GUV Trojaner noch aktiv?

User85 · 16.08.2012, 20:58

Hallo,

vor einiger Zeit hatte ich den GUV Trojaner mit dem Bildschirm und der Zahlung von xxx Euro. Nach einem Neustart im abegesicherten Modus und wählen eines Systemwiederherstellungspunkt, war ich der Meinung mein PC ist wieder sauber.

Nun habe ich einen Scan mit Malwarebytes gestartet und es wurden 3 Meldungen angezeigt, Report unten:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lala :: KLEINKUNST-PC [Administrator]

16.08.2012 21:34:58
mbam-log-2012-08-16 (21-48-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208225
Laufzeit: 4 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\lala\AppData\Roaming\appconf32.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vielen Dank!

Sorry:

anbei der Report nach Entfernen:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.16.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lala :: KLEINKUNST-PC [Administrator]

16.08.2012 21:34:58
mbam-log-2012-08-16 (21-34-58).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 208225
Laufzeit: 4 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{975670D0-7EFB-4fa8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-4FA8-90FA-3AE575B9FB77} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\lala\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

t'john · 17.08.2012, 02:18

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

User85 · 17.08.2012, 19:29

Hi und Danke für die schnelle Bearbeitung:

Schritt 1:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.17.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lala :: KLEINKUNST-PC [Administrator]

17.08.2012 16:27:50
mbam-log-2012-08-17 (16-27-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 411901
Laufzeit: 2 Stunde(n), 7 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
Z:\System\Programme\Programme - Voice\Ventrilo\ventrilo-2.1.4-Windows-i386.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Schritt 2:

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 17.08.2012 20:06:32 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\lala\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,97% Memory free
6,19 Gb Paging File | 4,80 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 403,47 Gb Total Space | 136,71 Gb Free Space | 33,88% Space Free | Partition Type: NTFS
Drive D: | 20,02 Gb Total Space | 9,17 Gb Free Space | 45,78% Space Free | Partition Type: FAT32
Drive Z: | 42,26 Gb Total Space | 3,34 Gb Free Space | 7,91% Space Free | Partition Type: NTFS
 
Computer Name: KLEINKUNST-PC | User Name: lala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\lala\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\VMix.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ah9ybvlr) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc)
DRV - (CM1063264) -- C:\Windows\System32\drivers\CM106.sys (C-Media Inc)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (PLCNDIS5) -- C:\Windows\System32\plcndis5.sys (Intellon, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.14 20:42:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.12 21:35:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\lala\AppData\Roaming\10016
 
[2010.04.21 19:03:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lala\AppData\Roaming\mozilla\Extensions
[2011.05.12 20:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lala\AppData\Roaming\mozilla\Firefox\Profiles\3y48gfz0.default\extensions
[2010.05.06 11:19:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\lala\AppData\Roaming\mozilla\Firefox\Profiles\3y48gfz0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.05.12 21:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.06 21:46:11 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.05.14 20:42:31 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.02 13:25:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 13:25:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 13:25:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 13:25:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 13:25:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 13:25:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: soloplan.de ([mail] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = *********
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD0F0E42-5889-477C-B48D-720B8BD90741}: DhcpNameServer = *********
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\lala\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\lala\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\Shell - "" = AutoRun
O33 - MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.16 22:10:26 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\lala\Desktop\OTL.exe
[2012.08.16 21:33:58 | 000,000,000 | ---D | C] -- C:\Users\lala\AppData\Roaming\Malwarebytes
[2012.08.16 21:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.16 21:33:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.16 21:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.16 21:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.16 18:54:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 18:54:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 18:54:28 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 18:54:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 18:54:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 18:54:27 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 18:54:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 18:53:50 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\lala\AppData\Roaming\*.tmp files -> C:\Users\lala\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.17 20:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.17 20:02:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 20:02:07 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 20:02:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.17 20:01:56 | 3220,430,848 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.16 22:10:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\lala\Desktop\OTL.exe
[2012.08.16 21:33:49 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.16 19:17:38 | 000,252,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.16 19:10:23 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.16 19:10:23 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.16 19:10:23 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.16 19:10:23 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.16 19:05:07 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.16 19:05:07 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Users\lala\AppData\Roaming\*.tmp files -> C:\Users\lala\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.16 21:33:49 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.18 20:20:31 | 3220,430,848 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.18 19:58:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.02.27 21:20:26 | 000,000,016 | ---- | C] () -- C:\Users\lala\AppData\Roaming\blckdom.res
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.03.05 18:27:07 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.12.06 21:49:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.22 20:12:53 | 000,000,054 | ---- | C] () -- C:\Windows\Edcfg.ini
[2010.08.22 20:12:52 | 000,001,416 | ---- | C] () -- C:\Windows\germa.ini
[2010.08.22 20:12:52 | 000,001,319 | ---- | C] () -- C:\Windows\engli.ini
[2010.08.22 20:12:52 | 000,001,319 | ---- | C] () -- C:\Windows\berlitz.ini
[2010.08.22 20:12:39 | 000,083,517 | ---- | C] () -- C:\Windows\SETUPD.EXE
[2010.08.22 19:16:00 | 000,560,404 | ---- | C] () -- C:\Windows\System32\C4dll.dll
[2010.08.22 19:16:00 | 000,000,086 | ---- | C] () -- C:\Windows\msben.ini
[2010.04.23 08:24:10 | 000,004,096 | -H-- | C] () -- C:\Users\lala\AppData\Local\keyfile3.drm
[2009.08.30 10:32:32 | 000,138,056 | ---- | C] () -- C:\Users\lala\AppData\Roaming\PnkBstrK.sys
[2009.08.28 07:56:42 | 000,001,356 | ---- | C] () -- C:\Users\lala\AppData\Local\d3d9caps.dat
[2009.03.16 14:59:56 | 000,032,256 | ---- | C] () -- C:\Users\lala\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.14 10:32:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

< End of report >

und Extra.Txt

Code:

ATTFilter

OTL Extras logfile created on: 17.08.2012 20:06:32 - Run 2
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\lala\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 53,97% Memory free
6,19 Gb Paging File | 4,80 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 403,47 Gb Total Space | 136,71 Gb Free Space | 33,88% Space Free | Partition Type: NTFS
Drive D: | 20,02 Gb Total Space | 9,17 Gb Free Space | 45,78% Space Free | Partition Type: FAT32
Drive Z: | 42,26 Gb Total Space | 3,34 Gb Free Space | 7,91% Space Free | Partition Type: NTFS
 
Computer Name: KLEINKUNST-PC | User Name: lala | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02378538-9F15-4A1C-93DF-E5E02BD4E002}" = lport=138 | protocol=17 | dir=in | app=system | 
"{37AE3DE4-56F0-490C-B55D-C2946036EB00}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4DB8DF0C-2F5C-4AB8-B38E-1F0CEC2DE844}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6BDB9782-73E4-42B1-BC53-75A82689EF65}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7405E9C5-5489-4ECD-B635-D659918D0DEA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{8222B8A2-C493-456B-80F3-782A30BED64B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8C5CEC98-10C8-4D16-B795-0B9D4EBDC850}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{95F3E416-1D19-4A82-B902-059D75BDD1E0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{AEF5EE39-F5FB-42A4-9790-4A52A2BE3FA1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D726F042-ECEC-4D91-B522-8BF4B5AF0BBB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DF45F19E-4DFF-4BF2-877C-BA225B29775C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DF8AD138-68CF-49F1-8DA5-25A58EF1F0EC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FEFB221C-7622-4480-804E-00A2D6A84F4F}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0169F08F-CA2B-41DE-BBA6-320B8411CD41}" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\curse\curseclient.exe | 
"{068CDEF2-CF5C-4877-83A6-D675497174F1}" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\launcher.patch.exe | 
"{0EF9488A-6FDF-4AD4-9FB5-80491D606B9D}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{1120D505-8F22-4777-9F4A-DA7EF285A5F2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{1ADA91A9-CD6C-4C60-9D27-5A8A227DB7B0}" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\launcher.exe | 
"{265B1786-FC5C-4695-A0A3-8B8389B2A9D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{274D6C78-1E06-409F-A45D-20D08E3440C4}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{28E6A1F9-C93E-492B-8DFA-74237112A2B4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{2A0AC1D3-2443-4E94-A531-B599502B9088}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2E1DD767-AA27-42DB-9DA0-24182FBEBFAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2F3C46F4-AACD-4BE3-9269-F915FB8AFC33}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{339661E7-790F-4F25-B368-02B53614C77E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{40BAF640-BC64-4429-8AD3-A280835E931C}" = protocol=17 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{4A14FC5F-6E62-458C-851E-B20EE8D98FF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{55E784EA-8A04-4783-9A17-B6E297799DD8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{564BEC07-F217-4355-912F-A90D09258CA8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{58AD58AC-CB18-4C88-A7F4-2DA607D51DE7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{58CBC4E6-21A2-4244-B662-23A8B4E53F32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5AC2A51E-2B1F-4D9E-8522-F11F08AF2F53}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{5D51FB7B-110E-4EA1-8C68-32E0D9B314B3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{5F6D1A63-24AA-46E1-A58C-23C3F0C3DBDB}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{67A8E623-AF7B-46EA-A2EF-64F8B83AE3F7}" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\wow-3.2.0-dede-downloader.exe | 
"{69E001AB-B75E-413E-90B3-81B3E0E7CF6D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{69E5F2AB-9EFF-4141-B2E1-D2B6C647BC02}" = protocol=6 | dir=in | app=c:\program files\diablo iii beta\diablo iii.exe | 
"{6B426464-8264-48BE-B464-97E3B20D65CE}" = protocol=6 | dir=in | app=c:\system\battlefield 2\bf2.exe | 
"{6FF48272-F185-46C1-9B7D-0761668307BA}" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\wow-3.2.0-dede-downloader.exe | 
"{7753BA0A-7780-49A6-9088-A700CD65E0CF}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"{77F10018-8D98-4E02-A16A-9D0E2723430C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{78AF09B9-A965-486C-8857-6AB866E142FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7A335FA8-4373-4025-A590-01EAACDB54B8}" = protocol=17 | dir=in | app=c:\system\battlefield 2\bf2.exe | 
"{7DC0429C-7FAD-40E7-ABD9-4EA8B9034ECD}" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\launcher.exe | 
"{7E0049CB-AF8C-41C4-AB8C-58E948310E39}" = protocol=17 | dir=in | app=d:\bad company2\bfbc2updater.exe | 
"{8B96D94D-0C90-44DA-98D1-B118DBAA1D88}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{97F5D94D-5290-4F46-9673-B8DAD0F9D52E}" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\blizzard downloader.exe | 
"{9ECF8385-5298-4745-9366-21400D4BA736}" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\launcher.patch.exe | 
"{A57819A8-3A46-46F6-B070-7725D1F522B3}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"{ACBCDD77-091B-459C-BA5F-CA895636FB86}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF8799EF-7571-4E34-BBCB-49A1668B78B7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{AF9B72CE-FB08-4223-9F47-18C612986305}" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\curse\curseclient.exe | 
"{B1F7CBFE-CF25-4463-897B-8335E3CB6677}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{BD08A1F3-D630-4BF3-BD36-4EEFC67FC2F4}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{BD2049FD-0F88-4542-B085-55135B2F28BE}" = protocol=6 | dir=in | app=z:\system\steam\steamapps\*********\counter-strike\hl.exe | 
"{C2C95DBA-F3A6-4DB9-8C0F-687437C1FEDC}" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\blizzard downloader.exe | 
"{C553D323-EECD-4F39-9BAD-195C302F4774}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{CB48778B-847F-4BDF-94E5-E20B3C189388}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D33BD0A5-40EC-46BD-B93F-7D95ACE1BB55}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D95E6DB6-FF5E-4B0E-9E6A-DDF0982A922C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{DB48384A-3F96-4B40-83CA-80507AEF88A1}" = protocol=6 | dir=in | app=z:\system\steam\steamapps\*********\counter-strike\hl.exe | 
"{DBE86795-D6EF-4CB5-876B-8A5AC963F8EA}" = protocol=6 | dir=in | app=z:\system\steam\steamapps\*********\half-life\hl.exe | 
"{DC525CAD-336C-4680-B73D-7084B18C976B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{DD106088-4FEE-4D8A-A6F2-5BF419365AA7}" = protocol=17 | dir=in | app=z:\system\steam\steamapps\*********\half-life\hl.exe | 
"{DD2E4C14-6CF4-478D-B851-89E3A1B5CDF6}" = protocol=6 | dir=in | app=d:\bad company2\bfbc2updater.exe | 
"{DE68B9B2-3669-4CB2-8AEB-9EC3AB38F0E2}" = protocol=17 | dir=in | app=z:\system\steam\steamapps\*********\counter-strike\hl.exe | 
"{E82B5D7A-79AA-4212-92A2-598C82A8229F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{EC3C82A1-60BD-4F3F-AC42-F1683F2DCC9A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EF7B4881-1403-43CE-9047-0AD5881AEA74}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | 
"{F94CC66F-7D07-4F38-A04D-C0CA0D8D321B}" = protocol=17 | dir=in | app=z:\system\steam\steamapps\*********\counter-strike\hl.exe | 
"TCP Query User{0223A3B5-9A85-40DF-A1EA-CB38571B672B}C:\system\world of warcraft_cd\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{068F4C0F-08AF-4C57-8A45-752671047274}C:\system\world of warcraft_cd\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{13545C01-1C98-4DC4-83ED-7278937CA4C2}C:\program files\nv\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\program files\nv\nv_support_berater_de_free.exe | 
"TCP Query User{3D332A35-48F9-4549-93E7-D2B80C4EF9F3}Z:\system\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=z:\system\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"TCP Query User{42DDB6FD-89C8-49BD-A39B-2130EAA44CBF}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe | 
"TCP Query User{4636F4FB-6112-4C89-A571-640E7CEBACA1}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{4D8673FE-DCE9-451B-AA77-58264E19FF69}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike source\hl2.exe | 
"TCP Query User{5B21A36F-EE16-4BD1-8CF9-5254EE3D58EC}C:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 5dadd540\launcher.exe" = protocol=6 | dir=in | app=c:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 5dadd540\launcher.exe | 
"TCP Query User{64275553-6431-47FB-893B-0EB8F3FD62E5}D:\bad company2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\bad company2\bfbc2game.exe | 
"TCP Query User{67713043-8CB4-4696-AD18-7D1429EE4AF9}C:\system\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\system\trillian\trillian.exe | 
"TCP Query User{6DB90C8B-9B1A-4A18-A68F-2EBF7EE7324C}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe | 
"TCP Query User{71C80EA1-4516-4741-A6E7-FAD51FC5C973}C:\program files\gamers.irc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"TCP Query User{82F12D19-C1D9-469A-92CF-3901CDD77D37}C:\system\world of warcraft_cd\launcher.patch.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\launcher.patch.exe | 
"TCP Query User{A4DBF69C-6D1D-48B4-8623-AD2A54955CF7}C:\users\lala\desktop\nv_support_berater_de_free.exe" = protocol=6 | dir=in | app=c:\users\lala\desktop\nv_support_berater_de_free.exe | 
"TCP Query User{AB667C87-4BD3-445F-BACD-75821E339946}C:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 8c0e9188\launcher.exe" = protocol=6 | dir=in | app=c:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 8c0e9188\launcher.exe | 
"TCP Query User{C27EACC7-7042-498A-8F25-6B18441BC6B4}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{C540F551-B248-49AA-A7B3-04BC2A015BFB}C:\system\world of warcraft_cd\launcher.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\launcher.exe | 
"TCP Query User{D8686BAF-255C-4C95-8A36-1F27A73814FB}C:\system\world of warcraft_cd\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\curse\curseclient.exe | 
"TCP Query User{DBAFE7D9-D7EC-4D7B-B7F9-C08BFE2DA207}C:\system\world of warcraft_cd\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\system\world of warcraft_cd\backgrounddownloader.exe | 
"TCP Query User{E9FB389E-E732-42CA-AC2F-6CBDD536508E}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe | 
"TCP Query User{EB937AFC-423D-4696-BECE-342E9CC32DF0}C:\system\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\system\trillian\trillian.exe | 
"UDP Query User{08BA25E9-14F9-439A-8D40-1420764D4270}Z:\system\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=z:\system\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"UDP Query User{0DACC0F1-7D7F-47DC-9049-B0DBD7D60402}C:\system\world of warcraft_cd\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\curse\curseclient.exe | 
"UDP Query User{385C9A00-C91C-4D8C-A068-F53EAD59F2EC}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe | 
"UDP Query User{39394100-A4A4-4DE9-984F-B42E2276DDB5}C:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 5dadd540\launcher.exe" = protocol=17 | dir=in | app=c:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 5dadd540\launcher.exe | 
"UDP Query User{3B3F79FF-4C99-4370-8894-AB019D2CE003}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{7C7E384D-61CF-4833-848F-1A249E34C4D3}C:\system\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\system\trillian\trillian.exe | 
"UDP Query User{7DC28DD5-02F6-4148-ABA4-31BF8FCE62DC}C:\program files\nv\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\program files\nv\nv_support_berater_de_free.exe | 
"UDP Query User{95A1EC4A-AA57-483A-B064-0FFAD497C04A}C:\system\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\system\trillian\trillian.exe | 
"UDP Query User{9C443144-2B30-4B25-B7D2-2FCC9F415C57}C:\system\world of warcraft_cd\launcher.patch.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\launcher.patch.exe | 
"UDP Query User{A433012B-CBC0-4084-BC63-1FBB8C876D3C}C:\users\lala\desktop\nv_support_berater_de_free.exe" = protocol=17 | dir=in | app=c:\users\lala\desktop\nv_support_berater_de_free.exe | 
"UDP Query User{A7647CDF-A6A9-4DF1-BAC4-94BB0F33E4CC}C:\system\world of warcraft_cd\launcher.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\launcher.exe | 
"UDP Query User{AB1D99DD-F04C-407B-9542-1D83A6CBC998}C:\program files\gamers.irc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\gamers.irc\mirc.exe | 
"UDP Query User{B8A7E93B-A048-4B70-AFE6-D8E73A5CF84E}C:\program files\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{BE311252-8FA2-443B-8206-07369E8BBF88}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike source\hl2.exe | 
"UDP Query User{C5C60C99-2923-4FFC-B645-B352680967CB}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe | 
"UDP Query User{CA0ACD41-D23B-4412-8DBF-A5EA014E004B}C:\system\world of warcraft_cd\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{EA4E521F-262C-4E88-98B0-CB9FF72B435C}C:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 8c0e9188\launcher.exe" = protocol=17 | dir=in | app=c:\users\kleinkunst\appdata\local\temp\blizzard launcher temporary - 8c0e9188\launcher.exe | 
"UDP Query User{EAD4435E-F017-421C-9030-F6B57AC9F484}D:\bad company2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\bad company2\bfbc2game.exe | 
"UDP Query User{F3023FED-C8EB-480C-9963-78229306B57D}C:\system\world of warcraft_cd\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\backgrounddownloader.exe | 
"UDP Query User{F62E0072-2B13-413D-8164-5F6691B14805}C:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\system\shuttlexpc\steam\steamapps\*********\counter-strike\hl.exe | 
"UDP Query User{F844FA9C-A7A1-4D6C-A8F9-859A2230F4C4}C:\system\world of warcraft_cd\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\system\world of warcraft_cd\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{06A940CD-4924-485E-8500-476C9E08A820}" = Samsung PC Studio 3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7355D6F3-DBA4-4CD4-8FC3-B96FA766B642}" = calibre
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media CM106 Like Sound Driver" = C-Media CM106 Like Sound Driver
"CurseClient" = Curse Client
"Diablo III Beta" = Diablo III Beta
"DivX Player" = DivX Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"EngB" = Englisch für den Beruf
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HLSW_is1" = HLSW v1.3.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3-Cutter" = MP3-Cutter
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"StarCraft II" = StarCraft II
"Steam App 590" = Left 4 Dead 2 Demo
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.08.2010 04:40:18 | Computer Name = KleinKunst-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2010 08:35:02 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 08:35:02 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 08:36:13 | Computer Name = KleinKunst-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2010 11:26:04 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 11:26:04 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 11:27:15 | Computer Name = KleinKunst-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.08.2010 12:51:53 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 12:51:53 | Computer Name = KleinKunst-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 14.08.2010 12:53:04 | Computer Name = KleinKunst-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 17.08.2012 10:20:26 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 10:20:26 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 10:20:26 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 10:20:28 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
Error - 17.08.2012 14:03:37 | Computer Name = KleinKunst-PC | Source = Service Control Manager | ID = 7003
Description = 
 
 
< End of report >

t'john · 18.08.2012, 15:10

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:

Code:

ATTFilter

:OTL
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found 
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found 
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found 
DRV - (ah9ybvlr) -- File not found 
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) 
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} 
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.search.update: false 
FF - prefs.js..browser.startup.homepage: "about:blank" 
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 
FF - user.js - File not found 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) 
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) 
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) 
O4 - HKLM..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd File not found 
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found 
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found 
O15 - HKCU\..Trusted Domains: soloplan.de ([mail] https in Trusted sites) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] 
O33 - MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\Shell - "" = AutoRun 
O33 - MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a 
O33 - MountPoints2\K\Shell - "" = AutoRun 
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a 
[2012.07.18 19:58:11 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad 
[2012.08.17 20:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.02.27 21:20:26 | 000,000,016 | ---- | C] () -- C:\Users\lala\AppData\Roaming\blckdom.res 
:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

User85 · 19.08.2012, 18:03

Hi,

Habe deine Schritte enstprechend ausgeführt:
Nach dem Einfügen deines Skripts und "Fix-Button" kam von Windows nach einiger Zeit die Meldung: "Programm reagiert nicht mehr" - "Nach Lösungen wird gesucht" - Programm wird geschlossen, anschließend nur noch der blanke Desktop ohne alles.

Nur über STRG+ALT+ENTF konnte der PC neugestartet werden anbei das Log von OTL:

Code:

ATTFilter

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Lief irgendwas schief?

Danke im Voraus.

t'john · 19.08.2012, 18:25

Du musst den Fix in OTL einfuegen!
Anleitung beachten!

Rechner neustarten und nochmal vesuchen!

User85 · 19.08.2012, 19:05

Habe das gleiche nochmal gemacht nun hat es funktioniert:

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File  system32\DRIVERS\nwlnkfwd.sys File not found not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File  system32\DRIVERS\nwlnkflt.sys File not found not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File  system32\DRIVERS\ipinip.sys File not found not found.
Error: No service named ah9ybvlr was found to stop!
Service\Driver key ah9ybvlr not found.
File  File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: false removed from browser.search.update
Prefs.js: "about:blank" removed from browser.startup.homepage
Prefs.js: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}\ not found.
File C:\Programme\DVDVideoSoft\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CM106Sound not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soloplan.de\mail\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64332783-3054-11df-bb64-0022153c8e92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64332783-3054-11df-bb64-0022153c8e92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64332783-3054-11df-bb64-0022153c8e92}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File K:\LaunchU3.exe -a not found.
File C:\ProgramData\0tbpw.pad not found.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Users\lala\AppData\Roaming\blckdom.res not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\lala\Desktop\cmd.bat deleted successfully.
C:\Users\lala\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: lala
->Temp folder emptied: 48216 bytes
->Temporary Internet Files folder emptied: 3206905 bytes
->FireFox cache emptied: 65482516 bytes
->Flash cache emptied: 34894 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 120415352 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 180,00 mb
 
 
OTL by OldTimer - Version 3.2.57.0 log created on 08192012_200102

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

t'john · 19.08.2012, 19:19

Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

User85 · 21.08.2012, 19:19

Vielen Dank, Rechner läuft normal.

Werde die neuen Schritte ausführen und mich melden.

t'john · 22.08.2012, 00:24

Alles klar.

User85 · 24.08.2012, 20:26

Sorry, dass es länger gedauert hat:

Anbei Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.23.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
lala :: KLEINKUNST-PC [Administrator]

23.08.2012 19:29:34
mbam-log-2012-08-23 (19-29-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410075
Laufzeit: 2 Stunde(n), 3 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und Adwcleaner:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 19:11:39
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : lala - KLEINKUNST-PC
# Boot Mode : Normal
# Running from : C:\Users\lala\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\lala\AppData\LocalLow\Conduit
Folder Found : C:\Users\lala\AppData\LocalLow\DVDVideoSoft
Folder Found : C:\Users\lala\Documents\DVDVideoSoft
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DVDVideoSoft
Folder Found : C:\Program Files\Common Files\DVDVideoSoft

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DVDVideoSoft
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DVDVideoSoft
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{209192B1-05DB-4D17-BF94-A4B544465756}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{209192B1-05DB-4D17-BF94-A4B544465756}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v12.0 (de)

Profile name : default 
File : C:\Users\lala\AppData\Roaming\Mozilla\Firefox\Profiles\3y48gfz0.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2069 octets] - [24/08/2012 19:11:39]

########## EOF - C:\AdwCleaner[R1].txt - [2197 octets] ##########

t'john · 24.08.2012, 20:55

Sehr gut!

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

danach:

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

User85 · 24.08.2012, 21:20

Schritt 1:

Code:

ATTFilter

# AdwCleaner v1.801 - Logfile created 08/24/2012 at 22:16:00
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : lala - KLEINKUNST-PC
# Boot Mode : Normal
# Running from : C:\Users\lala\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\lala\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lala\AppData\LocalLow\DVDVideoSoft
Folder Deleted : C:\Users\lala\Documents\DVDVideoSoft
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoft
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DVDVideoSoft
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DVDVideoSoft
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{209192B1-05DB-4D17-BF94-A4B544465756}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{209192B1-05DB-4D17-BF94-A4B544465756}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

Schritt 2 folgt sobald ich ihn durchgeführt habe, mal ne zwischen Frage wieso reicht es nicht aus mit der Entfernung durch Malwarebytes + Skript + Adwcleaner?

t'john · 24.08.2012, 23:09

Weil jeder Scanner seine Staerken hat.
Wollen wir gruendlich sein oder nicht?

User85 · 25.08.2012, 06:53

Klaro anbei das weitere Log:

Code:

ATTFilter

Emsisoft Anti-Malware - Version 6.6
Letztes Update: 24.08.2012 22:25:40

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Z:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	24.08.2012 22:25:56

C:\Program Files\HLSW\hlsw.exe 	gefunden: Trojan.Win32.StartPage!E2
Z:\System\Programme\Programme - I-Net\mIRC\mirc.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
Z:\System\Programme\Programme - I-Net\mIRC\mirc616.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
Z:\System\Programme\Programme - I-Net\Gamers.IRC\mirc.exe 	gefunden: Riskware.Client-IRC.Win32.mIRC!E2
Z:\System\Programme\Programme - Brennen\Daemon\daemon4091-x86.exe 	gefunden: Riskware.WebToolbar.Win32.WhenU.AMN!E1
Z:\System\Programme\Programme - Brennen\Clone CD\SetupCloneCD4322.exe 	gefunden: Worm.Win32.Runfer.agb!E1

Gescannt	691612
Gefunden	6

Scan Ende:	25.08.2012 01:02:49
Scan Zeit:	2:36:53w

Z:\System\Programme\Programme - Brennen\Clone CD\SetupCloneCD4322.exe	Quarantäne Worm.Win32.Runfer.agb!E1
Z:\System\Programme\Programme - Brennen\Daemon\daemon4091-x86.exe	Quarantäne Riskware.WebToolbar.Win32.WhenU.AMN!E1
Z:\System\Programme\Programme - I-Net\mIRC\mirc.exe	Quarantäne Riskware.Client-IRC.Win32.mIRC!E2
Z:\System\Programme\Programme - I-Net\mIRC\mirc616.exe	Quarantäne Riskware.Client-IRC.Win32.mIRC!E2
Z:\System\Programme\Programme - I-Net\Gamers.IRC\mirc.exe	Quarantäne Riskware.Client-IRC.Win32.mIRC!E2
C:\Program Files\HLSW\hlsw.exe	Quarantäne Trojan.Win32.StartPage!E2


Quarantäne	6

19.08.2012, 18:25	#6
t'john /// Helfer-Team	GUV Trojaner noch aktiv? Du musst den Fix in OTL einfuegen! Anleitung beachten! Rechner neustarten und nochmal vesuchen! __________________ --> GUV Trojaner noch aktiv?

22.08.2012, 00:24	#10
t'john /// Helfer-Team	GUV Trojaner noch aktiv? Alles klar. __________________ Mfg, t'john Das TB unterstützen

24.08.2012, 23:09	#14
t'john /// Helfer-Team	GUV Trojaner noch aktiv? Weil jeder Scanner seine Staerken hat. Wollen wir gruendlich sein oder nicht? __________________ Mfg, t'john Das TB unterstützen

GUV Trojaner noch aktiv?

Plagegeister aller Art und deren Bekämpfung: GUV Trojaner noch aktiv?