
"TCP Query User{BD3C6203-EE1E-45F2-86B2-9ED509DC20FF}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"TCP Query User{BDA1A443-C931-42D6-914D-84CF1A367354}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"TCP Query User{C10B7475-7BB2-49D4-82F1-2ADFCCFD4B57}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe |
"TCP Query User{C4A34D53-1470-4CF3-94B8-6EAA6A6895A0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{C6EA65AB-1AD3-4C47-8ACD-06B9DAD82947}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"TCP Query User{C72DFECA-FB34-414F-874A-649193864C75}C:\program files\ea games\bfvietnam.exe" = protocol=6 | dir=in | app=c:\program files\ea games\bfvietnam.exe |
"TCP Query User{D7244BEC-3513-456F-8E66-FCA5300A922C}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"TCP Query User{D9D9C9C2-8898-4E97-B3A9-A2B50EA4091B}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=6 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"TCP Query User{DDDB31F7-95EF-408B-9982-D3CB9AE8F535}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{DFD0AA41-88CB-4B46-9C09-C0C910B0FFB4}F:\l4d2\left4dead2.heiising" = protocol=6 | dir=in | app=f:\l4d2\left4dead2.heiising |
"TCP Query User{E2D20D4D-7CBA-4344-BD6D-43A281604AD9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{E2D4B108-E1AD-438E-A4D0-F56FC306A586}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"TCP Query User{E6636CAB-42B3-4BC4-B3FC-0A0BEAA9ACFB}C:\program files\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"TCP Query User{ED677A53-D535-4310-8645-38A9AE729FA3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F38B093B-0FBD-421A-82AF-0954838B8FDC}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"TCP Query User{F9C8D732-D2F1-4B5E-9660-EA5AB9951BBB}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe |
"TCP Query User{FA4E5968-690C-4F93-8D40-680D9ED6AE7B}C:\program files\counter-strike source\srcds.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike source\srcds.exe |
"UDP Query User{0D2D13FC-773A-445C-ADDC-DF6876AB63A0}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{1243FF20-BA23-4E9D-B6EA-CECDC1CE7B33}C:\program files\ea games\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam.exe |
"UDP Query User{174C1F81-5A23-4CB9-8D5A-F0BE59BCF854}C:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp (2).exe |
"UDP Query User{2158D587-4AC1-426A-B43B-0FAECEF64E86}F:\l4d2\left4dead2.heiising" = protocol=17 | dir=in | app=f:\l4d2\left4dead2.heiising |
"UDP Query User{33934978-2389-4299-BA48-5B272CE01504}C:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\gta\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"UDP Query User{346730F1-0A9A-4B72-883D-FA2ACE32F1FA}C:\program files\z8games\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"UDP Query User{39A5A25D-EA3D-4C71-8634-F93B5319C05D}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe |
"UDP Query User{40DC8937-CDFF-4D1E-86D5-5B098F4DDE79}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"UDP Query User{43E55E52-E297-4415-81C9-A9F64C9A2CB1}C:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\spiele\mmorpg\league of legends\lol.launcher.exe |
"UDP Query User{4A3155AB-F49F-4138-BEAE-5C04B56F69F5}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{4B0CD05A-B921-49B2-8FCF-9F1DAD5774C3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4DC3FAB8-2EFB-48BF-9A35-F86FE21AB1D2}F:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe" = protocol=17 | dir=in | app=f:\spy-net rat v. 1.8\spy-net rat v. 1.8\spynet.exe |
"UDP Query User{58FB4247-F709-4735-ACE7-FC72731B3969}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin |
"UDP Query User{59F5A2C7-7964-44D5-B628-1518902B9387}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"UDP Query User{5B015E4B-DAA8-471D-9908-16489AE7880E}C:\program files\java\jre1.6.0_01\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\javaw.exe |
"UDP Query User{61088C7E-F725-430A-9D65-30983E1F841C}C:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
"UDP Query User{6381CB07-6565-4354-B17B-E4969E24495C}C:\soldat\soldat.exe" = protocol=17 | dir=in | app=c:\soldat\soldat.exe |
"UDP Query User{652C7C88-8910-48D1-8888-330E3B4AA818}C:\program files\ea games\battlefield vietnam\bfvietnam.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield vietnam\bfvietnam.exe |
"UDP Query User{6BA58D73-FB5F-429A-94C6-7090725465A8}C:\program files\novalogic\joint operations typhoon rising\jointops.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\jointops.exe |
"UDP Query User{6E3CE62C-2200-4554-9DE8-612274DA4519}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{6E45EEEB-16E1-422D-BC14-30C4514B25A2}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{77FE412E-A7EF-4D4A-82EB-0D1505753DB1}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7950F971-CBF8-4793-9DF3-4B96E32C9044}C:\users\neu\desktop\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\league of legends\lol.launcher.exe |
"UDP Query User{7E6B20CD-9462-4F9F-B365-C599416E79E9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8A2B2015-414F-4A8D-A39A-42ECD80A7955}C:\program files\ea games\battlefield 2\bf2_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2_w32ded.exe |
"UDP Query User{9D9825C4-359B-4F73-87C4-1BA8518DACCB}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{A210228E-537B-4C66-A003-3EDB66FC7E5C}C:\program files\java\jre1.6.0_01\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_01\bin\java.exe |
"UDP Query User{ADF5B0CB-FDE9-42FC-BC43-32A3695162CD}C:\program files\activision\call of duty - world at war\codwaw2.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty - world at war\codwaw2.exe |
"UDP Query User{B2AFCF8C-344C-438C-9947-20F2EDFC6A5C}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin |
"UDP Query User{BE13A9D1-5BB7-4EFD-A56B-160BBEB29D3A}C:\program files\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\hl2.exe |
"UDP Query User{C5E723D1-FA5B-4048-B99D-CBACFCA8A8BB}C:\program files\novalogic\joint operations typhoon rising\update.exe" = protocol=17 | dir=in | app=c:\program files\novalogic\joint operations typhoon rising\update.exe |
"UDP Query User{C6B2BB73-0CA2-4620-9ECC-2D2B21F9FDA9}C:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\gta sa\gta multy\samp0.3\samp03asvr_win32\samp-server.exe |
"UDP Query User{C99F0E44-0A34-4388-824A-5C77C88E08F0}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{D9BAEF4F-412B-4F6A-9044-B0841A827B1F}C:\program files\ea games\bfvietnam_w32ded.exe" = protocol=17 | dir=in | app=c:\program files\ea games\bfvietnam_w32ded.exe |
"UDP Query User{E6FA790E-2CF9-4036-88A2-1D1E96EF661A}C:\program files\counter-strike source\srcds.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike source\srcds.exe |
"UDP Query User{ED876495-55DA-4112-9A4A-1ECF90053814}C:\program files\roxio\media manager 9\mediamanager9.exe" = protocol=17 | dir=in | app=c:\program files\roxio\media manager 9\mediamanager9.exe |
"UDP Query User{F202887C-A45A-4CF0-96AB-49802FC2B42E}C:\program files\crysis\bin32\crysis.exe" = protocol=17 | dir=in | app=c:\program files\crysis\bin32\crysis.exe |
"UDP Query User{F4D0EDEB-CC00-4EA9-A318-B14371A541E4}C:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\users\neu\desktop\borderlands. funktioniert, von lucas\borderlands\binaries\borderlands.exe |
"UDP Query User{FE53FD56-43E4-4FBD-9197-24722218EB00}C:\program files\bfvcc server manager\bfvcc.exe" = protocol=17 | dir=in | app=c:\program files\bfvcc server manager\bfvcc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1104E2E0-9378-455d-9E0E-6235A4E52DB0}_is1" = ArchLord
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{441C8911-CEC0-19E6-6CAC-694553E06A28}" = myphotobook.de
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR
"{92B94569-6683-4617-8C54-EB27A1B51B30}" = GTAIII
"{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de
"EA Download Manager" = EA Download Manager
"Fraps" = Fraps (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mafia II_is1" = Mafia II
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video deluxe 16 Plus Download-Version D" = MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"MinecraftAlpha" = MinecraftAlpha
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MySSID_is1" = Vtune 7.13
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 620" = Portal 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Akamai" = Akamai NetSession Interface
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16583
 
Error - 03.12.2011 16:24:39 | Computer Name = Jonas-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16583
 
Error - 05.12.2011 13:08:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.  [ACCESS_VIOLATION Exception!! EIP = 0x71d4610a]  Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 07.12.2011 09:21:25 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e,  Prozess-ID 0x84c,
Anwendungsstartzeit 01ccb4e306aab9a5.
 
Error - 07.12.2011 09:30:03 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002,  Prozess-ID 0x84c,
Anwendungsstartzeit 01ccb4e306aab9a5.
 
Error - 11.12.2011 12:40:11 | Computer Name = Jonas-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die
 Datei  unknown.  [ACCESS_VIOLATION Exception!! EIP = 0x725c614a]  Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 17.12.2011 10:49:20 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Dwm.exe, Version 6.0.6002.18005, Zeitstempel
 0x49e01b94, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x5782400e,  Prozess-ID 0x784,
Anwendungsstartzeit 01ccbccb0c88442c.
 
Error - 17.12.2011 11:05:59 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MSASCui.exe, Version 1.1.1600.0, Zeitstempel
 0x47918de2, fehlerhaftes Modul wdrvtask.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x2a425e19, Ausnahmecode 0xc0000005, Fehleroffset 0x57824002,  Prozess-ID 0x878,
Anwendungsstartzeit 01ccbccd380ac67c.
 
Error - 17.12.2011 11:07:26 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,  Prozess-ID 0x6a4, Anwendungsstartzeit
 01ccbccd33c62f5c.
 
Error - 17.12.2011 11:27:41 | Computer Name = Jonas-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul ole32.dll, Version 6.0.6002.18277, Zeitstempel 0x4c28d53e,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047336,  Prozess-ID 0x5e4, Anwendungsstartzeit
 01ccbcd04b74b784.
 
[ System Events ]
Error - 17.12.2011 12:48:34 | Computer Name = Jonas-PC | Source = sfsync03 | ID = 262145
Description =
 
Error - 17.12.2011 12:48:38 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.12.2011 12:49:18 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:47:16 unerwartet heruntergefahren.
 
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 17.12.2011 12:50:33 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 17.12.2011 14:23:49 | Computer Name = Jonas-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 17.12.2011 14:24:08 | Computer Name = Jonas-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 17.12.2011 um 17:59:18 unerwartet heruntergefahren.
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 17.12.2011 14:25:42 | Computer Name = Jonas-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

JamesP 17.12.2011 21:53
ach und die frage ist es normal das dieser trojaner nicht wirkt wenn das internet aus ist? weil bei mir hat er jz nichts machen können wie oben schon gesagt..

markusg 18.12.2011 16:40
hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]



• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

JamesP 18.12.2011 17:26
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\firefox.exe deleted successfully.
C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56543 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jonas
->Flash cache emptied: 270242 bytes

User: Neu
->Flash cache emptied: 112895 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 56543 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jonas
->Temp folder emptied: 2002 bytes
->Temporary Internet Files folder emptied: 109527649 bytes
->Java cache emptied: 7469744 bytes
->FireFox cache emptied: 56643779 bytes
->Flash cache emptied: 0 bytes

User: Neu
->Temp folder emptied: 6438216630 bytes
->Temporary Internet Files folder emptied: 100476068 bytes
->Java cache emptied: 1949712 bytes
->FireFox cache emptied: 52294597 bytes
->Apple Safari cache emptied: 397312 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3801779168 bytes
RecycleBin emptied: 64777488 bytes

Total Files Cleaned = 10.141,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12182011_171412

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

JamesP 18.12.2011 17:27
wars das jetzt?^^ wenn ja dann schonmal vielen vielen dank :)

markusg 18.12.2011 17:40
und wo ist der upload, steht doch noch mehr da also bis zum ende arbeiten und lesen.

JamesP 18.12.2011 17:58
so habs hochgeladen

markusg 18.12.2011 18:06
danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

JamesP 18.12.2011 18:49
Combofix Logfile:
Code:
ComboFix 11-12-17.05 - Neu 18.12.2011  18:27:53.1.3 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1940 [GMT 1:00]
ausgeführt von:: c:\users\Neu\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20111124.txt
C:\install.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\users\Neu\AppData\Local\lame_enc.dll
c:\users\Neu\AppData\Local\no23xwrapper.dll
c:\users\Neu\AppData\Local\ogg.dll
c:\users\Neu\AppData\Local\vorbis.dll
c:\users\Neu\AppData\Local\vorbisenc.dll
c:\users\Neu\AppData\Local\vorbisfile.dll
c:\users\Public\Favorites\.data
c:\users\Public\Favorites\.idata
c:\users\Public\Favorites\.itext
c:\users\Public\Favorites\.rdata
c:\users\Public\Favorites\.reloc
c:\users\Public\Favorites\.rsrc
c:\users\Public\Favorites\.text
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-18 bis 2011-12-18  ))))))))))))))))))))))))))))))
.
.
2011-12-18 17:40 . 2011-12-18 17:40        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2011-12-18 17:40 . 2011-12-18 17:40        --------        d-----w-        c:\users\Jonas\AppData\Local\temp
2011-12-18 17:40 . 2011-12-18 17:41        --------        d-----w-        c:\users\Neu\AppData\Local\temp
2011-12-18 17:40 . 2011-12-18 17:40        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-12-18 16:19 . 2011-12-18 16:19        56200        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{457745AA-5B2A-4793-A32C-3A28B9187454}\offreg.dll        ERROR(0x00000005)
2011-12-18 16:14 . 2011-12-18 16:52        --------        d-----w-        C:\_OTL
2011-12-16 12:58 . 2011-11-21 10:47        6823496        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{457745AA-5B2A-4793-A32C-3A28B9187454}\mpengine.dll        ERROR(0x00000005)
2011-11-26 12:08 . 2011-11-26 12:08        --------        d-----w-        c:\users\Neu\AppData\Roaming\.minecraft
2011-11-23 12:29 . 2011-11-23 12:29        --------        d-----w-        c:\users\Neu\AppData\Local\Chromium
2011-11-22 20:29 . 2010-07-27 15:13        27136        ----a-w-        c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
2011-11-22 20:29 . 2010-03-24 15:57        713312        ----a-w-        c:\windows\system32\ijjiSetup.exe
2011-11-22 20:29 . 2010-03-24 15:56        62048        ----a-w-        c:\windows\system32\ijjiProcessRestarter.exe
2011-11-22 20:29 . 2011-11-22 20:31        --------        d-----w-        c:\program files\REACTOR
2011-11-22 17:10 . 2011-11-22 17:10        --------        d-----w-        C:\ijji
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 17:08 . 2011-10-18 20:03        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-06 18:35 . 2008-11-28 20:31        140496        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-12-06 18:35 . 2009-09-02 11:04        280736        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-12-06 18:35 . 2008-11-28 20:31        280736        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-12-06 18:33 . 2008-11-28 20:31        215128        ----a-w-        c:\windows\system32\PnkBstrB.ex0
2011-11-21 10:47 . 2008-08-31 12:18        6823496        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)
2011-11-16 20:46 . 2011-05-15 09:58        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2011-10-18 20:03        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-18 20:03        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-09-20 21:02 . 2011-11-08 21:32        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-13 12:20 . 2011-05-06 18:09        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-11-09 17:38        2331672        ----a-w-        c:\program files\DVDVideoSoft\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Akamai NetSession Interface"="c:\users\Neu\AppData\Local\Akamai\netsession_win.exe" [2011-11-10 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Ocs_SM"="c:\users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2010-03-05 106496]
"LiveUpdate"="c:\program files\Byteswarm\LiveUpdate\LiveUpdate.exe" [2004-08-28 2150400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"TrayServer"="c:\program files\MAGIX\Video_deluxe_16_Plus_Download-Version\TrayServer.exe" [2008-08-07 90112]
"ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2009-11-23 5608632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i Visual Effects.lnk
backup=c:\windows\pss\Magic-i Visual Effects.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Neu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Screen Capturer.lnk]
path=c:\users\Neu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Screen Capturer.lnk
backup=c:\windows\pss\Screen Capturer.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-08 15:31        47904        ----a-w-        c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-27 18:17        207424        ----a-w-        c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-12-27 23:02        1454080        ----a-w-        c:\program files\avmwlanstick\WLanGUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChicoSys]
2009-11-23 11:39        5608632        ----a-w-        c:\windows\System32\cc32\webtmr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
2007-04-12 06:00        182272        ----a-w-        c:\windows\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-07 14:33        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-29 11:33        1242448        ----a-w-        c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2010-09-02 09:59        2158592        ----a-w-        c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 gupdate1c9990f1f868ac0;Google Update Service (gupdate1c9990f1f868ac0);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Neu\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2010-03-05 40960]
R3 ASNDIS4;ASNDIS4 Protocol Driver;c:\windows\system32\ASNDIS4.SYS [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2006-12-27 4352]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-01-12 3395532]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
R3 XDva348;XDva348;c:\windows\system32\XDva348.sys [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R3 XDva352;XDva352;c:\windows\system32\XDva352.sys [x]
R3 XDva358;XDva358;c:\windows\system32\XDva358.sys [x]
R3 XDva359;XDva359;c:\windows\system32\XDva359.sys [x]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva374;XDva374;c:\windows\system32\XDva374.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys [2005-12-06 35328]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 1361288]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-08-19 235624]
S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2009-11-23 979632]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-05-30 16640]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 19:10]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 19:10]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{B29B86EA-3BA9-49F4-9B5C-44AE0D4D645D}
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Neu\AppData\Roaming\Mozilla\Firefox\Profiles\i0hef4dc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.6&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.2\ICQ.exe
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-18 18:40
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2939572160-219982239-4277376672-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:58,df,fa,2a,f2,7f,fa,dc,ae,52,93,2d,4a,71,40,db,56,cd,50,e8,93,40,44,
  e5,9c,24,47,26,33,12,11,89,49,05,86,fe,09,ed,3a,8b,9d,8c,1a,f7,fc,97,89,c9,\
"??"=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95
.
[HKEY_USERS\S-1-5-21-2939572160-219982239-4277376672-1003\Software\SecuROM\License information*]
"datasecu"=hex:99,26,7c,e5,e9,7a,67,4d,de,5f,e8,4e,4f,c9,81,63,1e,ed,f7,07,7e,
  2a,16,1b,97,26,f3,37,ba,17,21,6f,46,21,59,bb,16,00,5f,96,60,8c,28,1e,5d,16,\
"rkeysecu"=hex:57,a3,65,63,07,ec,bd,fb,9b,5e,1e,f9,87,2e,34,61
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-12-18  18:46:42
ComboFix-quarantined-files.txt  2011-12-18 17:46
.
Vor Suchlauf: 17 Verzeichnis(se), 84.591.116.288 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 90.706.788.352 Bytes frei
.
- - End Of File - - EE58C2B606D62F5A01797F5D8A2B9FD7
--- --- ---

markusg 18.12.2011 18:52
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

JamesP 18.12.2011 21:55
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8393

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19170

18.12.2011 21:49:23
mbam-log-2011-12-18 (21-49-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 587993
Laufzeit: 2 Stunde(n), 37 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 118

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1 (Refog.Keylogger) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\_OTL\movedfiles\12182011_171412\C_Users\Neu\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\programdata\MPK\M0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375989005 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7848589931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7850289468 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7850619676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7850867014 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7850998495 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7851040856 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7851089468 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7851154514 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7852634259 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7853387384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7853588426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7853650116 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7853695602 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7853742245 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7863420949 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8710835880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8919303125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8919697801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8920576620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8920918981 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8921340509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8921517130 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8921637500 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8921786921 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8922057407 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8922764468 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8923154167 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8923252894 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8923930903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8924087616 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8924224190 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8924526273 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8924778009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8928001620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_9006937268 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_9008212616 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_9010032292 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39991_4780616551 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39994_8551248611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39995_6768569792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40008_5585710301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375048611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375178704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375237963 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375286343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375389005 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375608912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i39966_8923390162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7375881597 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872629398 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194731250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937324653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872685764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872735764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872785648 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872832986 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872881250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872934838 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7872990741 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7873038773 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7873094329 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7873160648 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7873459838 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7876580903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7877969560 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7878027546 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_7878080671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194688310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\t39978_8015740625 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\t39984_6347565509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\t40017_4078345139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194778588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194819097 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194865856 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194933681 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8194983565 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40012_8195021412 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40021_7533349884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40021_7533806250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8935338889 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8935524421 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8936793519 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937081019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937158565 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937222338 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937285995 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937432870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937492593 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937546875 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937600810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937652894 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937706829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937761343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937811111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937865394 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937907870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937952315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8937998611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_8938044792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9024985417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025045255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025095139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025182176 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025242130 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025282639 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025327083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025374653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025433912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025466088 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025513542 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025558449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40055_9025600000 (Refog.Keylogger) -> Quarantined and deleted successfully.

JamesP 18.12.2011 21:56
das programm hat sogar noch einige mehr sachen gefunden :D

markusg 19.12.2011 13:14
hast du dir den keylogger selbst instaliert?
falls nein musst du unbedingt alle passwörter endern!

lade den CCleaner standard:
CCleaner Download - CCleaner 3.13.1600
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

JamesP 19.12.2011 17:30
nein nicht das ich wüsste hatte mal sowas kann sein, dass das die überreste waren. Eine frage befällt der auch pw´s von zb spielen?

JamesP 19.12.2011 17:34
aber dieser "achtung.." virus ist jetzt weg oder? ^^

markusg 19.12.2011 17:48
wo ist die liste die ich wollte? du willst ja sicher eine neu infektion verhindern also müssen wir schon noch was tun.
passwörter klaut er nicht

JamesP 19.12.2011 20:46
A.V.A NHN USA Inc 21.11.2011 5.996MB 50.10.1222 unnötig
ABBYY FineReader 6.0 Sprint 17.11.2010 119,5MB unbekannt
Activation Assistant for the 2007 Microsoft Office suites 17.11.2010 notwendig
Adobe AIR Adobe Systems Inc. 24.12.2010 29,4MB 2.5.1.17730 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 12.08.2011 10.0.42.34 notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 15.11.2011 11.1.102.55 notwendig
Adobe Reader 8.3.1 - Deutsch Adobe Systems Incorporated 15.09.2011 102,1MB 8.3.1 notwendig
Advertising Center 17.11.2010 unbekannt
Akamai NetSession Interface 08.11.2011 13,5MB unbekannt
Akamai NetSession Interface Service 08.11.2011 13,5MB unbekannt
Apple Application Support Apple Inc. 02.03.2011 51,0MB 1.5.0 notwendig
Apple Mobile Device Support Apple Inc. 02.03.2011 21,8MB 3.4.0.25 notwendig
Apple Software Update 17.11.2010 2,16MB notwendig
ArchLord NHN Games 15.12.2010 4.562MB notwendig
Avira Free Antivirus Avira 08.12.2011 74,9MB 12.0.0.870 notwendig
Battlefield 2: Special Forces 24.01.2011 543MB notwendig
Battlefield: Bad Company™ 2 Electronic Arts 07.02.2011 1.773MB 1.0.0.0 notwendig
Bing Bar Microsoft Corporation 24.03.2011 24,5MB 7.0.609.0 unnötig
Bonjour Apple Inc. 02.03.2011 0,76MB 2.0.4.0 notwendig
Call of Duty(R) - World at War(TM) 17.11.2010 notwendig
Call of Duty(R) 4 - Modern Warfare(TM) 17.11.2010 notwendig
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch 17.11.2010 notwendig
Cards_Calendar_OrderGift_DoMorePlugout 17.11.2010 unbekannt
CCleaner Piriform 18.12.2011 4,20MB 3.13 notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 13.12.2011 92,3MB 12.0.6425.1000 notwendig
Cross Fire En Z8Games.com 19.11.2011 1.853MB notwendig
EA Download Manager Electronic Arts, Inc. 24.12.2010 26,9MB 6.0.4.124 notwendig
EA Download Manager UI Electronic Arts 24.12.2010 0,77MB 6.0.4.124 notwendig
EPSON Attach To Email 17.11.2010 notwendig
Fraps (remove only) 20.01.2011 3,15MB notwendig
Google Earth Google 24.11.2011 92,8MB 6.1.0.5001 notwendig
Google Gears 17.11.2010 9,05MB unbekannt
Grand Theft Auto IV 17.11.2010 notwendig
Grand Theft Auto Vice City 24.12.2010 1.504MB 1.00.000 notwendig
GTAIII 24.12.2010 3,31MB notwendig
Hewlett-Packard Active Check 17.11.2010 notwendig
Hewlett-Packard Asset Agent for Health Check 17.11.2010 notwendig
HP Active Support Library 17.11.2010 notwendig
HP Advisor 17.11.2010 47,4MB notwendig
HP Customer Feedback 17.11.2010 notwendig
HP Photosmart Essential 2.5 17.11.2010 notwendig
HP Update Hewlett-Packard 21.03.2011 3,97MB 5.002.007.004 notwendig
HPPhotoSmartPhotobookWebPack1 17.11.2010 notwendig
ICQ7.5 ICQ 06.05.2011 51,7MB 7.5 notwendig
iTunes Apple Inc. 16.03.2011 143,0MB 10.2.1.1 notwendig
Java(TM) 6 Update 26 Oracle 09.09.2011 94,9MB 6.0.260 notwendig
Java(TM) SE Runtime Environment 6 Update 1 17.11.2010 167,3MB notwendig
LightScribe System Software 17.11.2010 21,6MB unbekannt
LogMeIn Hamachi LogMeIn, Inc. 09.09.2011 3,43MB 2.1.0.124 notwendig
Mafia II Take-Two Interactive Software, Inc. 27.06.2011 5.818MB 1.0 notwendig
MAGIX Speed burnR MAGIX AG 28.05.2011 57,1MB 6.0.1.4 notwendig
MAGIX Video deluxe 16 Plus Download-Version 9.0.0.55 (D) MAGIX AG 28.05.2011 416MB 9.0.0.55 notwendig
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 17.12.2011 6,76MB 1.51.2.1300 notwendig
MFC RunTime files 17.11.2010 unbekannt
Microsoft .NET Framework 1.1 12.10.2011 notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 08.03.2011 37,0MB notwendig
Microsoft .NET Framework 3.5 SP1 17.11.2010 notwendig
Microsoft Application Error Reporting 17.11.2010 notwendig
Microsoft Choice Guard 17.11.2010 notwendig
Microsoft Games for Windows - LIVE Microsoft Corporation 08.03.2011 6,01MB 3.4.54.0 notwendig
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 08.03.2011 31,3MB 3.4.18.0 notwendig
Microsoft Office Access MUI (German) 2007 17.11.2010 notwendig
Microsoft Office File Validation Add-In Microsoft Corporation 13.09.2011 7,92MB 14.0.5130.5003 notwendig
Microsoft Office Groove MUI (German) 2007 17.11.2010 notwendig
Microsoft Office InfoPath MUI (German) 2007 17.11.2010 notwendig
Microsoft Office Live Add-in 1.3 17.11.2010 0,48MB notwendig
Microsoft Office OneNote MUI (German) 2007 17.11.2010 notwendig
Microsoft Office Outlook Connector 17.11.2010 6,13MB notwendig
Microsoft Office Proof (English) 2007 17.11.2010 notwendig
Microsoft Office Proof (French) 2007 17.11.2010 notwendig
Microsoft Office Proof (German) 2007 17.11.2010 notwendig
Microsoft Office Proof (Italian) 2007 17.11.2010 notwendig
Microsoft Office Proofing (German) 2007 17.11.2010 notwendig
Microsoft Office Publisher MUI (German) 2007 17.11.2010 notwendig
Microsoft Office Shared MUI (German) 2007 17.11.2010 notwendig
Microsoft PowerPoint Viewer Microsoft Corporation 13.12.2011 167,0MB 14.0.4763.1000 notwendig
Microsoft Silverlight Microsoft Corporation 12.10.2011 88,3MB 4.0.60831.0 notwendig
Microsoft SQL Server 2005 Compact Edition [ENU] 17.11.2010 1,74MB notwendig
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 17.11.2010 0,25MB notwendig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.06.2011 0,29MB 8.0.56336 notwendig
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 17.11.2010 0,19MB notwendig
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 10.06.2011 0,58MB 9.0.30729.5570 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 17.11.2010 1,41MB notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 28.08.2011 0,58MB notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 17.11.2010 0,58MB notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.06.2011 0,58MB 9.0.30729.6161 notwendig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 19.10.2011 12,3MB 10.0.40219 notwendig
Microsoft Works Microsoft Corporation 15.12.2010 0,53MB 9.7.0621 notwendig
MinecraftAlpha 09.09.2011 13,5MB notwendig
MobileMe Control Panel 17.11.2010 10,7MB unbekannt
Mozilla Firefox 8.0 (x86 de) Mozilla 12.11.2011 39,1MB 8.0 notwendig
MSXML 4.0 SP2 (KB927978) 17.11.2010 34,00KB unbekannt
MSXML 4.0 SP2 (KB954430) 17.11.2010 34,00KB unbekannt
MSXML 4.0 SP2 (KB973688) 17.11.2010 1,34MB unbekannt
myphotobook.de myphotobook GmbH 06.04.2011 1.2.2-588 unnötig
Need for Speed(TM) Hot Pursuit Electronic Arts 24.12.2010 3.827MB 1.0.0.0 notwendig
Nero ControlCenter 17.11.2010 unnötig
Nero Installer 17.11.2010 unnötig
Nero Online Upgrade 17.11.2010 unnötig
Nero StartSmart 17.11.2010 unnötig
Nero Toolbar 17.11.2010 2,51MB unnötig
neroxml 17.11.2010 unnötig
No23 Recorder 17.11.2010 2,44MB unnötig
NVIDIA Display Control Panel NVIDIA Corporation 14.03.2011 148,0MB 6.14.12.5944 notwendig
NVIDIA Drivers NVIDIA Corporation 14.03.2011 1.10.62.40 notwendig
NVIDIA Grafiktreiber 275.33 NVIDIA Corporation 23.08.2011 187,8MB 275.33 notwendig
NVIDIA PhysX NVIDIA Corporation 27.06.2011 73,1MB 9.10.0512 notwendig
NVIDIA Stereoscopic 3D Driver NVIDIA Corporation 14.03.2011 16,1MB 7.17.12.5944 notwendig
NVIDIA Update 1.3.5 NVIDIA Corporation 23.08.2011 6,37MB 1.3.5 notwendig
Portal 2 Valve 04.05.2011 10.537MB notwendig
PowerDirector 17.11.2010 unbekannt
PSSWCORE 17.11.2010 unbekannt
PunkBuster Services Even Balance, Inc. 07.02.2011 0.988 notwendig
QuickTime Apple Inc. 16.12.2010 73,7MB 7.69.80.9 notwendig
REACTOR ijji 21.11.2011 19,8MB 1.00.0000 unnötig
Roxio Activation Module 17.11.2010 unnötig
Roxio Creator Audio 17.11.2010 unnötig
Roxio Creator Data 17.11.2010 unnötig
Roxio Creator EasyArchive 17.11.2010 unnötig
Roxio Media Manager 17.11.2010 unnötig
Safari Apple Inc. 17.11.2010 41,3MB 5.33.19.4 unnötig
Samsung PC Studio 3 17.11.2010 unnötig
San Andreas Mod Installer cpmusick 02.12.2010 3,37MB 1.1 notwendig
Search Settings 1.2.2 17.11.2010 3,14MB unbekannt
Skype™ 5.3 Skype Technologies S.A. 14.05.2011 22,6MB 5.3.111 notwendig
Sonic Creator Copy 17.11.2010 unbekannt
Steam Valve Corporation 04.05.2011 34,4MB 1.0.0.0 notwendig
TeamSpeak 3 Client TeamSpeak Systems GmbH 19.12.2010 30,3MB notwendig
Uninstall 1.0.0.1 28.05.2011 4,25MB notwendig
VideoToolkit01 17.11.2010 unbekannt
VoiceOver Kit Apple Inc. 16.12.2010 41,8MB 1.40.128.0 notwendig
Vtune 7.13 14.03.2011 11,2MB notwendig
Webzen Game Starter WEBZEN 21.04.2011 0,80MB 1.01.1015 notwendig
Windows Live Essentials Microsoft Corporation 08.03.2011 44,0MB 14.0.8089.0726 notwendig
Windows Live Fotogalerie 17.11.2010 notwendig
Windows Live Messenger 17.11.2010 notwendig
Windows Live Movie Maker 17.11.2010 notwendig
Windows Live Sync 17.11.2010 2,79MB notwendig
Windows Live Writer 17.11.2010 notwendig
Windows Live-Uploadtool 17.11.2010 0,22MB notwendig

JamesP 19.12.2011 20:47
bei manchen dingen weiß ich einfach nicht mehr was das mal war ..

markusg 19.12.2011 20:52
deinstaliere:
A.V.A NHN
ABBYY
Adobe AIR
Adobe Flash Player 10
Adobe Reader 8.3.1
neueste:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Advertising Center
Akamai beide
Bing Bar
Cards_Calendar_OrderGift_DoMorePlugout
Google Gears
Java beide
Download der kostenlosen Java-Software
downloade java jre
instaliere es.
deinstaliere:
LightScribe
myphotobook
Nero alle
neroxml
No23
PSSWCORE
REACTOR
Roxio alle
Safari
Samsung
Search Settings
bereinige mit dem ccleaner

JamesP 19.12.2011 21:07
bin mir bei einigen sachen jedoch niocht sicher

markusg 19.12.2011 21:08
verstehe ich nicht wo bist du dir nicht sicher.
hab dir ja geschrieben was zu deinstalieren und zu updaten ist.

JamesP 19.12.2011 21:16
ich hoffe mal du weißt was ich da alles deinstalliere weiß nur bei nen paar sachen bescheit was des ist ^^

JamesP 19.12.2011 21:17
achso ne der beitrag sollte noch vor deinen ^^ deiner war noch nicht geladen bei mir sry

markusg 19.12.2011 21:28
ja klar weis ich es sonst würd ichs nicht schreiben :-)

JamesP 19.12.2011 21:38
die roxio sachen und Advertising Center lässt sich nicht deinstallieren..

JamesP 19.12.2011 21:49
soll ich mir auch adope air neu downloaden oder nur flash und reader?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131