GVU Trojaner 2.07 mit Webcam entfernen

Bombär · 12.07.2012, 21:40

Hallo, habe mir gestern den GVU Trojaner 2.07 mit Webcam eingefangen. Nach Recherchen im Internet und auch hier im Forum habe ich diesen mit Malwarebytes Anti-Malware entfernt, sodass mein PC wieder lief. Da ich aber annehme, dass von dem Virus noch Fragmente auf meinem PC vorhanden sind habe ich die hier vorgegebenen Schritte verfolgt und sende euch nun die angegebenen Scan Berichte "defogger" "extras" "OTL" und "Gmer" per Anhang zu, in der Hoffnung dass ihr mir weiter helfen könnt.
Vielen Herzlichen Dank schonmal für die Mühen

Mit freundlichen Grüßen Bombär

kira · 13.07.2012, 08:39

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Willst Du dein System "vergiften"? so viel Müll...

1.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code:

ATTFilter

Babylon
Conduit Engine
DVDVideoSoftTB Toolbar
ICQ Toolbar
MyAshampoo Community Toolbar
SweetPacks

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (also - nach dem "Code", alles was in der Codebox steht! - (also beginnend mit :OTL und am Ende [emptytemp] ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=bc82ea1400000000000000183708c209
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.2.8&q="
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.startup.homepage: "http://www.aol.de/|http://de-de.facebook.com/|http://www.selb-live.de/"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018 [2012.03.19 18:26:40 | 000,000,000 | ---D | M]
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.11 20:00:24 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.21 12:04:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.03.23 14:24:22 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2011.10.03 23:30:52 | 000,000,139 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Suche.src
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\configure\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\install\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\Shell\AutoRun\command - "" = E:\autorun.exe
[2012.07.11 21:58:23 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.11 21:08:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.02.26 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10007
[2012.02.27 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10008
[2012.02.29 22:16:32 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10009
[2012.03.04 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10010
[2012.03.06 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10011
[2012.03.08 18:25:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10012
[2012.03.10 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10013
[2012.03.13 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10015
[2012.03.14 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10016
[2012.03.16 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10017
[2012.03.19 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10018

:Files
C:\Users\Basti\AppData\Roaming\kock
C:\Users\Basti\AppData\Roaming\UAs
C:\Users\Basti\AppData\Roaming\xmldm

ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.
Hast du den Rechner bereits auf Viren überprüft? Folgende Ergebnisse möchte ich noch sehen:

Code:

ATTFilter

Malwarebytes
(alle vorhandenen Protokolle!)

3.
Hast Du absichtlich die IP so als Proxy eingestellt?

Code:

ATTFilter

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

5.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

Bombär · 14.07.2012, 10:41

Hallo

Herzlichen Dank schonmal, dass du dich meines Problems annimmst, und die Zeit für mich investierst

Leider konnte ich gestern aus zeitlichen Gründen den Post nicht beantworten, doch dies werde ich nun nachholen

1. Alles Deinstalliert

2. Fixen mit OTL: Desktop.ini:

Code:

ATTFilter

 
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

3 Malwarebytes Protokolle:
1:

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [Administrator]

11.07.2012 22:16:28
mbam-log-2012-07-11 (22-16-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 118797
Laufzeit: 15 Minute(n), 14 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [Administrator]

11.07.2012 22:32:20
mbam-log-2012-07-11 (22-32-20).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219678
Laufzeit: 2 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Basti\AppData\Local\Temp\glom0_og.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.11.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Basti :: BASTI-PC [Administrator]

13.07.2012 16:27:15
mbam-log-2012-07-13 (16-27-15).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 433992
Laufzeit: 1 Stunde(n), 37 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Basti\Documents\flash\Schneeku.exe (JokeApp.EmailCollector) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\Downloads\SoftonicDownloader_fuer_cdcovercreator.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Basti\Downloads\SoftonicDownloader_fuer_minecraft.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3. Proxy ID: Wahrscheinlich Unabsichtlich, wie beschrieben ausgeführt

4.Installierte Programme:

Code:

ATTFilter

ABBYY FineReader 9.0 Sprint	ABBYY	21.09.2011		9.01.513.58212
Adobe AIR	Adobe Systems Incorporated	17.11.2011		3.1.0.4880
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated			11.0.1.152
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated			11.3.300.262
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	07.05.2012	121MB	10.1.3
Age of Mythology				
Any Video Converter 3.2.7	Any-Video-Converter.com	05.03.2012		
Ashampoo WinOptimizer 6.60	Ashampoo GmbH & Co. KG	22.11.2011		6.6.0
Avira Free Antivirus	Avira			12.0.0.1125
BlueJ 3.0.5	La Trobe University	31.10.2011		
CCleaner	Piriform	22.06.2012		3.20
CDBurnerXP	CDBurnerXP	06.05.2012		4.4.1.3099
CdCoverCreator 2.5.3	thyanté Software			2.5.3
CLICK & LEARN DiDi 360° 3.1	DEGENER Verlag GmbH	07.03.2012		
Corel VideoStudio Pro X3	Corel Corporation			1.6.0.272
Epson Easy Photo Print 2	SEIKO EPSON CORPORATION	21.09.2011		2.2.3.0
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)	SEIKO EPSON CORPORATION	21.09.2011		1.00.0000
Epson Event Manager	SEIKO EPSON CORPORATION	21.09.2011	38,7MB	2.40.0001
Epson FAX Utility	SEIKO EPSON CORPORATION	21.09.2011		1.10.00
Epson PC-FAX Driver				
EPSON Scan	Seiko Epson Corporation			
EPSON SX620FW Series Handbuch				
EPSON SX620FW Series Netzwerk-Handbuch				
EPSON SX620FW Series Printer Uninstall	SEIKO EPSON Corporation			
EpsonNet Print	SEIKO EPSON CORPORATION	21.09.2011		2.4j
EpsonNet Setup 3.3	SEIKO EPSON CORPORATION	21.09.2011		3.3a
FLV-Media-Player	HYBRIDWEB.de	29.04.2012	9,81MB	2.0.3.2520
FoxTab FLV Player				
Free Studio version 5.6.1.608	DVDVideoSoft Ltd.	16.06.2012		5.6.1.608
Free YouTube to MP3 Converter version 3.11.24.608	DVDVideoSoft Ltd.	16.06.2012		3.11.24.608
Google Chrome	Google Inc.	16.09.2011		20.0.1132.57
ICQ7.6	ICQ	17.09.2011		7.6
Java DB 10.5.3.0	Sun Microsystems, Inc	31.10.2011	28,4MB	10.5.3.0
Java(TM) 6 Update 22	Oracle	03.10.2011	97,0MB	6.0.220
Java(TM) 6 Update 31	Oracle	22.04.2012	95,1MB	6.0.310
Java(TM) SE Development Kit 6 Update 23	Oracle	31.10.2011	151MB	1.6.0.230
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	11.07.2012		1.61.0.1400
McAfee Security Scan Plus	McAfee, Inc.			2.0.181.2
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	13.06.2012		4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.10.2011		4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	25.12.2011	31,3MB	3.5.92.0
Microsoft Office Professional Plus 2010	Microsoft Corporation	12.07.2012		14.0.6029.1000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.12.2011	2,52MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	08.12.2011	240KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.09.2011	596KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	04.11.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	11.02.2012	15,0MB	10.0.40219
Minecraft Beta Cracked				
Mozilla Firefox 13.0.1 (x86 de)	Mozilla			13.0.1
Mozilla Maintenance Service	Mozilla			13.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	15.02.2012	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	16.02.2012	1,34MB	4.20.9876.0
MSXML4 Parser	Microsoft Game Studios	14.02.2012	1,25MB	1.0.0
Nexon Game Manager				
No23 Recorder	No23	21.01.2012	2,44MB	2.1.0.3
Notepad++				5.9.6.2
NVIDIA Grafiktreiber 285.62	NVIDIA Corporation	25.12.2011		285.62
NVIDIA PhysX	NVIDIA Corporation	17.09.2011	120MB	9.09.0814
NVIDIA Update 1.5.20	NVIDIA Corporation	25.12.2011		1.5.20
OpenAL				
OpenOffice.org 3.3	OpenOffice.org	03.10.2011	412MB	3.3.9567
Pando Media Booster	Pando Networks Inc.			2.6.0.1
ProtectDisc Driver, Version 11	ProtectDisc Software GmbH			11.0.0.12
PunkBuster Services	Even Balance, Inc.			0.990
QuickTime	Apple Inc.	08.12.2011	87,6MB	7.55.90.70
Registrierungsprogramm für den Nintendo Wi-Fi USB Connector				
S4 League_EU				1.00.0000
simfy	simfy GmbH	17.11.2011		1.5.4
Skype Click to Call	Skype Technologies S.A.	31.10.2011	22,6MB	5.6.8442
Skype™ 5.5	Skype Technologies S.A.	31.10.2011	17,0MB	5.5.124
SmartSound Common Data	SmartSound Software Inc.	08.12.2011		1.1.0
SmartSound Quicktracks 5	SmartSound Software Inc.	08.12.2011		5.1.5
Sophos Free Encryption 2.40.0	Sophos	17.11.2011	3,53MB	2.40.0.9
System Requirements Lab				
Update Manager for SweetPacks 1.0	SweetIM Technologies Ltd.	04.04.2012	2,48MB	1.0.0005
Windows Live ID Sign-in Assistant	Microsoft Corporation	25.12.2011	5,51MB	6.500.3165.0
Windows Media Encoder 9 Series		08.12.2011		
Windows Media Lite 2.3.0				2.3.0
WinRAR 4.01 (32-Bit)	win.rar GmbH			4.01.0
WolfTeam-DE				
World of Tanks	Wargaming.net	02.04.2012		
x-plugin-0				
Yontoo 1.10.02	Yontoo LLC	11.04.2012		1.10.02
µTorrent				3.1.3

5. Erneuter Scan mit OTL

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 13.07.2012 18:33:25 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 56,60% Memory free
3,87 Gb Paging File | 2,84 Gb Available in Paging File | 73,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,16 Gb Free Space | 6,82% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 12:02:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 12:02:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.12 11:37:50 | 000,633,696 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.30 16:08:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.05.09 12:02:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 12:02:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 13:24:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2006.04.10 07:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Basti\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.minecraftwiki.net/wiki/Hauptseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 0D 0D DB B7 74 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 17:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 17:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
 
[2011.09.16 23:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.06.05 18:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions
[2012.06.05 18:17:37 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.11.17 21:09:19 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.31 16:35:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.28 23:18:43 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\battlefieldplay4free@ea.com
[2012.05.06 13:35:45 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\engine@conduit.com
[2012.02.11 20:00:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\ffxtlbr@babylon.com
[2011.10.03 23:30:52 | 000,000,000 | ---D | M] (x-plugin-0) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\plugin@loadtubes.com
[2012.07.10 19:10:09 | 000,001,047 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\icqplugin.xml
[2012.04.04 13:43:43 | 000,003,915 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\sweetim.xml
[2012.06.22 17:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.16 18:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.31 17:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.04.04 13:40:36 | 000,021,707 | ---- | M] () (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IKZJZMKM.DEFAULT\EXTENSIONS\ADAPTER@BABYLONTC.COM.XPI
[2012.04.04 13:40:36 | 000,007,972 | ---- | M] () (No name found) -- C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IKZJZMKM.DEFAULT\EXTENSIONS\OCR@BABYLON.COM.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.22 13:15:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.16 14:16:36 | 000,643,584 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: x-plugin-0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Basti\AppData\Roaming\xplugin\toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX620FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8996426-DFFF-4E56-8478-3660C22AEEBE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 16:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.13 16:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:29:44 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 16:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.13 16:04:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.12 03:04:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:04:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:04:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:04:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:04:24 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:04:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:04:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 03:01:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Diagnostics
[2012.07.11 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes
[2012.07.11 22:10:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 22:09:22 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.11 13:32:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 13:32:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 13:32:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.02 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Outlook-Dateien
[2012.06.30 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Macromedia
[2012.06.30 16:08:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 17:52:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 17:52:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 17:51:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 17:51:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 17:51:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 17:51:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 17:51:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.16 18:31:43 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012.06.13 19:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012.06.13 19:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.06.13 19:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.06.13 19:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.06.13 19:27:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.06.13 19:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.06.13 19:27:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.06.13 19:25:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012.06.13 19:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012.06.13 19:22:33 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Basti\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Basti\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\bass.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.13 18:35:00 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 18:35:00 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.13 18:27:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.13 18:27:06 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 16:31:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 16:29:55 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 15:52:45 | 000,088,480 | ---- | M] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | M] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.12 17:24:31 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:21:49 | 000,461,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 00:23:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.12 00:23:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.12 00:23:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.12 00:23:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 00:19:54 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.11 22:52:46 | 000,302,592 | ---- | M] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:20:01 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 22:09:27 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.06.30 16:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 16:08:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.30 16:08:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.22 17:43:10 | 000,278,561 | ---- | M] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.06.22 17:03:20 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.16 18:35:03 | 000,001,209 | ---- | M] () -- C:\Users\Basti\Desktop\DVDVideoSoft Free Studio.lnk
[2012.06.16 18:31:45 | 000,001,376 | ---- | M] () -- C:\Users\Basti\Desktop\Free YouTube to MP3 Converter.lnk
[2012.06.13 19:29:49 | 000,003,261 | ---- | M] () -- C:\Users\Basti\Desktop\Microsoft Outlook 2010.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.13 16:31:23 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 15:52:40 | 000,088,480 | ---- | C] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | C] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.11 22:52:43 | 000,302,592 | ---- | C] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:19:47 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:08:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 17:43:10 | 000,278,561 | ---- | C] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.06.16 18:35:03 | 000,001,209 | ---- | C] () -- C:\Users\Basti\Desktop\DVDVideoSoft Free Studio.lnk
[2012.06.13 19:29:49 | 000,003,261 | ---- | C] () -- C:\Users\Basti\Desktop\Microsoft Outlook 2010.lnk
[2012.05.23 22:08:54 | 000,000,847 | ---- | C] () -- C:\Users\Basti\AppData\Local\recently-used.xbel
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.02.28 23:40:12 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.28 23:40:12 | 000,138,056 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2012.02.28 23:39:48 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.28 23:39:31 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.21 18:44:01 | 000,001,474 | ---- | C] () -- C:\Users\Basti\AppData\Local\RecConfig.xml
[2012.01.21 17:43:15 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.21 17:43:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8D9E624C39.sys
[2012.01.20 01:22:49 | 000,003,584 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.18 11:57:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.09.18 11:56:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Basti\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Basti\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2012.05.13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2011.10.01 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft
[2012.05.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ashampoo
[2012.04.07 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Babylon
[2011.12.11 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canneverbe Limited
[2012.04.04 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Degener
[2012.06.16 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2012.06.16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.02 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epson
[2012.04.22 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo
[2012.03.14 21:09:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2012.03.05 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Morou
[2011.11.22 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Notepad++
[2011.10.03 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.09.17 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ProtectDisc
[2012.04.04 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Rovio
[2011.11.17 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Simfy
[2012.03.10 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2012.04.04 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2012.02.09 07:55:10 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ulead Systems
[2012.07.13 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent
[2012.04.02 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\wargaming.net
[2012.02.20 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\X-Chat 2
[2011.10.03 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\xplugin
[2012.05.06 18:57:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Zeohf
[2012.01.15 22:28:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.13 11:13:09 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB714451-BB23-4180-8BF5-EB394E73814F}.job
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 13.07.2012 18:33:25 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 56,60% Memory free
3,87 Gb Paging File | 2,84 Gb Available in Paging File | 73,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,16 Gb Free Space | 6,82% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069257E-90DB-46CC-AD7F-2BFE7AC1B5F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05227068-6A08-4316-A2D7-D7A04F82676A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06222656-B4D0-49D3-B4D1-2343CB0920D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10EFB7FD-AB03-470D-89D6-D5776B166471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B53B27A-4976-47E7-B2E4-E0347B12F16A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1CCF057E-938F-4D90-B16A-BB98A72D1360}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1E78E27E-D846-4B92-9657-332016EB9E4B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2097FD3C-4E4C-43A7-99E7-D4CA8BC52F74}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{223C0D9C-95FE-4073-A5D3-38C03FF6951A}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{3167D86C-3E8E-42D5-8E9F-9FA51E41A068}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F136B4D-5589-4196-9E29-7FB47843D4FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C2153C-09D2-4A0D-96B0-9533E2C6BA93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A19F530-0BC8-4857-B36D-EC6AD4953E12}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5FFBCD43-0D6A-442B-94D6-CEFA68E9A9F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{656BBC49-9850-4F28-B495-3EB2A290157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7193FA14-29E7-4D99-9315-D10FB55EB439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8322329A-CD77-418F-9FCA-F303F9D91218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94BD1C3E-6799-49C0-8B4D-8A099DC225C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{972D3314-66ED-4FCE-9A2C-B4D191718269}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{9930B255-5281-4372-94E1-D2C3025A4BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9FD10710-5394-45FD-B9CC-73ADE862B698}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0D0B8EC-FA64-4B1F-92AC-3A639549C444}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A42AEA22-D09B-44B0-8278-4FFE750D47F7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A4BD161A-F38A-4ED6-B792-1BF7D7DEDEFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B670C664-3B78-40B7-88C0-88123E364E93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7B8B123-3A08-4F59-B4FF-89C698AC657A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BAEE61E6-320D-4D16-B9D8-EBF8581AAD17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{BE7BF583-D34E-4277-86F3-836090B170CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF30ADD0-E0A8-422C-B526-3E34A15D3D36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0785E26-5396-43DC-A0D6-9C93BB9D7D84}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{D78ACF18-3598-42A8-8B72-9CEC47434250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D91314E5-644D-4882-B49F-D4958C6AEA8B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB38FE79-1F21-42E1-8267-B48DC1138063}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA1C0145-6CC3-4A81-B7D6-7855FAFCF54D}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025654E3-5D38-4F67-A3A8-7ED110155F37}" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{0380BDB5-6516-4E63-BC48-7865630F0843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05F20A42-1547-4391-BD14-011D4D61A4CC}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{089A5AEF-6D10-4DB0-A9F2-1FFE53816888}" = dir=in | app=%systemdrive%\aeriagames\wolfteam-de\launcher.exe | 
"{090323F6-FE54-4D44-A4DB-61F708E89737}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0CAF3922-1D8D-4057-9AE0-C3A6C96F4919}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E6E3494-7B5F-40AE-84A6-5EFBCB2AE654}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{0F95BBA0-88E4-4871-8BA3-A7B310AB0070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{120CDBAC-B3BD-441F-A05E-6848FC5F182F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1765FC7D-49C7-4E89-865F-AE6C596181BA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{17F13EDC-7778-4B4E-BE97-7DE672BC5538}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{183F9CF6-DE8C-4D9A-949B-013FABCF70BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{185F0AD5-83DE-4BCF-BE68-B82B7717557B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19A96713-590C-4A0C-A70E-D17E28685503}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{23003FB0-8077-4731-9678-7877E9A182E9}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{29B7E76A-5073-45DB-B0FE-4255AFAC492B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{2E97E206-B997-40A4-8C3C-0CB0E40F032D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32E4814E-1EDB-4016-840E-C78794C02549}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4840DFC3-F77E-4D44-9ED6-1F56C645F339}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4A65AF7F-2DDD-41C0-A3F8-0886253001AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{547525BA-400B-4BA5-A3E3-EE00517E076C}" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{5C4A03D7-49F0-4B32-90BE-9607D066630C}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{5E6F5E77-CFDF-4C51-AD92-C91E38AFB469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66AA2F47-7616-40C8-ACD9-92E41AB0DE8E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6789D27C-915E-4CDF-9A34-78BE026A0F99}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6874B496-CD57-4F25-8AFF-6710AA350D5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69D5AAF0-241B-4088-9A74-9D98BC203104}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6C0DD9FE-8B5E-462E-AF66-2CFDF868A487}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{736CCCB1-86AC-41DE-8AD5-5EDBEE1B55BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7634F074-D599-41D4-AD9D-7C6D4E272700}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{768ABE14-EA16-4511-A8EC-97D6557FFEF5}" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"{7719D450-2941-4499-89AF-DD91FF3E902D}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7BADFE37-F390-49A7-9C64-26CDF296E112}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{7FC9F8CD-4F1A-4787-9A2E-2E68CC547135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{886D410B-A02B-4C11-A368-9AB6AE8049C7}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{88ECB880-AE92-45DC-9FDC-6AF5F7AF7ED3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{8AF3FD78-C4A1-4DD4-8D7D-2341EBA80B89}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9CA30882-D4D8-4720-97F8-F9EC22176A37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E06635E-E642-491E-B77F-1E8537D4992A}" = protocol=6 | dir=out | app=system | 
"{A0BD587A-09A4-4765-85AD-4EC416C3579F}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A916DC58-46EE-4D20-A879-9E4A917C5AC8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B102F585-3FE0-4974-A215-3E2D134DE82D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B4C8FC5B-BD64-4047-8E22-3286BDD5FFA8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B6FB7F8A-4676-40FF-9851-972B5F1D01B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BBBCCB9F-B759-4166-B45E-4EBD64185853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C0BF0474-1AEC-4088-BA3F-874B6E5798C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6E1118C-A165-4F00-9616-F4B50B2E5C12}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CDDBF54F-D657-4E00-B8CD-165A2E8CABBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D042D05F-FD7B-4D91-881D-66C4CC957878}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D2F30E98-8114-4A5D-B962-566214097687}" = protocol=58 | dir=in | app=system | 
"{DA02DB93-CF85-424F-A262-B3B9DE585B2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DCAF306D-0D05-4935-A380-73B3BCFF26D7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4C50F4A-24F1-45F8-B27A-CA9504580E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EB9F-DC03-4F86-AF28-AEA65D8B0864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8D20C2D-C64A-419D-88B2-C7AFA1C0E45B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{E9EEE8D6-B145-490F-B516-CD8A44CCE397}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EB5D55B8-20E2-403F-9D87-3A13B59DA61F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{EC97E060-535B-40C2-AD00-D60EAE827C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED667484-955F-4AA0-B67F-30B518078CA0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F106347E-CA10-4BBB-A20A-AC8E959BB205}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F5CBCB17-EBAF-49B2-A84E-4C01FF241E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F95D2D60-4541-45A4-8BB9-D2D00508E287}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{FAFE0C68-5B95-4DE7-AEC7-E1D20D8E69DD}" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"{FB5A9591-2BB6-46FB-BCA6-7434FE425DEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCB7D0B8-5F34-4948-833E-9B45CF2CF3DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FDB1C8DD-C7AC-4F38-8D66-503B1AB6F6DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{2A5E04D3-73C3-4AF4-AB72-CE6B84936E5F}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{3626A0BC-9750-40CB-B622-8B3EFDCC35A5}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"TCP Query User{3FD30BFE-B873-47AE-A2C4-ED9822C73B2B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{537DAC1C-D531-4859-84ED-7E2DBC82B6FB}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe | 
"TCP Query User{5E1D7A33-73D2-478D-ADF0-8D19EA4BCB71}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{64FE15A3-14AE-47B6-9A4B-A9843BE8BBA0}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{831A7BA3-DC6C-42EF-88D6-4DE960CA6C2F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{A7DBB73B-B4CB-4E93-B3F8-D4EA5064EB0A}C:\users\basti\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{AE81A896-6D47-4333-9D80-01A046F5C24D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{B3A88767-3F3F-4622-9536-C9F6EDEA9D45}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"TCP Query User{BA52955B-EB9C-4AB1-9900-A4704CC04CC8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DB593C26-D8F8-4629-A3FF-C16A47DB6817}C:\spiele\programme\css\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"TCP Query User{DDD69C25-4A44-46C0-992C-45DEA5ED4908}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{E8A99E44-48AF-4E81-8C7F-F925B1366ABB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EFC5D372-D944-47B1-9527-8A4ECA17C652}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2358BD88-2D9C-4652-9E97-2D18E7B7622C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{36337BF5-8077-43C8-ADF4-732C2CCD99E9}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"UDP Query User{43431553-75B1-4AC9-AE32-64F61C4E5C95}C:\spiele\programme\css\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"UDP Query User{6398126C-857B-488E-901C-A3BA3E4CA4B0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{821E7CF8-A5C9-4076-99E6-ABE5A0338603}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8E0BC373-3344-4DBA-91BD-3189477E79BF}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe | 
"UDP Query User{A8AFC65C-FAE5-4D78-BB7F-DFBEF1F9A03A}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"UDP Query User{B4785310-0B6C-4703-9067-951AE0F6DCA4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{B826BD87-C983-4A5B-BEA4-0E3599950E72}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C0D37E85-73D2-4D37-9F88-BADE680C7597}C:\users\basti\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E7822A89-FBE5-48C8-A542-48196857F582}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{ED25CF62-3C82-4221-98DD-7E430FAFEAF2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{F53CBDEC-82E9-43B1-B5F9-43EB7DE6DE97}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{FB8AB51B-D115-4188-A5E0-E0FDCB345E42}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{FBF59077-5771-4AD5-BF3B-F8255805689F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45759B87-8EE8-C51A-EEF4-CF5E4C1A7524}" = simfy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A424209-5DCF-4C45-9504-C138ED9CEBD2}" = S4 League_EU
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91D5756A-86DD-4E92-9F38-33743A081060}" = Sophos Free Encryption 2.40.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}" = FLV-Media-Player
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 3.0.5
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall
"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch
"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch
"Free Studio_is1" = Free Studio version 5.6.1.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"wmlite2_is1" = Windows Media Lite 2.3.0
"WolfTeam-DE" = WolfTeam-DE
"x-plugin-0" = x-plugin-0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 10:20:49 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000303a2  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cd60fbfc9179a4  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f1052bef-ccf5-11e1-933f-00183708c209
 
[ System Events ]
Error - 19.05.2012 15:37:24 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 19.05.2012 17:06:18 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:08 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:17 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:39:19 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:11:04 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:28:01 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:21:35 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:32:10 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 10:08:09 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

Ok, des wars bisher, Dankeschön nochmal

kira · 14.07.2012, 11:06

Mensch! was hast Du da vorgeführt?!

Punkt 2. bitte aufmerksam lesen und genauso handeln wie ich beschrieben habe!:-> http://www.trojaner-board.de/119328-...tml#post863564
nur was ich rot markiert habe in das leere OTL-Textfeld reinkopieren!!):

Code:

ATTFilter

:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=bc82ea1400000000000000183708c209
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultenginename: "Suche"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.2.8&q="
FF - prefs.js..browser.search.order.1: "Suche"
FF - prefs.js..browser.search.selectedEngine: "Suche"
FF - prefs.js..browser.startup.homepage: "http://www.aol.de/|http://de-de.facebook.com/|http://www.selb-live.de/"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018 [2012.03.19 18:26:40 | 000,000,000 | ---D | M]
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.11 20:00:24 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.21 12:04:30 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.03.23 14:24:22 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2011.10.03 23:30:52 | 000,000,139 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Suche.src
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\configure\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\Shell\install\command - "" = D:\setup.exe -- [2010.03.12 05:29:00 | 001,100,664 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\Shell - "" = AutoRun
O33 - MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\Shell\AutoRun\command - "" = E:\autorun.exe
[2012.07.11 21:58:23 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.11 21:08:55 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.02.26 20:32:18 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10007
[2012.02.27 18:53:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10008
[2012.02.29 22:16:32 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10009
[2012.03.04 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10010
[2012.03.06 23:38:06 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10011
[2012.03.08 18:25:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10012
[2012.03.10 16:23:39 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10013
[2012.03.13 16:54:47 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10015
[2012.03.14 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10016
[2012.03.16 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10017
[2012.03.19 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\10018

:Files
C:\Users\Basti\AppData\Roaming\kock
C:\Users\Basti\AppData\Roaming\UAs
C:\Users\Basti\AppData\Roaming\xmldm

ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

Bombär · 15.07.2012, 18:44

Upps, entschuldigung

Des kam mir auch gleich weng komisch vor

Ich hoff des is jetzt es richtige:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Programme\MyAshampoo\tbMyAs.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Programme\MyAshampoo\tbMyAs.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Suche" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=sm&tb_ver=1.2.8&q=" removed from browser.search.defaulturl
Prefs.js: "Suche" removed from browser.search.order.1
Prefs.js: "Suche" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.aol.de/|hxxp://de-de.facebook.com/|hxxp://www.selb-live.de/" removed from browser.startup.homepage
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018 not found.
File C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\Suche.src not found.
File C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
D:\setup.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d38741d-e07e-11e0-a4e3-806e6f6e6963}\ not found.
File D:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b2994ad-7e3f-11e1-ae3f-00183708c209}\ not found.
File E:\autorun.exe not found.
File C:\ProgramData\go_0molg.pad not found.
File C:\ProgramData\go_0molg.pad not found.
Folder C:\Users\Basti\AppData\Roaming\10007\ not found.
Folder C:\Users\Basti\AppData\Roaming\10008\ not found.
Folder C:\Users\Basti\AppData\Roaming\10009\ not found.
Folder C:\Users\Basti\AppData\Roaming\10010\ not found.
Folder C:\Users\Basti\AppData\Roaming\10011\ not found.
Folder C:\Users\Basti\AppData\Roaming\10012\ not found.
Folder C:\Users\Basti\AppData\Roaming\10013\ not found.
Folder C:\Users\Basti\AppData\Roaming\10015\ not found.
Folder C:\Users\Basti\AppData\Roaming\10016\ not found.
Folder C:\Users\Basti\AppData\Roaming\10017\ not found.
Folder C:\Users\Basti\AppData\Roaming\10018\ not found.
========== FILES ==========
File\Folder C:\Users\Basti\AppData\Roaming\kock not found.
File\Folder C:\Users\Basti\AppData\Roaming\UAs not found.
File\Folder C:\Users\Basti\AppData\Roaming\xmldm not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Basti\Desktop\cmd.bat deleted successfully.
C:\Users\Basti\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 248700 bytes
->Temporary Internet Files folder emptied: 2172347 bytes
->Java cache emptied: 426792 bytes
->FireFox cache emptied: 54192686 bytes
->Google Chrome cache emptied: 99170097 bytes
->Flash cache emptied: 58119 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3173440 bytes
RecycleBin emptied: 48025280 bytes
 
Total Files Cleaned = 198,00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07152012_193701

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

kira · 16.07.2012, 07:29

erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Bombär · 17.07.2012, 15:50

OTL

Code:

ATTFilter

OTL logfile created on: 17.07.2012 16:41:05 - Run 3
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,93% Memory free
3,87 Gb Paging File | 2,62 Gb Available in Paging File | 67,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,08 Gb Free Space | 6,77% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2012.06.30 16:08:27 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.15 00:17:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 12:02:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 12:02:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.30 16:08:27 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.15 00:17:55 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.12 11:37:50 | 000,633,696 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.30 16:08:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.05.09 12:02:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 12:02:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 13:24:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2006.04.10 07:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Basti\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.minecraftwiki.net/wiki/Hauptseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 0D 0D DB B7 74 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.aol.de/|https://www.facebook.com/|hxxp://www.selb-live.de/"
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.22 17:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.07 17:38:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
 
[2011.09.16 23:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.07.15 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions
[2012.03.31 16:35:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.10 19:10:09 | 000,001,047 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\icqplugin.xml
[2012.04.04 13:43:43 | 000,003,915 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\sweetim.xml
[2012.06.22 17:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.16 18:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.31 17:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.22 13:15:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.16 14:16:36 | 000,643,584 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: x-plugin-0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Basti\AppData\Roaming\xplugin\toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX620FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8996426-DFFF-4E56-8478-3660C22AEEBE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.13 16:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.13 16:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:29:44 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 16:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.12 03:04:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:04:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:04:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:04:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:04:24 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:04:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:04:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 03:01:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Diagnostics
[2012.07.11 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes
[2012.07.11 22:10:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 22:09:22 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.11 13:32:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 13:32:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 13:32:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.02 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Outlook-Dateien
[2012.06.30 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Macromedia
[2012.06.30 16:08:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 17:52:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 17:52:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 17:51:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 17:51:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 17:51:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 17:51:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 17:51:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Basti\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Basti\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 16:02:27 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:02:27 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 15:54:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 15:54:47 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 20:35:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job
[2012.07.13 16:31:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 16:29:55 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 15:52:45 | 000,088,480 | ---- | M] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | M] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.12 17:24:31 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:21:49 | 000,461,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 00:23:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.12 00:23:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.12 00:23:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.12 00:23:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 00:19:54 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.11 22:52:46 | 000,302,592 | ---- | M] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:20:01 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 22:09:27 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.06.30 16:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 16:08:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.30 16:08:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.22 17:43:10 | 000,278,561 | ---- | M] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.06.22 17:03:20 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.13 20:35:39 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job
[2012.07.13 16:31:23 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 15:52:40 | 000,088,480 | ---- | C] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | C] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.11 22:52:43 | 000,302,592 | ---- | C] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:19:47 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:08:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 17:43:10 | 000,278,561 | ---- | C] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.05.23 22:08:54 | 000,000,847 | ---- | C] () -- C:\Users\Basti\AppData\Local\recently-used.xbel
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.02.28 23:40:12 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.28 23:40:12 | 000,138,056 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2012.02.28 23:39:48 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.28 23:39:31 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.21 18:44:01 | 000,001,474 | ---- | C] () -- C:\Users\Basti\AppData\Local\RecConfig.xml
[2012.01.21 17:43:15 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.21 17:43:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8D9E624C39.sys
[2012.01.20 01:22:49 | 000,003,584 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.18 11:57:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.09.18 11:56:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Basti\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Basti\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2012.05.13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2011.10.01 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft
[2012.05.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ashampoo
[2012.04.07 18:03:31 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Babylon
[2011.12.11 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canneverbe Limited
[2012.04.04 16:20:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Degener
[2012.06.16 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2012.06.16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.02 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epson
[2012.04.22 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo
[2012.03.14 21:09:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2012.03.05 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Morou
[2011.11.22 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Notepad++
[2011.10.03 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.09.17 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ProtectDisc
[2012.04.04 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Rovio
[2011.11.17 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Simfy
[2012.03.10 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2012.04.04 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2012.02.09 07:55:10 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ulead Systems
[2012.07.13 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent
[2012.04.02 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\wargaming.net
[2012.02.20 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\X-Chat 2
[2011.10.03 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\xplugin
[2012.05.06 18:57:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Zeohf
[2012.01.15 22:28:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.13 11:13:09 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB714451-BB23-4180-8BF5-EB394E73814F}.job
 
========== Purity Check ==========
 
 

< End of report >

Extras

Code:

ATTFilter

OTL Extras logfile created on: 17.07.2012 16:41:05 - Run 3
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,93% Memory free
3,87 Gb Paging File | 2,62 Gb Available in Paging File | 67,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,08 Gb Free Space | 6,77% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069257E-90DB-46CC-AD7F-2BFE7AC1B5F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05227068-6A08-4316-A2D7-D7A04F82676A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06222656-B4D0-49D3-B4D1-2343CB0920D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10EFB7FD-AB03-470D-89D6-D5776B166471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B53B27A-4976-47E7-B2E4-E0347B12F16A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1CCF057E-938F-4D90-B16A-BB98A72D1360}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1E78E27E-D846-4B92-9657-332016EB9E4B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2097FD3C-4E4C-43A7-99E7-D4CA8BC52F74}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{223C0D9C-95FE-4073-A5D3-38C03FF6951A}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{3167D86C-3E8E-42D5-8E9F-9FA51E41A068}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F136B4D-5589-4196-9E29-7FB47843D4FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C2153C-09D2-4A0D-96B0-9533E2C6BA93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A19F530-0BC8-4857-B36D-EC6AD4953E12}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5FFBCD43-0D6A-442B-94D6-CEFA68E9A9F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{656BBC49-9850-4F28-B495-3EB2A290157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7193FA14-29E7-4D99-9315-D10FB55EB439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8322329A-CD77-418F-9FCA-F303F9D91218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94BD1C3E-6799-49C0-8B4D-8A099DC225C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{972D3314-66ED-4FCE-9A2C-B4D191718269}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{9930B255-5281-4372-94E1-D2C3025A4BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9FD10710-5394-45FD-B9CC-73ADE862B698}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0D0B8EC-FA64-4B1F-92AC-3A639549C444}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A42AEA22-D09B-44B0-8278-4FFE750D47F7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A4BD161A-F38A-4ED6-B792-1BF7D7DEDEFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B670C664-3B78-40B7-88C0-88123E364E93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7B8B123-3A08-4F59-B4FF-89C698AC657A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BAEE61E6-320D-4D16-B9D8-EBF8581AAD17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{BE7BF583-D34E-4277-86F3-836090B170CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF30ADD0-E0A8-422C-B526-3E34A15D3D36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0785E26-5396-43DC-A0D6-9C93BB9D7D84}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{D78ACF18-3598-42A8-8B72-9CEC47434250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D91314E5-644D-4882-B49F-D4958C6AEA8B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB38FE79-1F21-42E1-8267-B48DC1138063}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA1C0145-6CC3-4A81-B7D6-7855FAFCF54D}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025654E3-5D38-4F67-A3A8-7ED110155F37}" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{0380BDB5-6516-4E63-BC48-7865630F0843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05F20A42-1547-4391-BD14-011D4D61A4CC}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{089A5AEF-6D10-4DB0-A9F2-1FFE53816888}" = dir=in | app=%systemdrive%\aeriagames\wolfteam-de\launcher.exe | 
"{090323F6-FE54-4D44-A4DB-61F708E89737}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0CAF3922-1D8D-4057-9AE0-C3A6C96F4919}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E6E3494-7B5F-40AE-84A6-5EFBCB2AE654}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{0F95BBA0-88E4-4871-8BA3-A7B310AB0070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{120CDBAC-B3BD-441F-A05E-6848FC5F182F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1765FC7D-49C7-4E89-865F-AE6C596181BA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{17F13EDC-7778-4B4E-BE97-7DE672BC5538}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{183F9CF6-DE8C-4D9A-949B-013FABCF70BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{185F0AD5-83DE-4BCF-BE68-B82B7717557B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19A96713-590C-4A0C-A70E-D17E28685503}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{23003FB0-8077-4731-9678-7877E9A182E9}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{29B7E76A-5073-45DB-B0FE-4255AFAC492B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{2E97E206-B997-40A4-8C3C-0CB0E40F032D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32E4814E-1EDB-4016-840E-C78794C02549}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4840DFC3-F77E-4D44-9ED6-1F56C645F339}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{4A65AF7F-2DDD-41C0-A3F8-0886253001AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{547525BA-400B-4BA5-A3E3-EE00517E076C}" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{5C4A03D7-49F0-4B32-90BE-9607D066630C}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{5E6F5E77-CFDF-4C51-AD92-C91E38AFB469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66AA2F47-7616-40C8-ACD9-92E41AB0DE8E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6789D27C-915E-4CDF-9A34-78BE026A0F99}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6874B496-CD57-4F25-8AFF-6710AA350D5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69D5AAF0-241B-4088-9A74-9D98BC203104}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6C0DD9FE-8B5E-462E-AF66-2CFDF868A487}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{736CCCB1-86AC-41DE-8AD5-5EDBEE1B55BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7634F074-D599-41D4-AD9D-7C6D4E272700}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{768ABE14-EA16-4511-A8EC-97D6557FFEF5}" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"{7719D450-2941-4499-89AF-DD91FF3E902D}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7BADFE37-F390-49A7-9C64-26CDF296E112}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{7FC9F8CD-4F1A-4787-9A2E-2E68CC547135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{886D410B-A02B-4C11-A368-9AB6AE8049C7}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{88ECB880-AE92-45DC-9FDC-6AF5F7AF7ED3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{8AF3FD78-C4A1-4DD4-8D7D-2341EBA80B89}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9CA30882-D4D8-4720-97F8-F9EC22176A37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E06635E-E642-491E-B77F-1E8537D4992A}" = protocol=6 | dir=out | app=system | 
"{A0BD587A-09A4-4765-85AD-4EC416C3579F}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A916DC58-46EE-4D20-A879-9E4A917C5AC8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B102F585-3FE0-4974-A215-3E2D134DE82D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B4C8FC5B-BD64-4047-8E22-3286BDD5FFA8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B6FB7F8A-4676-40FF-9851-972B5F1D01B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BBBCCB9F-B759-4166-B45E-4EBD64185853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C0BF0474-1AEC-4088-BA3F-874B6E5798C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6E1118C-A165-4F00-9616-F4B50B2E5C12}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CDDBF54F-D657-4E00-B8CD-165A2E8CABBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D042D05F-FD7B-4D91-881D-66C4CC957878}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D2F30E98-8114-4A5D-B962-566214097687}" = protocol=58 | dir=in | app=system | 
"{DA02DB93-CF85-424F-A262-B3B9DE585B2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DCAF306D-0D05-4935-A380-73B3BCFF26D7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4C50F4A-24F1-45F8-B27A-CA9504580E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EB9F-DC03-4F86-AF28-AEA65D8B0864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8D20C2D-C64A-419D-88B2-C7AFA1C0E45B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{E9EEE8D6-B145-490F-B516-CD8A44CCE397}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EB5D55B8-20E2-403F-9D87-3A13B59DA61F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{EC97E060-535B-40C2-AD00-D60EAE827C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED667484-955F-4AA0-B67F-30B518078CA0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F106347E-CA10-4BBB-A20A-AC8E959BB205}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F5CBCB17-EBAF-49B2-A84E-4C01FF241E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F95D2D60-4541-45A4-8BB9-D2D00508E287}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{FAFE0C68-5B95-4DE7-AEC7-E1D20D8E69DD}" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"{FB5A9591-2BB6-46FB-BCA6-7434FE425DEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCB7D0B8-5F34-4948-833E-9B45CF2CF3DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FDB1C8DD-C7AC-4F38-8D66-503B1AB6F6DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{2A5E04D3-73C3-4AF4-AB72-CE6B84936E5F}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{3626A0BC-9750-40CB-B622-8B3EFDCC35A5}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"TCP Query User{3FD30BFE-B873-47AE-A2C4-ED9822C73B2B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{537DAC1C-D531-4859-84ED-7E2DBC82B6FB}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe | 
"TCP Query User{5E1D7A33-73D2-478D-ADF0-8D19EA4BCB71}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{64FE15A3-14AE-47B6-9A4B-A9843BE8BBA0}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{831A7BA3-DC6C-42EF-88D6-4DE960CA6C2F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{A7DBB73B-B4CB-4E93-B3F8-D4EA5064EB0A}C:\users\basti\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{AE81A896-6D47-4333-9D80-01A046F5C24D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{B3A88767-3F3F-4622-9536-C9F6EDEA9D45}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"TCP Query User{BA52955B-EB9C-4AB1-9900-A4704CC04CC8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DB593C26-D8F8-4629-A3FF-C16A47DB6817}C:\spiele\programme\css\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"TCP Query User{DDD69C25-4A44-46C0-992C-45DEA5ED4908}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{E8A99E44-48AF-4E81-8C7F-F925B1366ABB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EFC5D372-D944-47B1-9527-8A4ECA17C652}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2358BD88-2D9C-4652-9E97-2D18E7B7622C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{36337BF5-8077-43C8-ADF4-732C2CCD99E9}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"UDP Query User{43431553-75B1-4AC9-AE32-64F61C4E5C95}C:\spiele\programme\css\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"UDP Query User{6398126C-857B-488E-901C-A3BA3E4CA4B0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{821E7CF8-A5C9-4076-99E6-ABE5A0338603}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8E0BC373-3344-4DBA-91BD-3189477E79BF}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe | 
"UDP Query User{A8AFC65C-FAE5-4D78-BB7F-DFBEF1F9A03A}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"UDP Query User{B4785310-0B6C-4703-9067-951AE0F6DCA4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{B826BD87-C983-4A5B-BEA4-0E3599950E72}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C0D37E85-73D2-4D37-9F88-BADE680C7597}C:\users\basti\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\basti\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{E7822A89-FBE5-48C8-A542-48196857F582}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{ED25CF62-3C82-4221-98DD-7E430FAFEAF2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{F53CBDEC-82E9-43B1-B5F9-43EB7DE6DE97}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{FB8AB51B-D115-4188-A5E0-E0FDCB345E42}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{FBF59077-5771-4AD5-BF3B-F8255805689F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45759B87-8EE8-C51A-EEF4-CF5E4C1A7524}" = simfy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A424209-5DCF-4C45-9504-C138ED9CEBD2}" = S4 League_EU
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91D5756A-86DD-4E92-9F38-33743A081060}" = Sophos Free Encryption 2.40.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}" = FLV-Media-Player
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 3.0.5
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall
"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch
"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch
"Free Studio_is1" = Free Studio version 5.6.1.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"wmlite2_is1" = Windows Media Lite 2.3.0
"WolfTeam-DE" = WolfTeam-DE
"x-plugin-0" = x-plugin-0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 10:20:49 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000303a2  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cd60fbfc9179a4  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f1052bef-ccf5-11e1-933f-00183708c209
 
Error - 17.07.2012 10:46:59 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
 Version: 11.3.300.262, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00490fb1  ID des fehlerhaften Prozesses: 0xc94  Startzeit der fehlerhaften Anwendung:
 0x01cd6425cf1474c8  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
 42fa706b-d01e-11e1-a4e1-00183708c209
 
[ System Events ]
Error - 19.05.2012 15:37:24 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 19.05.2012 17:06:18 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:08 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:17 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:39:19 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:11:04 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:28:01 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:21:35 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:32:10 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 10:08:09 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

kira · 19.07.2012, 05:46

Frage nicht beantwortet:

Zitat:

Zitat von kira

3.
Hast Du absichtlich die IP so als Proxy eingestellt?

Code:

ATTFilter

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

Systemreinigung und Prüfung:

1.

Zitat:

FLVPlayer

Hinweis: Während der Installation versucht der "FLV Player" mehrere unnötige Programme mit aufzuspielen. Sie können dies verhindern, indem Sie das entsprechende Häkchen abwählen.

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
[2012.04.04 13:43:43 | 000,003,915 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\sweetim.xml
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
[2012.07.13 20:35:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job
[2012.07.13 20:35:39 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job

:Files
C:\Users\Basti\AppData\Roaming\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 5 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

4.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code:

ATTFilter

McAfee Security Scan Plus
vermutlich über Adobe (Flash Player) auf dem rechner gelandet!

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!) - zeitweise kontrollieren:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Bombär · 19.07.2012, 21:06

1. Frage hab ich weiter unten schon beantwortet:

Zitat:

3. Proxy ID: Wahrscheinlich Unabsichtlich, wie beschrieben ausgeführt

2. Fixen mit OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018 not found.
File C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\sweetim.xml not found.
File C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
File C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 not found.
File C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of not found.
File C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ not found.
File C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
File C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\autorun.inf not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd61264d0adff9.job not found.
========== FILES ==========
C:\Users\Basti\AppData\Roaming\Babylon\updates folder moved successfully.
C:\Users\Basti\AppData\Roaming\Babylon\Content\icons folder moved successfully.
C:\Users\Basti\AppData\Roaming\Babylon\Content folder moved successfully.
C:\Users\Basti\AppData\Roaming\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Basti\Desktop\cmd.bat deleted successfully.
C:\Users\Basti\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 14681209 bytes
->Temporary Internet Files folder emptied: 1587786 bytes
->Java cache emptied: 18388 bytes
->FireFox cache emptied: 54919021 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 652 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
RecycleBin emptied: 341098 bytes
 
Total Files Cleaned = 68,00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07192012_164856

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3-8: Ausgeführt

9. Erneuter Scan mit OTL:
OTL:

Code:

ATTFilter

OTL logfile created on: 19.07.2012 22:00:52 - Run 4
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 61,59% Memory free
3,87 Gb Paging File | 2,88 Gb Available in Paging File | 74,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,35 Gb Free Space | 6,95% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 21:49:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2012.06.30 16:08:27 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 12:02:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 12:02:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 21:49:12 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.30 16:08:27 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.02.12 11:37:50 | 000,633,696 | ---- | M] () -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 21:49:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.30 16:08:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.05.09 12:02:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 12:02:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 13:24:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2006.04.10 07:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Basti\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.minecraftwiki.net/wiki/Hauptseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 0D 0D DB B7 74 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.aol.de/|https://www.facebook.com/|hxxp://www.selb-live.de/"
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 21:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.19 16:58:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 21:49:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.19 16:58:55 | 000,000,000 | ---D | M]
 
[2011.09.16 23:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.07.15 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions
[2012.03.31 16:35:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.17 22:11:29 | 000,001,047 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\icqplugin.xml
[2012.06.22 17:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.16 18:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.31 17:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 21:49:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.16 14:16:36 | 000,643,584 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: x-plugin-0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Basti\AppData\Roaming\xplugin\toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX620FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8996426-DFFF-4E56-8478-3660C22AEEBE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 19:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.19 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.19 16:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.19 16:58:55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.19 16:58:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.19 16:58:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.19 16:58:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.13 16:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.13 16:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:29:44 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 16:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.12 03:04:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:04:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:04:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:04:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:04:24 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:04:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:04:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 03:01:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Diagnostics
[2012.07.11 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes
[2012.07.11 22:10:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 22:09:22 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.11 13:32:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 13:32:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 13:32:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.02 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Outlook-Dateien
[2012.06.30 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Macromedia
[2012.06.30 16:08:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 17:52:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 17:52:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 17:51:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 17:51:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 17:51:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 17:51:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 17:51:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Basti\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Basti\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 19:03:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 19:03:16 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 18:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.19 18:55:34 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.19 17:09:25 | 002,030,198 | ---- | M] () -- C:\Users\Basti\Documents\cc_20120719_170900.reg
[2012.07.19 16:58:32 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.19 16:58:32 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.13 16:31:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 16:29:55 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 15:52:45 | 000,088,480 | ---- | M] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | M] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.12 17:24:31 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:21:49 | 000,461,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 00:23:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.12 00:23:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.12 00:23:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.12 00:23:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 00:19:54 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.11 22:52:46 | 000,302,592 | ---- | M] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:20:01 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 22:09:27 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.06.30 16:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 16:08:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.30 16:08:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.22 17:43:10 | 000,278,561 | ---- | M] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.06.22 17:03:20 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.19 17:09:05 | 002,030,198 | ---- | C] () -- C:\Users\Basti\Documents\cc_20120719_170900.reg
[2012.07.13 16:31:23 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 15:52:40 | 000,088,480 | ---- | C] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | C] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.11 22:52:43 | 000,302,592 | ---- | C] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:19:47 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:08:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 17:43:10 | 000,278,561 | ---- | C] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.05.23 22:08:54 | 000,000,847 | ---- | C] () -- C:\Users\Basti\AppData\Local\recently-used.xbel
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.02.28 23:40:12 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.28 23:40:12 | 000,138,056 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2012.02.28 23:39:48 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.28 23:39:31 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.21 18:44:01 | 000,001,474 | ---- | C] () -- C:\Users\Basti\AppData\Local\RecConfig.xml
[2012.01.21 17:43:15 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.21 17:43:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8D9E624C39.sys
[2012.01.20 01:22:49 | 000,003,584 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.18 11:57:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.09.18 11:56:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Basti\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Basti\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2012.05.13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2011.10.01 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft
[2012.05.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ashampoo
[2011.12.11 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canneverbe Limited
[2012.07.19 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Degener
[2012.06.16 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2012.06.16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.02 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epson
[2012.04.22 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo
[2012.03.14 21:09:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2012.03.05 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Morou
[2011.11.22 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Notepad++
[2011.10.03 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.09.17 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ProtectDisc
[2012.04.04 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Rovio
[2011.11.17 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Simfy
[2012.03.10 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2012.04.04 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2012.02.09 07:55:10 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ulead Systems
[2012.07.13 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent
[2012.04.02 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\wargaming.net
[2012.02.20 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\X-Chat 2
[2011.10.03 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\xplugin
[2012.05.06 18:57:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Zeohf
[2012.01.15 22:28:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.13 11:13:09 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB714451-BB23-4180-8BF5-EB394E73814F}.job
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2012 22:00:52 - Run 4
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 61,59% Memory free
3,87 Gb Paging File | 2,88 Gb Available in Paging File | 74,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,35 Gb Free Space | 6,95% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069257E-90DB-46CC-AD7F-2BFE7AC1B5F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05227068-6A08-4316-A2D7-D7A04F82676A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06222656-B4D0-49D3-B4D1-2343CB0920D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10EFB7FD-AB03-470D-89D6-D5776B166471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B53B27A-4976-47E7-B2E4-E0347B12F16A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1CCF057E-938F-4D90-B16A-BB98A72D1360}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1E78E27E-D846-4B92-9657-332016EB9E4B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2097FD3C-4E4C-43A7-99E7-D4CA8BC52F74}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{223C0D9C-95FE-4073-A5D3-38C03FF6951A}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{3167D86C-3E8E-42D5-8E9F-9FA51E41A068}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F136B4D-5589-4196-9E29-7FB47843D4FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C2153C-09D2-4A0D-96B0-9533E2C6BA93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A19F530-0BC8-4857-B36D-EC6AD4953E12}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5FFBCD43-0D6A-442B-94D6-CEFA68E9A9F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{656BBC49-9850-4F28-B495-3EB2A290157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7193FA14-29E7-4D99-9315-D10FB55EB439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8322329A-CD77-418F-9FCA-F303F9D91218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94BD1C3E-6799-49C0-8B4D-8A099DC225C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{972D3314-66ED-4FCE-9A2C-B4D191718269}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{9930B255-5281-4372-94E1-D2C3025A4BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9FD10710-5394-45FD-B9CC-73ADE862B698}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0D0B8EC-FA64-4B1F-92AC-3A639549C444}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A42AEA22-D09B-44B0-8278-4FFE750D47F7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A4BD161A-F38A-4ED6-B792-1BF7D7DEDEFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B670C664-3B78-40B7-88C0-88123E364E93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7B8B123-3A08-4F59-B4FF-89C698AC657A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BAEE61E6-320D-4D16-B9D8-EBF8581AAD17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{BE7BF583-D34E-4277-86F3-836090B170CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF30ADD0-E0A8-422C-B526-3E34A15D3D36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0785E26-5396-43DC-A0D6-9C93BB9D7D84}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{D78ACF18-3598-42A8-8B72-9CEC47434250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D91314E5-644D-4882-B49F-D4958C6AEA8B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB38FE79-1F21-42E1-8267-B48DC1138063}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA1C0145-6CC3-4A81-B7D6-7855FAFCF54D}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025654E3-5D38-4F67-A3A8-7ED110155F37}" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{0380BDB5-6516-4E63-BC48-7865630F0843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05F20A42-1547-4391-BD14-011D4D61A4CC}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{089A5AEF-6D10-4DB0-A9F2-1FFE53816888}" = dir=in | app=%systemdrive%\aeriagames\wolfteam-de\launcher.exe | 
"{090323F6-FE54-4D44-A4DB-61F708E89737}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0CAF3922-1D8D-4057-9AE0-C3A6C96F4919}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E6E3494-7B5F-40AE-84A6-5EFBCB2AE654}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{0F95BBA0-88E4-4871-8BA3-A7B310AB0070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{120CDBAC-B3BD-441F-A05E-6848FC5F182F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1765FC7D-49C7-4E89-865F-AE6C596181BA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{17F13EDC-7778-4B4E-BE97-7DE672BC5538}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{183F9CF6-DE8C-4D9A-949B-013FABCF70BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{185F0AD5-83DE-4BCF-BE68-B82B7717557B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19A96713-590C-4A0C-A70E-D17E28685503}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{23003FB0-8077-4731-9678-7877E9A182E9}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{29B7E76A-5073-45DB-B0FE-4255AFAC492B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{2E97E206-B997-40A4-8C3C-0CB0E40F032D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32E4814E-1EDB-4016-840E-C78794C02549}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4A65AF7F-2DDD-41C0-A3F8-0886253001AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{547525BA-400B-4BA5-A3E3-EE00517E076C}" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{5C4A03D7-49F0-4B32-90BE-9607D066630C}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{5E6F5E77-CFDF-4C51-AD92-C91E38AFB469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66AA2F47-7616-40C8-ACD9-92E41AB0DE8E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6789D27C-915E-4CDF-9A34-78BE026A0F99}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6874B496-CD57-4F25-8AFF-6710AA350D5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69D5AAF0-241B-4088-9A74-9D98BC203104}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{736CCCB1-86AC-41DE-8AD5-5EDBEE1B55BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7634F074-D599-41D4-AD9D-7C6D4E272700}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{7719D450-2941-4499-89AF-DD91FF3E902D}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7BADFE37-F390-49A7-9C64-26CDF296E112}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{7FC9F8CD-4F1A-4787-9A2E-2E68CC547135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{886D410B-A02B-4C11-A368-9AB6AE8049C7}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{88ECB880-AE92-45DC-9FDC-6AF5F7AF7ED3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{8AF3FD78-C4A1-4DD4-8D7D-2341EBA80B89}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9CA30882-D4D8-4720-97F8-F9EC22176A37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E06635E-E642-491E-B77F-1E8537D4992A}" = protocol=6 | dir=out | app=system | 
"{A0BD587A-09A4-4765-85AD-4EC416C3579F}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A916DC58-46EE-4D20-A879-9E4A917C5AC8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B102F585-3FE0-4974-A215-3E2D134DE82D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B4C8FC5B-BD64-4047-8E22-3286BDD5FFA8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B6FB7F8A-4676-40FF-9851-972B5F1D01B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BBBCCB9F-B759-4166-B45E-4EBD64185853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C0BF0474-1AEC-4088-BA3F-874B6E5798C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6E1118C-A165-4F00-9616-F4B50B2E5C12}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CDDBF54F-D657-4E00-B8CD-165A2E8CABBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D042D05F-FD7B-4D91-881D-66C4CC957878}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D2F30E98-8114-4A5D-B962-566214097687}" = protocol=58 | dir=in | app=system | 
"{DA02DB93-CF85-424F-A262-B3B9DE585B2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DCAF306D-0D05-4935-A380-73B3BCFF26D7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4C50F4A-24F1-45F8-B27A-CA9504580E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EB9F-DC03-4F86-AF28-AEA65D8B0864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8D20C2D-C64A-419D-88B2-C7AFA1C0E45B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{E9EEE8D6-B145-490F-B516-CD8A44CCE397}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EB5D55B8-20E2-403F-9D87-3A13B59DA61F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{EC97E060-535B-40C2-AD00-D60EAE827C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED667484-955F-4AA0-B67F-30B518078CA0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F106347E-CA10-4BBB-A20A-AC8E959BB205}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F5CBCB17-EBAF-49B2-A84E-4C01FF241E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F95D2D60-4541-45A4-8BB9-D2D00508E287}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{FB5A9591-2BB6-46FB-BCA6-7434FE425DEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCB7D0B8-5F34-4948-833E-9B45CF2CF3DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FDB1C8DD-C7AC-4F38-8D66-503B1AB6F6DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{2A5E04D3-73C3-4AF4-AB72-CE6B84936E5F}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{3626A0BC-9750-40CB-B622-8B3EFDCC35A5}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"TCP Query User{3FD30BFE-B873-47AE-A2C4-ED9822C73B2B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{537DAC1C-D531-4859-84ED-7E2DBC82B6FB}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe | 
"TCP Query User{831A7BA3-DC6C-42EF-88D6-4DE960CA6C2F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{AE81A896-6D47-4333-9D80-01A046F5C24D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{B3A88767-3F3F-4622-9536-C9F6EDEA9D45}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"TCP Query User{BA52955B-EB9C-4AB1-9900-A4704CC04CC8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DB593C26-D8F8-4629-A3FF-C16A47DB6817}C:\spiele\programme\css\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"TCP Query User{DDD69C25-4A44-46C0-992C-45DEA5ED4908}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{E8A99E44-48AF-4E81-8C7F-F925B1366ABB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EFC5D372-D944-47B1-9527-8A4ECA17C652}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2358BD88-2D9C-4652-9E97-2D18E7B7622C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{36337BF5-8077-43C8-ADF4-732C2CCD99E9}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"UDP Query User{43431553-75B1-4AC9-AE32-64F61C4E5C95}C:\spiele\programme\css\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"UDP Query User{6398126C-857B-488E-901C-A3BA3E4CA4B0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{821E7CF8-A5C9-4076-99E6-ABE5A0338603}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8E0BC373-3344-4DBA-91BD-3189477E79BF}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe | 
"UDP Query User{A8AFC65C-FAE5-4D78-BB7F-DFBEF1F9A03A}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"UDP Query User{B4785310-0B6C-4703-9067-951AE0F6DCA4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{E7822A89-FBE5-48C8-A542-48196857F582}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{ED25CF62-3C82-4221-98DD-7E430FAFEAF2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{FB8AB51B-D115-4188-A5E0-E0FDCB345E42}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{FBF59077-5771-4AD5-BF3B-F8255805689F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45759B87-8EE8-C51A-EEF4-CF5E4C1A7524}" = simfy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A424209-5DCF-4C45-9504-C138ED9CEBD2}" = S4 League_EU
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91D5756A-86DD-4E92-9F38-33743A081060}" = Sophos Free Encryption 2.40.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}" = FLV-Media-Player
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 3.0.5
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall
"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch
"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch
"Free Studio_is1" = Free Studio version 5.6.1.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"wmlite2_is1" = Windows Media Lite 2.3.0
"WolfTeam-DE" = WolfTeam-DE
"x-plugin-0" = x-plugin-0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 10:20:49 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000303a2  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cd60fbfc9179a4  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f1052bef-ccf5-11e1-933f-00183708c209
 
Error - 17.07.2012 10:46:59 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
 Version: 11.3.300.262, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00490fb1  ID des fehlerhaften Prozesses: 0xc94  Startzeit der fehlerhaften Anwendung:
 0x01cd6425cf1474c8  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
 42fa706b-d01e-11e1-a4e1-00183708c209
 
[ System Events ]
Error - 19.05.2012 15:37:24 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 19.05.2012 17:06:18 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:08 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:17 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:39:19 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:11:04 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:28:01 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:21:35 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:32:10 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 10:08:09 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

Liebe Grüße

kira · 20.07.2012, 06:33

7. und 8. schon erledigt? Scanergebnis?

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
FF - prefs.js..browser.startup.homepage: "http://www.aol.de/|https://www.facebook.com/|http://www.selb-live.de/"
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Bombär · 20.07.2012, 13:42

Als Scanergebnis wurden 8 Funde angezeigt. Bei Beenden des Programms wurde dieses selbst deinstalliert sowie die Funde gelöscht. Brauchst du den Bericht dazu? Weil ich weiß grad net wo der dann abgespeichert wurde

Fixen mit OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.aol.de/|https://www.facebook.com/|hxxp://www.selb-live.de/" removed from browser.startup.homepage
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018 not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\autorun.inf moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Basti\Desktop\cmd.bat deleted successfully.
C:\Users\Basti\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Basti
->Temp folder emptied: 2424114 bytes
->Temporary Internet Files folder emptied: 496941 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54839293 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 55,00 mb
 
 
OTL by OldTimer - Version 3.2.53.1 log created on 07202012_142830

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Erneuter Scan mit OTL:
OTL:

Code:

ATTFilter

OTL logfile created on: 20.07.2012 14:32:10 - Run 5
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 62,90% Memory free
3,87 Gb Paging File | 3,08 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,41 Gb Free Space | 6,98% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 21:49:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
PRC - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 12:02:17 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 12:02:17 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.15 10:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.10.15 10:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.19 21:49:12 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.19 21:49:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.30 16:08:27 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.09 12:02:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 12:02:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.24 22:55:00 | 004,066,168 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.24 23:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva396.sys -- (XDva396)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva392.sys -- (XDva392)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012.05.09 12:02:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 12:02:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.22 13:24:29 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.15 10:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 00:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2006.04.10 07:02:17 | 000,162,816 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RT25USBAP.SYS -- (RT25USBAP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Basti\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.minecraftwiki.net/wiki/Hauptseite
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F 0D 0D DB B7 74 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 21:49:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.19 16:58:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 21:49:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.19 16:58:55 | 000,000,000 | ---D | M]
 
[2011.09.16 23:44:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Extensions
[2012.07.15 19:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions
[2012.03.31 16:35:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Basti\AppData\Roaming\mozilla\Firefox\Profiles\ikzjzmkm.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.17 22:11:29 | 000,001,047 | ---- | M] () -- C:\Users\Basti\AppData\Roaming\Mozilla\Firefox\Profiles\ikzjzmkm.default\searchplugins\icqplugin.xml
[2012.06.22 17:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.09.16 18:31:53 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.31 17:16:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.19 21:49:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.16 14:16:36 | 000,643,584 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: x-plugin-0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Basti\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (xplugin) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - C:\Users\Basti\AppData\Roaming\xplugin\toolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Epson Stylus SX620FW(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGBE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8996426-DFFF-4E56-8478-3660C22AEEBE}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.19 16:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.19 16:58:55 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.19 16:58:55 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.19 16:58:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.19 16:58:45 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.13 16:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.07.13 16:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.07.13 16:29:44 | 003,889,704 | ---- | C] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 16:20:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.12 03:04:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.12 03:04:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.12 03:04:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.12 03:04:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.12 03:04:24 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.12 03:04:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.12 03:04:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.12 03:01:44 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 23:26:01 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Diagnostics
[2012.07.11 22:10:28 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Roaming\Malwarebytes
[2012.07.11 22:10:21 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.11 22:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.11 22:09:22 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.11 13:32:15 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.07.11 13:32:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012.07.11 13:32:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2012.07.02 14:48:02 | 000,000,000 | ---D | C] -- C:\Users\Basti\Documents\Outlook-Dateien
[2012.06.30 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Basti\AppData\Local\Macromedia
[2012.06.30 16:08:27 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.23 17:52:09 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.23 17:52:09 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.23 17:51:52 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.23 17:51:52 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.23 17:51:52 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.23 17:51:24 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.23 17:51:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Basti\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Basti\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Basti\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.20 14:30:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.20 14:30:32 | 1559,093,248 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 14:05:04 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.20 14:05:04 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.19 17:09:25 | 002,030,198 | ---- | M] () -- C:\Users\Basti\Documents\cc_20120719_170900.reg
[2012.07.19 16:58:32 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.19 16:58:32 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.13 16:31:23 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 16:29:55 | 003,889,704 | ---- | M] (Piriform Ltd) -- C:\Users\Basti\Desktop\ccsetup320.exe
[2012.07.13 15:52:45 | 000,088,480 | ---- | M] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | M] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.12 17:24:31 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.07.12 03:21:49 | 000,461,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.12 00:23:53 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.12 00:23:53 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.12 00:23:53 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.12 00:23:53 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.12 00:19:54 | 000,003,350 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.07.11 22:52:46 | 000,302,592 | ---- | M] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | M] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:20:01 | 000,050,477 | ---- | M] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.11 22:09:27 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Basti\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.11 22:07:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Basti\Desktop\OTL.exe
[2012.07.05 22:06:48 | 000,227,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.05 22:06:30 | 000,772,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.05 22:06:20 | 000,687,544 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.06.30 16:08:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 16:08:27 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.30 16:08:27 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.22 17:43:10 | 000,278,561 | ---- | M] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.06.22 17:03:20 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.19 17:09:05 | 002,030,198 | ---- | C] () -- C:\Users\Basti\Documents\cc_20120719_170900.reg
[2012.07.13 16:31:23 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.07.13 15:52:40 | 000,088,480 | ---- | C] () -- C:\Users\Basti\Desktop\556967_497939223565400_1147794685_n.jpg
[2012.07.12 22:38:29 | 000,030,020 | ---- | C] () -- C:\Users\Basti\Desktop\Dateien.zip
[2012.07.11 22:52:43 | 000,302,592 | ---- | C] () -- C:\Users\Basti\Desktop\1h6tgx1w.exe
[2012.07.11 22:20:59 | 000,000,000 | ---- | C] () -- C:\Users\Basti\defogger_reenable
[2012.07.11 22:19:47 | 000,050,477 | ---- | C] () -- C:\Users\Basti\Desktop\Defogger.exe
[2012.07.11 22:10:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.30 16:08:28 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.22 17:43:10 | 000,278,561 | ---- | C] () -- C:\Users\Basti\Desktop\Minecraft.exe
[2012.05.23 22:08:54 | 000,000,847 | ---- | C] () -- C:\Users\Basti\AppData\Local\recently-used.xbel
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2012.03.08 21:42:14 | 000,000,164 | ---- | C] () -- C:\ProgramData\{5CAFA1B7-9EEF-4cc7-B9F7-9DDB3DAA679E}
[2012.02.28 23:40:12 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.28 23:40:12 | 000,138,056 | ---- | C] () -- C:\Users\Basti\AppData\Roaming\PnkBstrK.sys
[2012.02.28 23:39:48 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.28 23:39:31 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.21 18:44:01 | 000,001,474 | ---- | C] () -- C:\Users\Basti\AppData\Local\RecConfig.xml
[2012.01.21 17:43:15 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.21 17:43:15 | 000,000,008 | RHS- | C] () -- C:\ProgramData\8D9E624C39.sys
[2012.01.20 01:22:49 | 000,003,584 | ---- | C] () -- C:\Users\Basti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.18 11:57:58 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.09.18 11:56:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Basti\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Basti\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Basti\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2012.05.13 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\.minecraft
[2011.10.01 19:08:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\AnvSoft
[2012.05.06 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ashampoo
[2011.12.11 12:09:03 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Canneverbe Limited
[2012.07.19 17:07:42 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DAEMON Tools Lite
[2012.03.08 21:41:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Degener
[2012.06.16 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoft
[2012.06.16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.02 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Epson
[2012.04.22 13:25:05 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\GetRightToGo
[2012.03.14 21:09:45 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ICQ
[2012.03.05 20:00:56 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Morou
[2011.11.22 00:05:59 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Notepad++
[2011.10.03 23:43:38 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\OpenOffice.org
[2011.09.17 13:31:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\ProtectDisc
[2012.04.04 20:55:46 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Rovio
[2011.11.17 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Simfy
[2012.03.10 16:21:48 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\TeamViewer
[2012.04.04 16:42:37 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ubisoft
[2012.02.09 07:55:10 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Ulead Systems
[2012.07.13 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\uTorrent
[2012.04.02 23:48:02 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\wargaming.net
[2012.02.20 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\X-Chat 2
[2011.10.03 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\xplugin
[2012.05.06 18:57:55 | 000,000,000 | ---D | M] -- C:\Users\Basti\AppData\Roaming\Zeohf
[2012.01.15 22:28:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.05.13 11:13:09 | 000,000,278 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BB714451-BB23-4180-8BF5-EB394E73814F}.job
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 20.07.2012 14:32:10 - Run 5
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Basti\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 62,90% Memory free
3,87 Gb Paging File | 3,08 Gb Available in Paging File | 79,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 10,41 Gb Free Space | 6,98% Space Free | Partition Type: NTFS
Drive D: | 4,38 Gb Total Space | 3,51 Gb Free Space | 80,08% Space Free | Partition Type: UDF
 
Computer Name: BASTI-PC | User Name: Basti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069257E-90DB-46CC-AD7F-2BFE7AC1B5F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05227068-6A08-4316-A2D7-D7A04F82676A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{06222656-B4D0-49D3-B4D1-2343CB0920D6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{10EFB7FD-AB03-470D-89D6-D5776B166471}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1B53B27A-4976-47E7-B2E4-E0347B12F16A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1CCF057E-938F-4D90-B16A-BB98A72D1360}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{1E78E27E-D846-4B92-9657-332016EB9E4B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2097FD3C-4E4C-43A7-99E7-D4CA8BC52F74}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{223C0D9C-95FE-4073-A5D3-38C03FF6951A}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{3167D86C-3E8E-42D5-8E9F-9FA51E41A068}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F136B4D-5589-4196-9E29-7FB47843D4FA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51C2153C-09D2-4A0D-96B0-9533E2C6BA93}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A19F530-0BC8-4857-B36D-EC6AD4953E12}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5FFBCD43-0D6A-442B-94D6-CEFA68E9A9F1}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{656BBC49-9850-4F28-B495-3EB2A290157F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7193FA14-29E7-4D99-9315-D10FB55EB439}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8322329A-CD77-418F-9FCA-F303F9D91218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{94BD1C3E-6799-49C0-8B4D-8A099DC225C8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{972D3314-66ED-4FCE-9A2C-B4D191718269}" = lport=58190 | protocol=6 | dir=in | name=pando media booster | 
"{9930B255-5281-4372-94E1-D2C3025A4BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9FD10710-5394-45FD-B9CC-73ADE862B698}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A0D0B8EC-FA64-4B1F-92AC-3A639549C444}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A42AEA22-D09B-44B0-8278-4FFE750D47F7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A4BD161A-F38A-4ED6-B792-1BF7D7DEDEFB}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B670C664-3B78-40B7-88C0-88123E364E93}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B7B8B123-3A08-4F59-B4FF-89C698AC657A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BAEE61E6-320D-4D16-B9D8-EBF8581AAD17}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{BE7BF583-D34E-4277-86F3-836090B170CA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BF30ADD0-E0A8-422C-B526-3E34A15D3D36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C0785E26-5396-43DC-A0D6-9C93BB9D7D84}" = lport=58190 | protocol=17 | dir=in | name=pando media booster | 
"{D78ACF18-3598-42A8-8B72-9CEC47434250}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D91314E5-644D-4882-B49F-D4958C6AEA8B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DB38FE79-1F21-42E1-8267-B48DC1138063}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA1C0145-6CC3-4A81-B7D6-7855FAFCF54D}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{025654E3-5D38-4F67-A3A8-7ED110155F37}" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{0380BDB5-6516-4E63-BC48-7865630F0843}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{05F20A42-1547-4391-BD14-011D4D61A4CC}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{089A5AEF-6D10-4DB0-A9F2-1FFE53816888}" = dir=in | app=%systemdrive%\aeriagames\wolfteam-de\launcher.exe | 
"{090323F6-FE54-4D44-A4DB-61F708E89737}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0CAF3922-1D8D-4057-9AE0-C3A6C96F4919}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{0E6E3494-7B5F-40AE-84A6-5EFBCB2AE654}" = protocol=6 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{0F95BBA0-88E4-4871-8BA3-A7B310AB0070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{120CDBAC-B3BD-441F-A05E-6848FC5F182F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1765FC7D-49C7-4E89-865F-AE6C596181BA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{17F13EDC-7778-4B4E-BE97-7DE672BC5538}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{183F9CF6-DE8C-4D9A-949B-013FABCF70BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{185F0AD5-83DE-4BCF-BE68-B82B7717557B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19A96713-590C-4A0C-A70E-D17E28685503}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{23003FB0-8077-4731-9678-7877E9A182E9}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{29B7E76A-5073-45DB-B0FE-4255AFAC492B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{2E97E206-B997-40A4-8C3C-0CB0E40F032D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{32E4814E-1EDB-4016-840E-C78794C02549}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4A65AF7F-2DDD-41C0-A3F8-0886253001AA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{547525BA-400B-4BA5-A3E3-EE00517E076C}" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"{5C4A03D7-49F0-4B32-90BE-9607D066630C}" = protocol=17 | dir=in | app=c:\program files\wificonnector\nintendowfcreg.exe | 
"{5E6F5E77-CFDF-4C51-AD92-C91E38AFB469}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{66AA2F47-7616-40C8-ACD9-92E41AB0DE8E}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6789D27C-915E-4CDF-9A34-78BE026A0F99}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{6874B496-CD57-4F25-8AFF-6710AA350D5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{69D5AAF0-241B-4088-9A74-9D98BC203104}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{736CCCB1-86AC-41DE-8AD5-5EDBEE1B55BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7634F074-D599-41D4-AD9D-7C6D4E272700}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{7719D450-2941-4499-89AF-DD91FF3E902D}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7BADFE37-F390-49A7-9C64-26CDF296E112}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{7FC9F8CD-4F1A-4787-9A2E-2E68CC547135}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{886D410B-A02B-4C11-A368-9AB6AE8049C7}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{88ECB880-AE92-45DC-9FDC-6AF5F7AF7ED3}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe | 
"{8AF3FD78-C4A1-4DD4-8D7D-2341EBA80B89}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9CA30882-D4D8-4720-97F8-F9EC22176A37}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9E06635E-E642-491E-B77F-1E8537D4992A}" = protocol=6 | dir=out | app=system | 
"{A0BD587A-09A4-4765-85AD-4EC416C3579F}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{A916DC58-46EE-4D20-A879-9E4A917C5AC8}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{B102F585-3FE0-4974-A215-3E2D134DE82D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B4C8FC5B-BD64-4047-8E22-3286BDD5FFA8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{B6FB7F8A-4676-40FF-9851-972B5F1D01B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BBBCCB9F-B759-4166-B45E-4EBD64185853}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C0BF0474-1AEC-4088-BA3F-874B6E5798C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C6E1118C-A165-4F00-9616-F4B50B2E5C12}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CDDBF54F-D657-4E00-B8CD-165A2E8CABBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D042D05F-FD7B-4D91-881D-66C4CC957878}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{D2F30E98-8114-4A5D-B962-566214097687}" = protocol=58 | dir=in | app=system | 
"{DA02DB93-CF85-424F-A262-B3B9DE585B2A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DCAF306D-0D05-4935-A380-73B3BCFF26D7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E4C50F4A-24F1-45F8-B27A-CA9504580E14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E783EB9F-DC03-4F86-AF28-AEA65D8B0864}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E8D20C2D-C64A-419D-88B2-C7AFA1C0E45B}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{E9EEE8D6-B145-490F-B516-CD8A44CCE397}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{EB5D55B8-20E2-403F-9D87-3A13B59DA61F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{EC97E060-535B-40C2-AD00-D60EAE827C4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ED667484-955F-4AA0-B67F-30B518078CA0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F106347E-CA10-4BBB-A20A-AC8E959BB205}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F5CBCB17-EBAF-49B2-A84E-4C01FF241E5A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{F95D2D60-4541-45A4-8BB9-D2D00508E287}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{FB5A9591-2BB6-46FB-BCA6-7434FE425DEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCB7D0B8-5F34-4948-833E-9B45CF2CF3DB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FDB1C8DD-C7AC-4F38-8D66-503B1AB6F6DB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"TCP Query User{2A5E04D3-73C3-4AF4-AB72-CE6B84936E5F}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{3626A0BC-9750-40CB-B622-8B3EFDCC35A5}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"TCP Query User{3FD30BFE-B873-47AE-A2C4-ED9822C73B2B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{537DAC1C-D531-4859-84ED-7E2DBC82B6FB}C:\program files\xchat\xchat.exe" = protocol=6 | dir=in | app=c:\program files\xchat\xchat.exe | 
"TCP Query User{831A7BA3-DC6C-42EF-88D6-4DE960CA6C2F}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{AE81A896-6D47-4333-9D80-01A046F5C24D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{B3A88767-3F3F-4622-9536-C9F6EDEA9D45}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"TCP Query User{BA52955B-EB9C-4AB1-9900-A4704CC04CC8}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{DB593C26-D8F8-4629-A3FF-C16A47DB6817}C:\spiele\programme\css\hl2.exe" = protocol=6 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"TCP Query User{DDD69C25-4A44-46C0-992C-45DEA5ED4908}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{E8A99E44-48AF-4E81-8C7F-F925B1366ABB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{EFC5D372-D944-47B1-9527-8A4ECA17C652}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{2358BD88-2D9C-4652-9E97-2D18E7B7622C}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{36337BF5-8077-43C8-ADF4-732C2CCD99E9}C:\program files\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of mythology\aom.exe | 
"UDP Query User{43431553-75B1-4AC9-AE32-64F61C4E5C95}C:\spiele\programme\css\hl2.exe" = protocol=17 | dir=in | app=c:\spiele\programme\css\hl2.exe | 
"UDP Query User{6398126C-857B-488E-901C-A3BA3E4CA4B0}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{821E7CF8-A5C9-4076-99E6-ABE5A0338603}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{8E0BC373-3344-4DBA-91BD-3189477E79BF}C:\program files\xchat\xchat.exe" = protocol=17 | dir=in | app=c:\program files\xchat\xchat.exe | 
"UDP Query User{A8AFC65C-FAE5-4D78-BB7F-DFBEF1F9A03A}C:\spiele\programme\cod 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\spiele\programme\cod 2\cod2mp_s.exe | 
"UDP Query User{B4785310-0B6C-4703-9067-951AE0F6DCA4}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{E7822A89-FBE5-48C8-A542-48196857F582}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{ED25CF62-3C82-4221-98DD-7E430FAFEAF2}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{FB8AB51B-D115-4188-A5E0-E0FDCB345E42}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{FBF59077-5771-4AD5-BF3B-F8255805689F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45759B87-8EE8-C51A-EEF4-CF5E4C1A7524}" = simfy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A424209-5DCF-4C45-9504-C138ED9CEBD2}" = S4 League_EU
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91D5756A-86DD-4E92-9F38-33743A081060}" = Sophos Free Encryption 2.40.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA56BFBE-E1D1-435D-A805-52A7F788D057}_is1" = CLICK & LEARN DiDi 360° 3.1
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}" = FLV-Media-Player
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F8428B4D-E324-4F5C-9CC7-E88B53CD765E}" = ContentHD
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 3.0.5
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall
"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch
"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch
"Free Studio_is1" = Free Studio version 5.6.1.608
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Simfy" = simfy
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"WiFiConnector" = Registrierungsprogramm für den Nintendo Wi-Fi USB Connector
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"wmlite2_is1" = Windows Media Lite 2.3.0
"WolfTeam-DE" = WolfTeam-DE
"x-plugin-0" = x-plugin-0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.07.2012 10:20:49 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000303a2  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cd60fbfc9179a4  Pfad der
 fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f1052bef-ccf5-11e1-933f-00183708c209
 
Error - 17.07.2012 10:46:59 | Computer Name = Basti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_262.exe,
 Version: 11.3.300.262, Zeitstempel: 0x4fe20fae  Name des fehlerhaften Moduls: NPSWF32_11_3_300_262.dll,
 Version: 11.3.300.262, Zeitstempel: 0x4fe21212  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00490fb1  ID des fehlerhaften Prozesses: 0xc94  Startzeit der fehlerhaften Anwendung:
 0x01cd6425cf1474c8  Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
Berichtskennung:
 42fa706b-d01e-11e1-a4e1-00183708c209
 
[ System Events ]
Error - 19.05.2012 15:37:24 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 19.05.2012 17:06:18 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:08 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:37:17 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 05:39:19 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:11:04 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 06:28:01 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:21:35 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 09:32:10 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 20.05.2012 10:08:09 | Computer Name = Basti-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >

Probleme treten keine mehr auf, der Computer läuft wieder wie gewohnt

kira · 21.07.2012, 08:21

** Lass dein System in der nächste Zeit noch unter Beobachtung!

1.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript (unverändert inkl. :OTL, also - nach dem "Code", alles was in der Codebox steht - ):

Code:

ATTFilter

:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Basti\AppData\Roaming\10018
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.12 15:48:16 | 000,000,175 | ---- | M] () - D:\autorun.inf -- [ UDF ]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Zitat:

Achtung Mitleser!:
Jedes einzelne OTL-Script wird individuell auf den Benutzer abgestimmt! Diese Anleitung gilt nur auf dem hier betroffenen Rechner. Anwendung bei anderen Maschinen oder Nutzung von "selbst erstellte Scriptkombination" kann zu ernsthaften Schäden führen!

2.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:

Code:

ATTFilter

CCleaner

- Zeitweise laufen lassen:-> Anleitung

3.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.

Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
Speichere es auf Deinem Desktop.
Doppelklick auf OTL.exe um das Programm auszuführen.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Klicke auf den Button "Bereinigung"
OTL fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.

Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

4.
Windows legt beispielsweise regelmäßig Schattenkopien an (mindestens einmal täglich), die im Notfall zur Wiederherstellung des Systems und zum Zugriff auf ältere Dateiversionen dienen. Diese Funktion belegt sehr viel Speicherplatz. Standardmäßig beträgt der für Schattenkopien reservierte Speicherplatz 15 % der Volumegröße, so dass die Systemleistung auch beeinträchtigt wird. Außerdem gelöschte und ev. schädliche Objekte, die in der Systemwiederherstellung sitzen, müssen auch entfernt werden:
Also mach bitte folgendes:

*Systemwiederherstellung deaktivieren: Windows 7 und Vista*
PC runterfahren
wieder einschalten
Systemwiederherstellung aktivieren

also zuerst deaktivieren-> dann aktivieren - also am Ende soll wieder "aktiviert" sein!

5.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

6.
► Schaue bitte nach, ob für Windows neue Update gibt?!:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!

Lesestoff Nr.1:
Gib Kriminellen Handlungen keine Chance!

Zitat:

Sichere regelmäßig deine Daten (Bilder Musik, Dokumente, Mails (als Textdatei), im Browser Lesezeichen usw) auf CD/DVD, USB-Sticks oder externe Festplatten! Am besten 2x an verschiedenen Orten sichern!

Wie erstelle ich ein eingeschränktes Benutzerkonto?
Software immer auf dem neuesten Stand halten!:
ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox
Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
- Unbekannten E-Mail-Anhang NICHT öffnen!
- Mails besonders mit Anhang, nicht anklicken, sondern als Text oder in Druckversion anzeigen lassen
Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)
Die fünf häufigsten Passwort-Fehler

"Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Während der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
so wird oft Art von Adware/Spyware mitinstalliert!

NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!

Programme und Treiber:
Nur vom Hersteller!

Onlinebanking:
Gib deine Passwörter niemals preis!
Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.

Computer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab

Wichtige Daten Regelmäßig sichern! - aber denk daran: dein Hauptsystem ist doch kein Lagerhalle!

Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
Webseiten ohne Gültiges Impressum nicht besuchen
- Externe Geräte (Festplatte USB-Stick) nicht ständig am PC anschließen, sondern nur kurzfristig während Du etwas sichern möchtest
Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörse.
► Ausserdem machst Du dich damit strafbar!
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
Virenscanner
BSI für Bürger
SETI@home - [Sicherheit] Sicherheitskonzept

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!

Zitat:

Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -

Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:

Verlauf, Cache und Cookies: Spuren beseitigen nach dem Surfen
hier nachlesen und hier microsoft.com
Wenn dein System reibungslos läuft, kannst zeitweise die alte Wiederherstellungspunkte entfernen: -> Alle Systemwiederherstellungspunkte bis auf den Letzten löschen
Oft den PC zu optimieren nütz wenig, der braucht jetzt eine Radikalkur (nach ca. 3-4 jahren, aber hängt von der Häufigkeit der Nutzung bzw Belastung ab): Anleitung: Neuaufsetzen des Systems + Absicherung
Staub, Fingerabdrücke, Handschweiß – PC und Peripherie sehen mit der Zeit ganz schön eklig aus, ausserdem laut, reagiert langsam und wird schnell heiß:
-> Frühjahrsputz für den PC: Tipps zur Reinigung und Entrümpelung

wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Bombär · 21.07.2012, 17:05

So, ein letztes mal Gefixt mit OTL, brauchst du des Protokoll jetzt noch?
Alles andere hab ich ausgeführt und die Tipps die du mir mit deinem Post gibst werd ich mir zu Herzen nehmen

Vielen Vielen Dank für die stets schnelle und ausführliche Hilfe, es ist echt toll zu sehen dass es Menschen gibt die völlig freiwillig und uneigennützig anderen mit ihrer Erfahrung helfen

Sollte jemals wieder ein Problem auftreten werde ich mich sicherlich an dieses Forum hier wenden.
Mach weiter so!
Ganz Liebe Grüße Bombär