Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.04.2012, 17:01   #1
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



hallo,

wie oben schon geschrieben, hat mein antivir heute den trojaner TSW.Banker.O.26 gefunden.
dabei handelt es sich um eine datei, die er im Temporary Internet Files\Content.IE5\EDX06o6T\calc[1].exe gefunden hat.

ich hab nach der calc[1].exe datei gegoogelt und er findet da den bundespolizeitrojäner bei dem ich weiß, dass ich ihn schon ein oder zweimal hatte.

nun hab ich ihn bei antivir in quarantäne verschoben. reicht das, oder pc plattmachen?

Alt 25.04.2012, 17:44   #2
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

4.
Rechtsklick auf den AntiVir-Schirm in der Taskleiste => AntiVir starten => Übersicht => Ereignisse
jeden Fund markieren => Rechtsklick auf Funde => Ereignis(se) exportieren
und als Ereignisse.txt auf dem Desktop speichern und den Inhalt hier posten.

► Wenn komplette Scanergebnis von Antivir vorliegt bzw spechert hast, auch posten!
Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 26.04.2012, 11:31   #3
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



hallo, danke für die anleitung. ich denke ich habe das alles so durchgeführt wie beschrieben.

malewarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.25.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Tommy :: xxxxx-xx [Administrator]

Schutz: Aktiviert

25.04.2012 20:22:54
mbam-log-2012-04-25 (20-22-54).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 982459
Laufzeit: 4 Stunde(n), 57 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Tommy\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 6
C:\Windows.old\Program Files\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows.old.000\Users\Daddelkiste\AppData\Local\Temp\1iwFyWx3.exe.part (PUP.UltraReach) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\SoftonicDownloader_fuer_pencil.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\SoftonicDownloader_fuer_smart-shutdown-manager.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Downloads\u96.exe (PUP.UltraReach) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tommy\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)
         
otl

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2012 01:37:38 - Run 1
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,74% Memory free
6,68 Gb Paging File | 4,94 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 144,75 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Raptr\raptr.exe (Raptr, Inc)
PRC - C:\Programme\Raptr\raptr_im.exe (Raptr, Inc)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
PRC - C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\GIGABYTE\ET6\GUI.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Tommy\AppData\Roaming\11019\components\AcroFF019.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Raptr\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtCore.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtWebKit.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtGui.pyd ()
MOD - C:\Programme\Raptr\sip.pyd ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Programme\Raptr\libtorrent.pyd ()
MOD - C:\Programme\Raptr\heliotrope._purple.pyd ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Raptr\liboscar.dll ()
MOD - C:\Programme\Raptr\libjabber.dll ()
MOD - C:\Programme\Raptr\libymsg.dll ()
MOD - C:\Programme\Raptr\plugins\libaim.dll ()
MOD - C:\Programme\Raptr\plugins\libicq.dll ()
MOD - C:\Programme\Raptr\plugins\libirc.dll ()
MOD - C:\Programme\Raptr\plugins\ssl-nss.dll ()
MOD - C:\Programme\Raptr\plugins\libyahoojp.dll ()
MOD - C:\Programme\Raptr\plugins\ssl.dll ()
MOD - C:\Programme\Raptr\plugins\libmsn.dll ()
MOD - C:\Programme\Raptr\plugins\libxmpp.dll ()
MOD - C:\Programme\Raptr\plugins\libyahoo.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Raptr\libxml2-2.dll ()
MOD - C:\Programme\Raptr\sqlite3.dll ()
MOD - C:\Users\Tommy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\GermanyRainRadar.dll ()
MOD - C:\Programme\Raptr\zlib1.dll ()
MOD - C:\Programme\Raptr\win32gui.pyd ()
MOD - C:\Programme\Raptr\win32file.pyd ()
MOD - C:\Programme\Raptr\win32api.pyd ()
MOD - C:\Programme\Raptr\win32process.pyd ()
MOD - C:\Programme\Raptr\gobject._gobject.pyd ()
MOD - C:\Programme\Raptr\win32com.shell.shell.pyd ()
MOD - C:\Programme\Raptr\pythoncom26.dll ()
MOD - C:\Programme\Raptr\pywintypes26.dll ()
MOD - C:\Programme\Raptr\PIL._imaging.pyd ()
MOD - C:\Programme\Raptr\_ssl.pyd ()
MOD - C:\Programme\Raptr\unicodedata.pyd ()
MOD - C:\Programme\Raptr\_hashlib.pyd ()
MOD - C:\Programme\Raptr\pyexpat.pyd ()
MOD - C:\Programme\Raptr\_ctypes.pyd ()
MOD - C:\Programme\Raptr\_sqlite3.pyd ()
MOD - C:\Programme\Raptr\_socket.pyd ()
MOD - C:\Programme\Raptr\winsound.pyd ()
MOD - C:\Programme\Raptr\plugins\libqq.dll ()
MOD - C:\Programme\GIGABYTE\ET6\Normal.dll ()
MOD - C:\Programme\GIGABYTE\ET6\AMD8.dll ()
MOD - C:\Programme\GIGABYTE\ET6\work.dll ()
MOD - C:\Programme\GIGABYTE\ET6\OCK.dll ()
MOD - C:\Programme\GIGABYTE\ET6\MFCCPU.dll ()
MOD - C:\Programme\GIGABYTE\ET6\GVTunner.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\GIGABYTE\ET6\platform.dll ()
MOD - C:\Programme\GIGABYTE\ET6\device.dll ()
MOD - C:\Programme\GIGABYTE\ET6\SF.dll ()
MOD - C:\Programme\GIGABYTE\ET6\ycc.dll ()
MOD - C:\Programme\GIGABYTE\ET6\HM.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Programme\GIGABYTE\ET6\CIAMIB.dll ()
MOD - C:\Programme\GIGABYTE\ET6\GUI.exe ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Programme\GIGABYTE\ET6\Sound.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SystoG15Service) -- C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (TDslMgrService) -- C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()
SRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (XDva390) -- C:\Windows\system32\XDva390.sys File not found
DRV - (XDva360) -- C:\Windows\system32\XDva360.sys File not found
DRV - (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) -- system32\drivers\WPRO_40_1340.sys File not found
DRV - (vsdatant7) -- System32\drivers\vsdatant.win7.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (GVTDrv) -- C:\Windows\System32\drivers\GVTDrv.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) 2000 DDK provider)
DRV - (HssDrv) -- C:\Windows\System32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.20\RivaTuner32.sys ()
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (WinRing0_1_2_0) -- C:\Programme\C2DtoG15\WinRing0.sys (OpenLibSys.org)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (aiptektp) -- C:\Windows\System32\drivers\aiptektp.sys (WALTOP International Corp.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()
DRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.02.09 12:38:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 23:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.19 22:41:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.12 21:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Tommy\AppData\Roaming\11019 [2012.04.25 12:51:04 | 000,000,000 | ---D | M]
 
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2011.04.27 01:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.24 03:36:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.08 14:04:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\conduit.xml
[2012.04.07 01:18:12 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-1.xml
[2010.09.18 22:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-2.xml
[2010.10.21 15:45:25 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-3.xml
[2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin.xml
[2012.03.26 23:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.01.05 04:04:07 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Programme\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.04.25 12:51:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TOMMY\APPDATA\ROAMING\11019
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.27 17:54:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Raptr] C:\Programme\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Programme\GIGABYTE\ET6\ETcall.exe ()
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7C1B26-69B5-403D-8482-29F3ADB3332C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA123E6A-D0A3-4242-8A31-1B77539A2056}: DhcpNameServer = 10.77.136.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell - "" = AutoRun
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.26 00:44:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.25 20:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 20:21:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019
[2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.21 15:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.18 19:49:57 | 000,000,000 | RH-D | C] -- C:\Users\Tommy\AppData\Roaming\SecuROM
[2012.04.18 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM
[2012.04.18 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.18 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.12 03:07:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 03:07:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.12 03:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 03:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.12 03:07:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 03:07:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 03:06:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.12 03:06:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 20:39:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\UAs
[2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009
[2012.04.11 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\xmldm
[2012.04.11 20:29:59 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\kock
[2012.04.10 11:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield
[2012.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2012 Patch
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 01:38:28 | 000,641,772 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.26 01:38:28 | 000,607,366 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.26 01:38:28 | 000,132,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.26 01:38:28 | 000,109,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.26 01:31:42 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.04.26 01:31:42 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref
[2012.04.26 01:31:26 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.04.26 01:31:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 01:31:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 01:31:03 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 01:31:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 01:30:56 | 3487,850,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.26 01:29:10 | 000,000,796 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.04.26 01:02:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.26 00:35:03 | 000,073,216 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.25 20:21:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.25 18:01:22 | 000,000,016 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.04.25 14:07:27 | 000,000,048 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.24 11:10:39 | 000,226,792 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
[2012.04.24 11:10:39 | 000,007,368 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
[2012.04.24 09:21:22 | 000,000,680 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2012.04.18 19:15:41 | 001,047,158 | ---- | M] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.10 11:16:15 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.25 20:21:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.24 11:10:39 | 000,226,792 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
[2012.04.24 11:10:39 | 000,007,368 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
[2012.04.22 00:21:57 | 3487,850,496 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 19:10:52 | 001,047,158 | ---- | C] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.12 18:10:30 | 000,000,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.11 20:30:19 | 000,000,016 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.04.10 11:16:15 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield Launch.lnk
[2012.03.13 21:47:28 | 000,017,408 | ---- | C] () -- C:\Users\Tommy\AppData\Local\WebpageIcons.db
[2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.12.05 23:29:47 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011.12.05 23:29:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011.12.05 23:28:44 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.11.09 18:12:00 | 000,019,400 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.10.13 01:41:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.15 11:03:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.09 17:47:26 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.16 12:55:28 | 011,010,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Sandra.mdb
[2011.04.13 15:07:49 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys
[2011.04.13 15:07:49 | 000,001,856 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys
[2011.04.13 15:06:50 | 000,000,202 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.12 13:44:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.26 14:28:19 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.26 14:28:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.02.14 13:42:58 | 000,000,552 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d8caps.dat
[2011.01.06 18:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.06 17:45:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2010.12.06 03:16:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.11.04 03:16:50 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2010.10.20 12:01:05 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.10.20 12:01:05 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.08.27 21:28:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.08.27 21:28:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.07.23 18:18:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.23 18:18:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.20 16:25:39 | 000,073,216 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.19 11:10:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.07.18 23:16:38 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.07.18 10:56:50 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.07.17 23:02:49 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.07.17 13:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.17 13:02:17 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.07.17 12:58:09 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2012 01:37:38 - Run 1
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 50,74% Memory free
6,68 Gb Paging File | 4,94 Gb Available in Paging File | 73,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 144,75 Gb Free Space | 31,07% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3BEC-B7BA-4BCB-B93D-F0AFA4F2FC84}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe | 
"{17BF2527-3D2C-4E27-A52A-335D765C9B71}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe | 
"{B4D26F88-212D-4814-AE61-E5025C3D2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C9647509-994C-4A16-B4CA-EC7109561E02}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00620CC1-D498-4423-9896-CC5A77255AD5}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{01B24FCC-2E63-4DA1-84AC-9FC6D8C80AFC}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{04A02DE7-9BAB-494A-B528-1A32D0745159}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{05205A34-0373-4CB1-A7A0-AD1B184C2011}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{0631EAED-5859-4807-B74C-85F3B01193A9}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{07B84C9C-8307-4494-8DFD-1DAF134E9023}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{07DE5062-84F0-4B3D-B299-3544E3D391A7}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{0D63082B-4CB1-4B9D-ABED-B4FE72C8C464}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{1120922E-2CFF-41D9-BA00-8CE71EA9FE22}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{184BA749-E1D9-45F0-9262-555402C4F527}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{19EDD077-C8C4-4EE2-A320-DEDB7134B9DC}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1CB0E5CE-4F79-4E8A-BDF2-D5C39D886FAB}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{1DB4FF3C-0507-47EC-B8EA-C5EF4C8D86EB}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{1E45F541-C265-4E80-AAAF-6E8AD018DC57}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{23C56C71-059B-4021-B9C8-CD76219E796A}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{28FB1055-9132-46EC-8973-A35336285829}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{324851DB-58D2-4E7B-BAF2-E0996704E922}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{35BA93CB-333C-4CF6-8725-11A17A243391}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{3A589C88-CF25-42B8-9FA1-92497C882B7A}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{3AC095A9-3247-4C63-8473-3BD770B9C20B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{3E9D0BFA-3CE7-4FB1-A21B-57ADD51A3EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{42377774-C2DE-4D34-B9F3-C32BBC1C7AD2}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{4392C986-9C66-4DC7-931C-D7C1025685F8}" = protocol=6 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{4C140D38-27DC-4D28-BAE3-1E66BF97CEF1}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{50C5997D-B2D4-4F9B-B2F8-78B56D6DEA04}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{5125455E-CE9D-4A14-B2AC-61BB4B5B38DB}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2 demo\bin_ship\dragonage2demo.exe | 
"{59E4CCF8-22B5-4C4F-87EE-06A1BB88D51D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{60DFDA8D-4F6E-48B4-962B-2ADD5E106EEC}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{62757F24-4DFF-4168-9234-4D327FA7E047}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{651A1A49-015B-4C90-9DE9-832A7E8BA785}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{669BCEAE-EFCA-4731-B451-EF0D095218BB}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{6825AEE4-B11B-4EDB-8390-190C1A04BC1E}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{69B164D5-A05D-47DF-9AF2-EA1822B42267}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6F73E07A-155A-4446-A5EA-B735BDB4593B}" = protocol=17 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{710C96F9-EFDF-4BFA-93AC-173CA047F219}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{725138F0-640F-4CAC-94EE-7C148F6A877D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{791F8798-EFB2-4E96-9020-C56D4FF7BEDD}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{79E3658D-84F3-4488-B3F1-96F6EE0F796D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7AD4D544-6D73-455A-BBFF-30551F72919F}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{7B6CB3B9-CDB5-4A24-90EF-E95202F4017B}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{82E761B3-68B0-48FE-86AE-07A06B46FFFA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{85C784E8-E53A-4FF8-A799-B194D047EB17}" = protocol=6 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{86D45300-0ACD-4BE8-AB72-030A7827B356}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{880E771B-8EE5-42F4-825B-6F1BD9F39299}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{8C528F8F-F9E0-468E-A0E7-80D0C6046279}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{938512F5-34FE-4BA1-AA62-0E2441A6F1B8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{94733B01-EFEF-4380-8485-D76DA1B97A93}" = protocol=17 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{95F18369-3CA7-45A7-B410-D932FEA49DA2}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{96F625FD-1546-4B7F-9F13-12DBE198CA5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9C38C6AB-BA1D-40AA-9CC3-3AC823585D2B}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{9D8B252F-6326-4430-821A-316AD24CA993}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{9EB1B8D1-4A1C-4CC8-A5A7-7CABB99B6676}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{9FDAF6D9-4E5E-4374-9D95-054960D0B64C}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2 demo\dragonage2launcher.exe | 
"{A15AB570-8384-4902-9D28-2FB4F6BD58AB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A1FFC0BC-265D-4E1E-AFC0-7BC8DDDF8284}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{A22B1C81-8077-4B1B-925A-2003ED70E811}" = protocol=17 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{A6B47BFD-553B-4965-BF31-017622D82FA4}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe | 
"{AA526D98-2546-4B01-9B31-BD81DE179A61}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{AB1CE66E-CD26-4E23-9440-A92D9E6C173F}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"{AB965C6A-AC05-4DD4-90D9-2693C880D0C5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{B1BB64BA-947C-4E8B-893B-894A6A5CF03B}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{B6AD2761-C0BA-4118-90E1-5D00BC3F05DD}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{C4E6D21C-2533-44CD-8AEA-BC3CBBB65F03}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{C6A7C227-18BC-44BA-9960-8D6CA498EF1E}" = protocol=6 | dir=in | app=d:\spiele\dragon age 2 demo\bin_ship\dragonage2demo.exe | 
"{D005B9B6-464C-4EED-9817-748AC1FE274A}" = protocol=17 | dir=in | app=d:\spiele\dragon age 2 demo\dragonage2launcher.exe | 
"{D0693EBA-B3B3-4D51-8710-B584971E25CF}" = protocol=6 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{D2762F96-67AE-4661-85F2-93677C02B61C}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{D2E250DE-8CED-4856-821F-A915978A3047}" = protocol=6 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{D2FEF08A-BA2F-4BFE-8495-C28381A88465}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{D8A0FC63-6DB0-4125-AF9E-1D00DB435CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB0EE392-F4C7-40CD-BC17-D20B73A179A0}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{DC9915A7-A4E1-4F03-BDB2-2D294B9706F7}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{E16414F2-4350-45CC-8098-6D9935769051}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{E359C5D5-6000-42B2-97CC-223E33D82831}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E4E9454F-0456-4B33-9BD7-483B19A1D56F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E56812BF-5C28-4F52-A7E4-55BC8D7CFC2B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{E6B40784-8AB0-4447-B716-5F0808923114}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{EB685CA2-12DF-4AC1-8522-714E9561AB02}" = protocol=17 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{EB6BA865-1719-444D-B73A-6322C6DF530B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{EDA860F6-074C-41B9-9658-EF874CC73C76}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{EDFD00CD-8896-414F-AA72-07650C4F0301}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{F08CE25F-BB41-49B3-ACCB-7616CF6A8B3C}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{F6E67672-46EE-47A7-AB25-BA1503196D01}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{FA4A80D3-5AE6-4FD9-875C-7DD84059AE30}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"{FECE9618-DC46-4FDC-A57C-3B22D90001C2}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"TCP Query User{0EDD7BF4-BA1D-483A-BDBA-6C18E7FB5F2C}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{25FC25FB-538C-421A-BB38-DAB484798C45}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{354DF200-F50E-42F1-B226-24FD7EDC1E24}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{3A281E06-7267-4768-A385-2042F13D632D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{5A7C7967-E678-4E4B-8CDE-33DC525C3B3C}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{685EC281-A7BE-4FDD-AF58-7A53AB90279A}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | 
"TCP Query User{7BD0C7D7-F7B8-44DD-A8F0-917490ED8D41}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{882805A7-6499-4E4B-88B8-211EEE8ED5BD}D:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
"TCP Query User{A4E43130-B07D-40AA-840E-7265589F4480}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C6F24F49-73D7-4621-BAFE-891D0DE44590}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{017ABF61-7E57-4DB4-88CE-20257B965F54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2738105C-0A02-44A5-A826-626C478737A9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{4938B2C2-4152-4C40-AD8C-080BFA4E97A9}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{50FC507A-C9A5-4A78-B157-1D4D8DEF50BD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{842BD1C4-91FA-4B84-9BF1-77073DFB2578}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{866B485F-8773-4E37-8A55-01D2DAB82F6D}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | 
"UDP Query User{9E5D26BC-0E59-4953-8E0E-E3E183CDDEFB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{E14BE6CF-E5E0-4444-A059-21EE2136BA75}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{E6D79A89-5C1D-4F41-983C-7770670D18CC}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{EBE5FAB5-364C-465A-9C2A-FFC5B61E8772}D:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.0.1
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028302}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028303}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision(R)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.1
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneDVD2" = CloneDVD2
"Episode 1" = Back to the Future The Game - Episode 1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"HotspotShield" = Hotspot Shield 2.52
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Ein Quantum Trost(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IP Changer 2.0" = IP Changer 2.0
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"pepakura_designer3en" = Pepakura Designer 3
"RADVideo" = RAD Video Tools
"Rainlendar2" = Rainlendar2 (remove only)
"Raptr" = Raptr
"RivaTuner" = RivaTuner v2.20
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"SopCast" = SopCast 3.3.2
"StarCraft" = StarCraft
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 31740" = Iron Grip: Marauders
"Steam App 36620" = Forsaken World 
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 61720" = Might and Magic: Clash of Heroes - Demo
"Steam App 90530" = Rise of Immortals
"Steam App 99870" = Bulletstorm Demo
"Tales of Monkey Island" = Tales of Monkey Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"Volumenzähler_is1" = Volumenzähler 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"Smart Shutdown Manager" = Smart Shutdown Manager
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---


ccleaner
Code:
ATTFilter
3DMark 11	Futuremark Corporation	15.05.2011	375MB	1.0.1
Adobe AIR	Adobe Systems Incorporated	19.07.2011	30,1MB	2.7.0.19530
Adobe Download Manager	NOS Microsystems Ltd.	16.07.2010	0,47MB	1.6.2.63
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	16.07.2010		10.1.53.64
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	25.03.2012		11.1.102.63
Adobe Reader 9.1 - Deutsch	Adobe Systems Incorporated	27.08.2010	234MB	9.1.0
Aion	NCsoft	09.11.2010	6,64MB	
Any Video Converter 3.2.1	Any-Video-Converter.com	12.04.2011	102,9MB	
Apple Application Support	Apple Inc.	23.07.2010	39,7MB	1.2.1
Apple Software Update	Apple Inc.	23.07.2010	2,16MB	2.1.1.116
ATITool Overclocking Utility		22.12.2011	3,32MB	0.26
Avira Free Antivirus	Avira	14.02.2012	94,1MB	12.0.0.898
Back to the Future The Game - Episode 1	Telltale Games	14.09.2011	423MB	1.0.0.0
Bulletstorm Demo	Electronic Arts	21.09.2011	0,73MB	
C2DtoG15 2.0.0.1		17.07.2010	1,78MB	
CCleaner	Piriform	25.04.2012	3,68MB	3.18
Cheat Engine 6.0	Dark Byte	08.09.2011	18,6MB	
CloneDVD2	Elaborate Bytes	10.12.2011	8,85MB	2.9.3.0
Der Herr der Ringe Online v03.02.04.8010	Codemasters	03.11.2010	12.825MB	03.02.04.8010
Dragon Age II Demo	Electronic Arts, Inc.	25.02.2011		1.00
DSL-Manager		05.10.2011	2,43MB	
Easy Tune 6 B10.0528.1	GIGABYTE	17.07.2010	26,1MB	1.00.0000
Ein Quantum Trost(TM)	Activision	07.01.2011	7.734MB	1.1
Energy Saver Advance B8.0610.1	GIGABYTE	16.07.2010	16,0MB	1.10.0000
Fallout 3	Bethesda Softworks	20.07.2011	5.850MB	1.00.0000
Forsaken World		05.10.2011		
Fraps (remove only)		05.12.2010	1.763MB	
Free Audio CD Burner version 1.4.7	DVDVideoSoft Limited.	23.04.2011	3,11MB	
Free YouTube to MP3 Converter version 3.10.15.1228	DVDVideoSoft Ltd.	23.01.2012	3,41MB	
Google Earth Plug-in	Google	16.11.2011	40,9MB	6.1.0.5001
GRID	Codemasters	26.10.2011	10.362MB	1.00.0000
Half-Life 2	Valve	06.02.2011	240MB	
Hotspot Shield 2.52	AnchorFree	09.04.2012	6,18MB	2.52
Hotspot_Shield Toolbar		04.01.2011	9,47MB	
HP Customer Participation Program 8.0	HP	04.12.2011	192,2MB	8.0
HP Imaging Device Functions 8.0	HP	04.12.2011	1,54MB	8.0
HP OCR Software 8.0	HP	04.12.2011	1,53MB	8.0
HP Photosmart Essential	HP	04.12.2011	10,2MB	1.12.0.46
HP Photosmart.All-In-One Driver Software 8.0 .A	HP	04.12.2011	30,7MB	8.0
HP Solution Center 8.0	HP	04.12.2011	1,53MB	8.0
HP Update	Hewlett-Packard	04.12.2011	3,57MB	4.000.005.006
HPSSupply	Ihr Firmenname	04.12.2011	0,96MB	2.1.3.0000
ICQ Toolbar	ICQ	11.04.2011		3.0.0
ICQ7.5	ICQ	12.12.2011	60,0MB	7.5
Infineon USB driver 1.0.0.6	Infineon	26.08.2010	1,46MB	
Intel® Matrix Storage Manager	Intel Corporation	16.07.2010	37,3MB	
IP Changer 2.0		28.08.2010	1,38MB	
Iron Grip: Marauders		04.10.2011	22,9MB	
Java(TM) 6 Update 24	Oracle	26.02.2011	94,8MB	6.0.240
Kane & Lynch 2: Dog Days	IO Interactive	31.12.2010	7.022MB	
LG Internet Kit	LG Electronics	26.08.2010	9,81MB	3.2.0.1
LG PC Suite III	LG Electronics	13.08.2011	171,7MB	1.0.0.0
LG USB Modem Drivers	LG Electronics	26.08.2010	1,02MB	4.9.4
Livestream Procaster	Procaster	12.04.2011	51,4MB	20.0.151
Logitech Eyetoy Webcam		16.07.2010		
Logitech GamePanel Software 3.04.143	Logitech Inc.	17.07.2010	14,7MB	3.04.143
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	24.04.2012	11,7MB	1.61.0.1400
Microsoft .NET Framework 1.1		03.11.2010		
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	19.07.2010	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	18.07.2010	27,8MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	31.08.2010	120,3MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	31.08.2010	24,5MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	08.05.2011	31,3MB	3.5.88.0
Microsoft Games for Windows Marketplace	Microsoft Corporation	08.05.2011	6,04MB	3.5.50.0
Microsoft Silverlight	Microsoft Corporation	15.02.2012	72,5MB	4.1.10111.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	18.07.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	18.07.2010	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022	Microsoft Corporation	05.12.2010	1,41MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	16.07.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	25.02.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	25.10.2011	12,3MB	10.0.40219
Microsoft XNA Framework Redistributable 3.0	Microsoft Corporation	06.02.2011	7,62MB	3.0.11010.0
Might and Magic: Clash of Heroes - Demo		21.09.2011	1.256MB	
Mozilla Firefox 11.0 (x86 de)	Mozilla	25.03.2012	41,1MB	11.0
Mozilla Thunderbird 11.0.1 (x86 de)	Mozilla	28.03.2012	37,7MB	11.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.07.2010	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	20.07.2010	1,34MB	4.20.9876.0
NASCAR® Racing 2002 Season		12.04.2011	494MB	
NCsoft Launcher	NCsoft	09.11.2010	6,98MB	1.5.4.2
NVIDIA 3D Vision Controller-Treiber 280.19	NVIDIA Corporation	25.09.2011	0,41MB	280.19
NVIDIA 3D Vision Treiber 280.26	NVIDIA Corporation	25.09.2011	21,3MB	280.26
NVIDIA Grafiktreiber 280.26	NVIDIA Corporation	25.09.2011	90,8MB	280.26
NVIDIA nTune	NVIDIA Corporation	22.12.2011	771MB	1.00.0000
NVIDIA PhysX-Systemsoftware 9.10.0514	NVIDIA Corporation	10.07.2011	73,3MB	9.10.0514
NVIDIA Update 1.4.28	NVIDIA Corporation	25.09.2011	6,36MB	1.4.28
OpenAL		26.10.2011	0,77MB	
OpenTTD 1.1.3	OpenTTD	11.10.2011	39,2MB	1.1.3
Orcs Must Die! Demo		23.10.2011	1.178MB	
PDFCreator	Frank Heindörfer, Philip Chinery	14.09.2011	32,2MB	1.2.3
Pepakura Designer 3	TamaSoftware	03.04.2011	7,53MB	
Pro Evolution Soccer 2011	KONAMI	17.04.2011	1.937MB	1.00.0000
Pro Evolution Soccer 2011 DEMO	KONAMI	25.03.2011	1.416MB	1.00.0000
Pro Evolution Soccer 2012	KONAMI	01.04.2012	2.314MB	1.00.0000
Pro Evolution Soccer 2012 DEMO	KONAMI	27.10.2011	1.439MB	1.00.0000
QuickTime	Apple Inc.	23.07.2010	73,8MB	7.66.71.0
RAD Video Tools		13.02.2011	1,83MB	
Rainlendar2 (remove only)		23.01.2011	17,3MB	
Raptr		16.04.2012	88,6MB	
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista	Realtek	16.07.2010	1,38MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	16.07.2010	21,6MB	6.0.1.5618
Red Faction Guerrilla	Ihr Firmenname	21.08.2010	7.406MB	1.00.0000
Republic Heroes	LucasArts	03.02.2011	5.159MB	1.00.0000
RESIDENT EVIL 5	CAPCOM CO., LTD.	24.08.2010	2.843MB	1.0.0.129
Rise of Immortals		04.10.2011	1.105MB	
RivaTuner v2.20		22.12.2011	27,9MB	
Rusty Hearts		04.10.2011	5.193MB	
Sam & Max - Culture Shock 1.0	Telltale Games	22.09.2011	231MB	1.0
Ship Simulator Extremes Demo		21.09.2011	1.141MB	
SiSoftware Sandra Lite 2011.SP2	SiSoftware	15.05.2011	74,1MB	17.50.2011.6
Skype™ 5.5	Skype Technologies S.A.	02.12.2011	17,0MB	5.5.124
Smart Shutdown Manager		05.10.2011	1,49MB	
SopCast 3.3.2	www.sopcast.com	22.04.2011	9,31MB	3.3.2
Spybot - Search & Destroy	Safer Networking Limited	01.03.2012	62,9MB	1.6.2
Star Wars Empire at War	LucasArts	20.02.2011	2.109MB	1.0
Star Wars Republic Commando		14.12.2011	1.719MB	1.0
Star Wars: The Old Republic	Electronic Arts, Inc.	10.12.2011	19.867MB	1.00
StarCraft	Blizzard Entertainment	18.09.2010	1.327MB	
Tales of Monkey Island	Daedalic Entertainment	06.06.2011	1.527MB	3.0.0.0
Team Fortress 2	Valve	04.10.2011	812MB	
TeamSpeak 3 Client	TeamSpeak Systems GmbH	03.11.2010	30,4MB	
The Witcher	CD Projekt Red	25.03.2011	9.960MB	1.00.0000
TomTom HOME 2.8.2.2264	TomTom	12.08.2011	49,0MB	2.8.2.2264
TomTom HOME Visual Studio Merge Modules	TomTom International B.V.	26.04.2011	1,88MB	1.0.2
Two Worlds		11.04.2011	4.059MB	1.7.0
Uninstall 1.0.0.1		23.04.2011	30,8MB	
Unity Web Player	Unity Technologies ApS	06.04.2012	0,20MB	
USB Flash Port Driver	Infineon Technologies	26.08.2010	0,42MB	1.00.0000
Veetle TV 0.9.18	Veetle, Inc	15.12.2010	10,1MB	0.9.18
VLC media player 1.1.0	VideoLAN	17.07.2010	75,7MB	1.1.0
Volumenzähler 1.0		05.10.2011		
Windows Live Essentials	Microsoft Corporation	19.04.2011	43,9MB	14.0.8117.0416
Windows Live ID Sign-in Assistant	Microsoft Corporation	21.04.2011	4,69MB	6.500.3165.0
Windows Live-Uploadtool	Microsoft Corporation	19.04.2011	0,22MB	14.0.8014.1029
Windows Media Encoder 9-Reihe		05.01.2011	13,8MB	
Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)	Infineon Technologies	26.08.2010	8,52MB	04/16/2009 1.0.0.6
WinRAR		26.08.2010	3,79MB	
Wolfenstein	Activision	26.04.2011	6.180MB	1.0
World of Warcraft	Blizzard Entertainment	28.02.2012	29.342MB	4.3.3.15354
Worms Armageddon		14.04.2011	34,2MB	
Worms Reloaded	Team17	14.04.2011	2.301MB	
Xfire (remove only)		16.07.2010	17,8MB	
Zattoo4 4.0.5	Zattoo Inc.	12.03.2012	39,9MB	4.0.5
ZoneAlarm	Check Point, Inc	09.12.2011	20,8MB	9.2.105.000
ZoneAlarm Toolbar	Check Point Software Technologies	09.12.2011	26,3MB
         
antivir

Code:
ATTFilter
Exportierte Ereignisse:

25.04.2012 17:32 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Local\Microsoft\Windows\Temporary Internet 
      Files\Content.IE5\EDX06O6T\calc[1].exe'
      enthielt einen Virus oder unerwünschtes Programm 'TR/PSW.Banker.O.26' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '559ab72d.qua' 
      verschoben!

24.04.2012 11:12 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei existiert nicht!

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe108.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55e6c1f1.qua' 
      verschoben!

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b58c72e.qua' 
      verschoben!

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:11 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe108.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Kazy.iwd' [trojan] gefunden.
      Ausgeführte Aktion: Zugriff verweigern

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
      wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan] 
      gefunden.
      Ausgeführte Aktion: Übergeben an Scanner

24.04.2012 11:10 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\loaupdt.jpg'
      wurde ein Virus oder unerwünschtes Programm 'TR/Jorik.Banker.ods' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.04.2012 00:35 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\11014\components\AcroFF014.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Rogue.kdv.603528' [trojan].
      Durchgeführte Aktion(en):
      Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler 
      aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
      Die Datei konnte nicht gelöscht werden!
      Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
      Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
      Die Datei konnte nicht gelöscht werden!

22.04.2012 00:35 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe104.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Age.4' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '558b992e.qua' 
      verschoben!

22.04.2012 00:34 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\AcroIEHelpe104.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Banker.Age.4' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.04.2012 00:34 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\11014\components\AcroFF014.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Rogue.kdv.603528' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

22.04.2012 00:22 [Echtzeit Scanner] Backup Engine geladen
      Die Engine und VDF konnten nicht vom Installationsverzeichnis geladen werden.
      Die Engine und VDF werden stattdessen von der Backup Kopie geladen.

20.04.2012 10:51 [System Scanner] Malware gefunden
      Die Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
      enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5493892a.qua' 
      verschoben!

20.04.2012 10:40 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

20.04.2012 10:34 [Echtzeit Scanner] Malware gefunden
      In der Datei 'C:\Users\Tommy\AppData\Roaming\11015\components\AcroFF015.dll'
      wurde ein Virus oder unerwünschtes Programm 'TR/Spy.Agent.caqx' [trojan] 
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern

12.04.2012 11:15 [Updater] Update nicht ausgeführt
      Das Update von Computer TOMMY-PC (169.254.222.48) von 
      hxxp://perspeak.avira-update.com/update ist fehlgeschlagen.
      Während des Herunterladens ist ein Fehler aufgetreten.
      Es wurden keine neuen Dateien geladen.
         
ich hoffe, dass ich alles richtig gemacht hab.
schon mal danke
__________________

Alt 26.04.2012, 13:41   #4
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



Systemreinigung und Prüfung:

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
Zitat:
Spybot
- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

3.
Deinstalliere:
Code:
ATTFilter
Adware :
Hotspot Shield 
Hotspot_Shield Toolbar
         
4.
SoftonicDownloader
Programme/Treiber NUR direkt vom hersteller downloaden!!

5.
Hast Du absichtlich die IP so als Proxy eingestellt?
Code:
ATTFilter
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
         
Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.


6.
unser Sorgenkind: ZoneAlarm:
möchte dir 4 Gründe nennen, warum nicht zu empfehlen ist:
1., In der letzten Zeit bei viele PC`s akutes Problem verbreitet hat, wie z.B.:
"Tastatur reagiert langsam, System/Internet plötzlich langsam wird, Internet funktioniert nicht, Desktopsymbole verschwunden, Programme reagieren verzögert, Abstürze usw..."
2., Bis auf die Tatsache, dass der Hersteller seine Unkosten durch "Conduit Ltd" / Adware finanziert, daher für mich sieht das nicht seriös aus, gehört in die Mülltonne !!
solange ZA installiert, nach Entfernung installiert sich Conduit eh wieder...
3., Der Angreifer kann sich jeder Zeit erhöhte Rechte verschaffen, Firewall und Virenschutz manipulieren und abschalten kann!
4., wie du siehst, hat jetzt auch nicht viel geholfen bzw das vorzeitige Eindringen dieser Malware im System nicht zuverlässig verhindern können!

wie entscheidest Du dich?
ich würde ihn deinstallieren/Entfernen und die Win Firewall einschalten. Wirst Du sehen, wie dein Rechner schneller hoch fährt
Deinstallationshilfe:
Forennachricht
ZoneAlarmPro 3 vollstndig deinstallieren

7.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Programme\Hotspot_Shield\tbHot0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell - "" = AutoRun
O33 - MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2012.04.26 01:31:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 01:02:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

:Files
C:\Users\Tommy\AppData\Roaming\UAs
C:\Users\Tommy\AppData\Roaming\xmldm
C:\Users\Tommy\AppData\Roaming\kock
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

8.
kann ich nicht zuordnen, um was handelt es sich dabei? könnten auch von Malware stammen..?:
Code:
ATTFilter
[2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019
[2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009
         
9.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 31 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

10.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

11.
Tipps (unabhängig davon ob man ihn benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?
-> Verwalten von Add-Ons in Internet Explorer
-> Firefox mit Add-ons anpassen
-> Firefox Add-Ons endgültig löschen | PcBeirat.de

12.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

13.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 26.04.2012, 16:46   #5
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



ups doppelpost, sry
deswegen hab ich den gelöscht


Geändert von Tommyfighter (26.04.2012 um 16:52 Uhr)

Alt 26.04.2012, 16:48   #6
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



1. defender ist abgeschaltet
nur bei

? Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen
da hab ich kein "eigenschaften" gefunden.

2. spybot ist deistalliert

3. hotspotshield ist deinstalliert

4. mach ich in zukunft

5. da war schon immer "kein proxy" angehakt und ich hab da auch meines wissens nie was geändert.

6. ZA ist deinstalliert

7. hab ich gemacht
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Programme\Hotspot_Shield\tbHot0.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\ not found.
File C:\Programme\Hotspot_Shield\tbHot0.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
File C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01eac52e-966e-11df-962e-001fd026e792}\ not found.
File F:\USBAutoRun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\Users\Tommy\AppData\Roaming\UAs folder moved successfully.
C:\Users\Tommy\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Tommy\AppData\Roaming\kock folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Tommy\Desktop\cmd.bat deleted successfully.
C:\Users\Tommy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tommy
->Temp folder emptied: 388185242 bytes
->Temporary Internet Files folder emptied: 204847452 bytes
->Java cache emptied: 7587188 bytes
->FireFox cache emptied: 55219665 bytes
->Flash cache emptied: 81937553 bytes
 
User: UpdatusUser
->Temp folder emptied: 899096 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30726397 bytes
RecycleBin emptied: 776 bytes
 
Total Files Cleaned = 736,00 mb
 
 
OTL by OldTimer - Version 3.2.42.0 log created on 04262012_161156

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         
8. ich hab keine ahnung was des sein soll.
aber in jeder der dateien findet er ne AcroFF.txt datei. in machen ist auch eine chrome.manifest datei. ka ob des was weiterhilft.

9. ist aktualisiert

10. ist auch aktualisiert

11. hab ich zur kenntnis genommen

12. habe ich durchgeführt
ich hab aber nur in der registry die fehler behoben.
beim cleaner selbst hab ich noch nichts gecleant. soll ich da noch?

13.
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2012 17:33:50 - Run 3
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,67% Memory free
6,68 Gb Paging File | 5,24 Gb Available in Paging File | 78,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 145,00 Gb Free Space | 31,13% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
PRC - [2012.04.16 20:51:46 | 000,066,992 | ---- | M] (Raptr, Inc) -- C:\Programme\Raptr\raptr.exe
PRC - [2012.04.16 20:51:46 | 000,043,952 | ---- | M] (Raptr, Inc) -- C:\Programme\Raptr\raptr_im.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.13 06:36:40 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.08.03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.12 13:44:57 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Programme\ICQ7.4\ICQ.exe
PRC - [2010.05.08 19:58:50 | 000,560,640 | ---- | M] (Andreas Sammann) -- C:\Programme\C2DtoG15\SystoG15Svc.exe
PRC - [2010.05.08 14:50:58 | 000,557,568 | ---- | M] (Andreas Sammann) -- C:\Programme\C2DtoG15\C2DtoG15.exe
PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2010.04.16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Contacts\wlcomm.exe
PRC - [2010.02.18 12:49:40 | 000,357,448 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.02.18 12:47:34 | 003,203,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.02.18 12:24:42 | 001,573,448 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgrSvc.exe
PRC - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe
PRC - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.15 17:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GUI.exe
PRC - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:35:20 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.26 14:51:00 | 001,085,440 | ---- | M] (T-Systems Enterprise Services GmbH) -- C:\Programme\DSL-Manager\DslMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.25 12:51:04 | 000,238,912 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\11019\components\AcroFF019.dll
MOD - [2012.04.12 03:02:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.12 03:02:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.03.13 06:36:53 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.17 19:53:28 | 000,494,592 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtNetwork.pyd
MOD - [2012.02.17 19:53:24 | 001,661,952 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtCore.pyd
MOD - [2012.02.17 19:53:20 | 000,313,856 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtWebKit.pyd
MOD - [2012.02.17 19:53:06 | 005,809,664 | ---- | M] () -- C:\Programme\Raptr\PyQt4.QtGui.pyd
MOD - [2012.02.17 19:52:26 | 000,067,584 | ---- | M] () -- C:\Programme\Raptr\sip.pyd
MOD - [2012.02.16 13:03:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.16 12:38:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.16 12:35:59 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.11.21 04:20:46 | 001,949,696 | ---- | M] () -- C:\Programme\Raptr\libtorrent.pyd
MOD - [2011.10.24 20:49:56 | 002,717,595 | ---- | M] () -- C:\Programme\Raptr\heliotrope._purple.pyd
MOD - [2011.10.13 12:25:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.13 12:03:16 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.09.09 01:47:40 | 001,183,699 | ---- | M] () -- C:\Programme\Raptr\liboscar.dll
MOD - [2011.09.09 01:47:36 | 001,640,221 | ---- | M] () -- C:\Programme\Raptr\libjabber.dll
MOD - [2011.09.09 01:47:32 | 001,052,194 | ---- | M] () -- C:\Programme\Raptr\libymsg.dll
MOD - [2011.09.09 01:47:22 | 000,495,680 | ---- | M] () -- C:\Programme\Raptr\plugins\libaim.dll
MOD - [2011.09.09 01:47:22 | 000,483,306 | ---- | M] () -- C:\Programme\Raptr\plugins\libicq.dll
MOD - [2011.09.09 01:47:16 | 000,655,356 | ---- | M] () -- C:\Programme\Raptr\plugins\libirc.dll
MOD - [2011.09.09 01:47:16 | 000,603,326 | ---- | M] () -- C:\Programme\Raptr\plugins\ssl-nss.dll
MOD - [2011.09.09 01:47:14 | 000,497,782 | ---- | M] () -- C:\Programme\Raptr\plugins\libyahoojp.dll
MOD - [2011.09.09 01:47:14 | 000,474,199 | ---- | M] () -- C:\Programme\Raptr\plugins\ssl.dll
MOD - [2011.09.09 01:47:10 | 001,306,387 | ---- | M] () -- C:\Programme\Raptr\plugins\libmsn.dll
MOD - [2011.09.09 01:47:04 | 000,565,461 | ---- | M] () -- C:\Programme\Raptr\plugins\libxmpp.dll
MOD - [2011.09.09 01:46:56 | 000,506,276 | ---- | M] () -- C:\Programme\Raptr\plugins\libyahoo.dll
MOD - [2011.08.03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.02.15 20:17:28 | 001,213,633 | ---- | M] () -- C:\Programme\Raptr\libxml2-2.dll
MOD - [2011.02.15 20:17:28 | 000,417,501 | ---- | M] () -- C:\Programme\Raptr\sqlite3.dll
MOD - [2011.01.06 16:35:33 | 000,007,168 | ---- | M] () -- C:\Users\Tommy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\GermanyRainRadar.dll
MOD - [2010.11.23 01:06:22 | 000,055,808 | ---- | M] () -- C:\Programme\Raptr\zlib1.dll
MOD - [2010.11.23 00:57:34 | 000,167,936 | ---- | M] () -- C:\Programme\Raptr\win32gui.pyd
MOD - [2010.11.23 00:57:34 | 000,111,104 | ---- | M] () -- C:\Programme\Raptr\win32file.pyd
MOD - [2010.11.23 00:57:34 | 000,096,256 | ---- | M] () -- C:\Programme\Raptr\win32api.pyd
MOD - [2010.11.23 00:57:34 | 000,036,352 | ---- | M] () -- C:\Programme\Raptr\win32process.pyd
MOD - [2010.11.23 00:57:18 | 000,141,312 | ---- | M] () -- C:\Programme\Raptr\gobject._gobject.pyd
MOD - [2010.11.23 00:57:06 | 000,263,168 | ---- | M] () -- C:\Programme\Raptr\win32com.shell.shell.pyd
MOD - [2010.11.23 00:56:56 | 000,354,304 | ---- | M] () -- C:\Programme\Raptr\pythoncom26.dll
MOD - [2010.11.23 00:56:56 | 000,110,592 | ---- | M] () -- C:\Programme\Raptr\pywintypes26.dll
MOD - [2010.11.23 00:56:26 | 000,324,608 | ---- | M] () -- C:\Programme\Raptr\PIL._imaging.pyd
MOD - [2010.11.23 00:56:02 | 000,805,376 | ---- | M] () -- C:\Programme\Raptr\_ssl.pyd
MOD - [2010.11.23 00:56:02 | 000,583,680 | ---- | M] () -- C:\Programme\Raptr\unicodedata.pyd
MOD - [2010.11.23 00:56:02 | 000,356,864 | ---- | M] () -- C:\Programme\Raptr\_hashlib.pyd
MOD - [2010.11.23 00:56:02 | 000,127,488 | ---- | M] () -- C:\Programme\Raptr\pyexpat.pyd
MOD - [2010.11.23 00:56:02 | 000,087,040 | ---- | M] () -- C:\Programme\Raptr\_ctypes.pyd
MOD - [2010.11.23 00:56:02 | 000,044,544 | ---- | M] () -- C:\Programme\Raptr\_sqlite3.pyd
MOD - [2010.11.23 00:56:02 | 000,043,008 | ---- | M] () -- C:\Programme\Raptr\_socket.pyd
MOD - [2010.11.23 00:56:02 | 000,009,216 | ---- | M] () -- C:\Programme\Raptr\winsound.pyd
MOD - [2010.09.09 00:51:38 | 001,377,448 | ---- | M] () -- C:\Programme\Raptr\plugins\libqq.dll
MOD - [2010.05.28 16:05:58 | 002,342,983 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\Normal.dll
MOD - [2010.05.28 16:04:04 | 000,110,592 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\AMD8.dll
MOD - [2010.05.28 14:15:02 | 000,344,131 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\work.dll
MOD - [2010.05.27 10:08:58 | 000,139,264 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\OCK.dll
MOD - [2010.05.25 14:00:34 | 000,290,816 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\MFCCPU.dll
MOD - [2010.05.21 13:29:08 | 000,196,608 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GVTunner.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.03.12 05:40:58 | 004,449,632 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\platform.dll
MOD - [2010.03.12 05:40:56 | 000,423,256 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\device.dll
MOD - [2010.01.12 17:09:20 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\SF.dll
MOD - [2009.12.22 16:52:04 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\ycc.dll
MOD - [2009.10.21 14:07:06 | 000,106,496 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\HM.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.05.07 15:22:58 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\CIAMIB.dll
MOD - [2008.03.25 17:21:56 | 000,219,656 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\GUI.exe
MOD - [2006.12.10 22:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 22:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2003.02.14 14:11:46 | 000,102,400 | ---- | M] () -- C:\Programme\GIGABYTE\ET6\Sound.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.15 02:16:55 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.11.21 12:49:24 | 000,247,608 | ---- | M] () [Disabled | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.08 19:58:50 | 000,560,640 | ---- | M] (Andreas Sammann) [Auto | Running] -- C:\Programme\C2DtoG15\SystoG15Svc.exe -- (SystoG15Service)
SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.08.10 10:24:08 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.05.13 18:07:24 | 000,080,392 | ---- | M] () [Auto | Running] -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008.04.15 17:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:35:20 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2002.01.20 19:02:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)
SRV - [2002.01.20 19:02:54 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva360.sys -- (XDva360)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\WPRO_40_1340.sys -- (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.26 17:24:50 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2012.04.26 17:24:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.15 11:27:18 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.26 14:28:19 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.26 14:28:19 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.01.02 15:37:24 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.09.22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.11.19 17:00:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.20\RivaTuner32.sys -- (RivaTuner32)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.07.26 22:30:00 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Running] -- C:\Programme\C2DtoG15\WinRing0.sys -- (WinRing0_1_2_0)
DRV - [2008.07.03 12:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008.02.14 08:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.08 18:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ATITool.sys -- (ATITool)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2006.06.06 09:51:06 | 000,022,528 | ---- | M] (WALTOP International Corp.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp)
DRV - [2003.10.15 18:52:50 | 000,174,530 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ov519vid.sys -- (ovt519)
DRV - [2002.01.20 19:02:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papyjoy.sys -- (papyjoy)
DRV - [2002.01.20 19:02:54 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Running] -- C:\Windows\System32\drivers\papycpu2.sys -- (papycpu2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 23:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.12 21:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Tommy\AppData\Roaming\11019 [2012.04.25 12:51:04 | 000,000,000 | ---D | M]
 
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2011.04.27 01:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.24 03:36:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.08 14:04:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\conduit.xml
[2012.04.07 01:18:12 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-1.xml
[2010.09.18 22:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-2.xml
[2010.10.21 15:45:25 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-3.xml
[2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin.xml
[2012.04.26 16:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.25 12:51:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TOMMY\APPDATA\ROAMING\11019
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:26:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [Raptr] C:\Programme\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Programme\GIGABYTE\ET6\ETcall.exe ()
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7C1B26-69B5-403D-8482-29F3ADB3332C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.26 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.04.26 16:31:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.26 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.26 16:26:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.26 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\xmldm
[2012.04.26 16:11:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.26 16:05:21 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.26 01:52:59 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe
[2012.04.26 00:44:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.25 20:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 20:21:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019
[2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.21 15:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.18 19:49:57 | 000,000,000 | RH-D | C] -- C:\Users\Tommy\AppData\Roaming\SecuROM
[2012.04.18 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM
[2012.04.18 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.18 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.12 03:07:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 03:07:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.12 03:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 03:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.12 03:07:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 03:07:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 03:06:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.12 03:06:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009
[2012.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2012 Patch
[1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 17:28:49 | 000,607,366 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.26 17:28:48 | 000,641,772 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.26 17:28:48 | 000,132,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.26 17:28:48 | 000,109,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.26 17:25:56 | 000,000,680 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2012.04.26 17:24:50 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.04.26 17:24:50 | 000,000,004 | ---- | M] () -- C:\Windows\System32\GVTunner.ref
[2012.04.26 17:24:34 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.04.26 17:24:14 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 17:24:14 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 17:24:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 17:24:06 | 3487,850,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.26 17:22:39 | 000,000,796 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.04.26 16:32:16 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.26 16:26:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.26 16:26:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.26 11:52:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.26 01:53:10 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe
[2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.26 00:35:03 | 000,073,216 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.25 20:21:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.25 18:01:22 | 000,000,016 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.04.25 14:07:27 | 000,000,048 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.24 11:10:39 | 000,226,792 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
[2012.04.24 11:10:39 | 000,007,368 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
[2012.04.18 19:15:41 | 001,047,158 | ---- | M] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\Tommy\AppData\Roaming\*.tmp files -> C:\Users\Tommy\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.26 16:32:16 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.26 16:32:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.26 11:52:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.25 20:21:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.24 11:10:39 | 000,226,792 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
[2012.04.24 11:10:39 | 000,007,368 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
[2012.04.22 00:21:57 | 3487,850,496 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 19:10:52 | 001,047,158 | ---- | C] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.12 18:10:30 | 000,000,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.11 20:30:19 | 000,000,016 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.03.13 21:47:28 | 000,017,408 | ---- | C] () -- C:\Users\Tommy\AppData\Local\WebpageIcons.db
[2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.12.05 23:29:47 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011.12.05 23:29:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011.12.05 23:28:44 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.11.09 18:12:00 | 000,019,400 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.10.13 01:41:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.15 11:03:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.09 17:47:26 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.16 12:55:28 | 011,010,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Sandra.mdb
[2011.04.13 15:07:49 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys
[2011.04.13 15:07:49 | 000,001,856 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys
[2011.04.13 15:06:50 | 000,000,202 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.12 13:44:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.26 14:28:19 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.26 14:28:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.02.14 13:42:58 | 000,000,552 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d8caps.dat
[2011.01.06 18:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.06 17:45:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2010.12.06 03:16:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.11.04 03:16:50 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2010.10.20 12:01:05 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.10.20 12:01:05 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.08.27 21:28:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.08.27 21:28:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.07.23 18:18:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.23 18:18:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.20 16:25:39 | 000,073,216 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.19 11:10:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.07.18 23:16:38 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.07.18 10:56:50 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.07.17 23:02:49 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.07.17 13:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.17 13:02:17 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.07.17 12:58:09 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.04.11 20:30:23 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11009
[2012.04.12 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.12 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.13 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.17 02:00:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.17 12:02:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.22 00:34:38 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.23 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.24 11:10:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.25 12:51:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\11019
[2011.01.08 03:38:53 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Activision
[2011.04.13 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\AnvSoft
[2010.07.17 13:23:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CheckPoint
[2011.04.12 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner
[2012.01.24 03:36:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoft
[2011.04.24 13:17:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.10 01:41:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\GetRightToGo
[2012.04.26 17:24:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ICQ
[2012.03.06 14:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Image Zone Express
[2011.11.18 00:37:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LaunchPad
[2010.08.27 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LG Electronics
[2011.06.23 23:38:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LucasArts
[2010.10.07 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org
[2011.09.15 11:04:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\pdfforge
[2011.02.22 00:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Petroglyph
[2010.11.03 21:19:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Printer Info Cache
[2011.10.05 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Prism
[2011.09.23 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Quest3D
[2012.04.26 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Raptr
[2011.09.23 01:41:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Roaming
[2011.07.20 17:43:17 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Simfy
[2011.12.12 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird
[2011.04.27 01:03:56 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TomTom
[2012.04.22 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client
[2012.04.26 16:21:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\xmldm
[2012.04.26 17:22:45 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2012 17:33:50 - Run 3
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,67% Memory free
6,68 Gb Paging File | 5,24 Gb Available in Paging File | 78,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 145,00 Gb Free Space | 31,13% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,00 Gb Free Space | 11,42% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3BEC-B7BA-4BCB-B93D-F0AFA4F2FC84}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe | 
"{17BF2527-3D2C-4E27-A52A-335D765C9B71}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe | 
"{B4D26F88-212D-4814-AE61-E5025C3D2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C9647509-994C-4A16-B4CA-EC7109561E02}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00620CC1-D498-4423-9896-CC5A77255AD5}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{01B24FCC-2E63-4DA1-84AC-9FC6D8C80AFC}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{04A02DE7-9BAB-494A-B528-1A32D0745159}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{05205A34-0373-4CB1-A7A0-AD1B184C2011}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{0631EAED-5859-4807-B74C-85F3B01193A9}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{07B84C9C-8307-4494-8DFD-1DAF134E9023}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{07DE5062-84F0-4B3D-B299-3544E3D391A7}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{0D63082B-4CB1-4B9D-ABED-B4FE72C8C464}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{1120922E-2CFF-41D9-BA00-8CE71EA9FE22}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{184BA749-E1D9-45F0-9262-555402C4F527}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{19EDD077-C8C4-4EE2-A320-DEDB7134B9DC}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1CB0E5CE-4F79-4E8A-BDF2-D5C39D886FAB}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{1DB4FF3C-0507-47EC-B8EA-C5EF4C8D86EB}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{1E45F541-C265-4E80-AAAF-6E8AD018DC57}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{23C56C71-059B-4021-B9C8-CD76219E796A}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{324851DB-58D2-4E7B-BAF2-E0996704E922}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{35BA93CB-333C-4CF6-8725-11A17A243391}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{3A589C88-CF25-42B8-9FA1-92497C882B7A}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{3AC095A9-3247-4C63-8473-3BD770B9C20B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{3E9D0BFA-3CE7-4FB1-A21B-57ADD51A3EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{42377774-C2DE-4D34-B9F3-C32BBC1C7AD2}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{4392C986-9C66-4DC7-931C-D7C1025685F8}" = protocol=6 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{4C140D38-27DC-4D28-BAE3-1E66BF97CEF1}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{50C5997D-B2D4-4F9B-B2F8-78B56D6DEA04}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{59E4CCF8-22B5-4C4F-87EE-06A1BB88D51D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{60DFDA8D-4F6E-48B4-962B-2ADD5E106EEC}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{62757F24-4DFF-4168-9234-4D327FA7E047}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{651A1A49-015B-4C90-9DE9-832A7E8BA785}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{669BCEAE-EFCA-4731-B451-EF0D095218BB}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{6825AEE4-B11B-4EDB-8390-190C1A04BC1E}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{69B164D5-A05D-47DF-9AF2-EA1822B42267}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6F73E07A-155A-4446-A5EA-B735BDB4593B}" = protocol=17 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{725138F0-640F-4CAC-94EE-7C148F6A877D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{791F8798-EFB2-4E96-9020-C56D4FF7BEDD}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{79E3658D-84F3-4488-B3F1-96F6EE0F796D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7AD4D544-6D73-455A-BBFF-30551F72919F}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{7B6CB3B9-CDB5-4A24-90EF-E95202F4017B}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{82E761B3-68B0-48FE-86AE-07A06B46FFFA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{85C784E8-E53A-4FF8-A799-B194D047EB17}" = protocol=6 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{86D45300-0ACD-4BE8-AB72-030A7827B356}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{880E771B-8EE5-42F4-825B-6F1BD9F39299}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{8C528F8F-F9E0-468E-A0E7-80D0C6046279}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{938512F5-34FE-4BA1-AA62-0E2441A6F1B8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{94733B01-EFEF-4380-8485-D76DA1B97A93}" = protocol=17 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{95F18369-3CA7-45A7-B410-D932FEA49DA2}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{96F625FD-1546-4B7F-9F13-12DBE198CA5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9C38C6AB-BA1D-40AA-9CC3-3AC823585D2B}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{9D8B252F-6326-4430-821A-316AD24CA993}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{9EB1B8D1-4A1C-4CC8-A5A7-7CABB99B6676}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{A15AB570-8384-4902-9D28-2FB4F6BD58AB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A1FFC0BC-265D-4E1E-AFC0-7BC8DDDF8284}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{A22B1C81-8077-4B1B-925A-2003ED70E811}" = protocol=17 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{AA526D98-2546-4B01-9B31-BD81DE179A61}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{AB965C6A-AC05-4DD4-90D9-2693C880D0C5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{B1BB64BA-947C-4E8B-893B-894A6A5CF03B}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{B6AD2761-C0BA-4118-90E1-5D00BC3F05DD}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{C4E6D21C-2533-44CD-8AEA-BC3CBBB65F03}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{D0693EBA-B3B3-4D51-8710-B584971E25CF}" = protocol=6 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{D2762F96-67AE-4661-85F2-93677C02B61C}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{D2E250DE-8CED-4856-821F-A915978A3047}" = protocol=6 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{D2FEF08A-BA2F-4BFE-8495-C28381A88465}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{D8A0FC63-6DB0-4125-AF9E-1D00DB435CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB0EE392-F4C7-40CD-BC17-D20B73A179A0}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{DC9915A7-A4E1-4F03-BDB2-2D294B9706F7}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{E16414F2-4350-45CC-8098-6D9935769051}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{E359C5D5-6000-42B2-97CC-223E33D82831}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E4E9454F-0456-4B33-9BD7-483B19A1D56F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E56812BF-5C28-4F52-A7E4-55BC8D7CFC2B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{E6B40784-8AB0-4447-B716-5F0808923114}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{EB685CA2-12DF-4AC1-8522-714E9561AB02}" = protocol=17 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{EB6BA865-1719-444D-B73A-6322C6DF530B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{EDA860F6-074C-41B9-9658-EF874CC73C76}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{EDFD00CD-8896-414F-AA72-07650C4F0301}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{F08CE25F-BB41-49B3-ACCB-7616CF6A8B3C}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{F6E67672-46EE-47A7-AB25-BA1503196D01}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{FA4A80D3-5AE6-4FD9-875C-7DD84059AE30}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"{FECE9618-DC46-4FDC-A57C-3B22D90001C2}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"TCP Query User{0D5EBFBC-A9A4-438C-B1D8-7207BE0D26A8}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{0EDD7BF4-BA1D-483A-BDBA-6C18E7FB5F2C}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{25FC25FB-538C-421A-BB38-DAB484798C45}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{354DF200-F50E-42F1-B226-24FD7EDC1E24}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{3A281E06-7267-4768-A385-2042F13D632D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{7BD0C7D7-F7B8-44DD-A8F0-917490ED8D41}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{A4E43130-B07D-40AA-840E-7265589F4480}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C6F24F49-73D7-4621-BAFE-891D0DE44590}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{017ABF61-7E57-4DB4-88CE-20257B965F54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2738105C-0A02-44A5-A826-626C478737A9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{50FC507A-C9A5-4A78-B157-1D4D8DEF50BD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{842BD1C4-91FA-4B84-9BF1-77073DFB2578}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{9E5D26BC-0E59-4953-8E0E-E3E183CDDEFB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{D3AFC773-2271-46A8-AB69-049243EC6FD5}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{E14BE6CF-E5E0-4444-A059-21EE2136BA75}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{E6D79A89-5C1D-4F41-983C-7770670D18CC}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.0.1
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028302}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028303}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision(R)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.1
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneDVD2" = CloneDVD2
"Episode 1" = Back to the Future The Game - Episode 1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Ein Quantum Trost(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IP Changer 2.0" = IP Changer 2.0
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"pepakura_designer3en" = Pepakura Designer 3
"RADVideo" = RAD Video Tools
"Rainlendar2" = Rainlendar2 (remove only)
"Raptr" = Raptr
"RivaTuner" = RivaTuner v2.20
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"SopCast" = SopCast 3.3.2
"StarCraft" = StarCraft
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 31740" = Iron Grip: Marauders
"Steam App 36620" = Forsaken World 
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 61720" = Might and Magic: Clash of Heroes - Demo
"Steam App 90530" = Rise of Immortals
"Steam App 99870" = Bulletstorm Demo
"Tales of Monkey Island" = Tales of Monkey Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"Volumenzähler_is1" = Volumenzähler 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Worms Armageddon" = Worms Armageddon
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"Smart Shutdown Manager" = Smart Shutdown Manager
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---



ich hoff, des passt soweit

Alt 26.04.2012, 17:57   #7
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



Zitat:
Zitat von Tommyfighter Beitrag anzeigen
1. defender ist abgeschaltet
nur bei

? Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen
da hab ich kein "eigenschaften" gefunden.
hast Du den Windows Defender dort gefunden? wenn ja Rechtsklick drauf-> Eigenschaften...Dienststaus beenden
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 26.04.2012, 18:12   #8
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



aso, ja jetzt scho.

also dienststatus beendet und starttyp ist deaktiviert

Alt 26.04.2012, 18:46   #9
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



zu Punk 8.:
ich bin mir fast 100% sicher, da Malware am Spiel ist. aber machen wir erstmal weiter:

1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!


2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows 2000 (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise
  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte vorher fragen.
  • Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
    Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 27.04.2012, 01:02   #10
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



ich habs wie beschrieben durchgeführt und alle wichtigen daten separat gesaved.
nur zum ende hin sagte er, dass das programm nicht richtig ausgeführt wurde. aber er hat dann doch weitergemacht und den log gebracht.

ComboFix.txt
[Code]
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-26.01 - Tommy 27.04.2012   1:34.1.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.3325.1948 [GMT 2:00]
ausgeführt von:: c:\users\Tommy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Tommy\AppData\Local\assembly\tmp
c:\users\Tommy\AppData\Roaming\AcroIEHelpe.txt
c:\users\Tommy\AppData\Roaming\AcroIEHelpe109.dll
c:\users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\bookmarks.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\clients.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\forms.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\history.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\passwords.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\prefs.json
c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\tabs.json
c:\users\Tommy\AppData\Roaming\Roaming
c:\users\Tommy\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Tommy\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-26 bis 2012-04-26  ))))))))))))))))))))))))))))))
.
.
2012-04-26 23:46 . 2012-04-26 23:46	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-26 23:46 . 2012-04-26 23:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-26 14:32 . 2012-04-26 14:32	--------	d-----w-	c:\program files\Common Files\Adobe
2012-04-26 14:29 . 2012-04-26 14:29	--------	d-----w-	c:\program files\Common Files\Java
2012-04-26 14:21 . 2012-04-26 14:21	--------	d-----w-	c:\users\Tommy\AppData\Roaming\xmldm
2012-04-26 14:11 . 2012-04-26 14:11	--------	d-----w-	C:\_OTL
2012-04-26 14:05 . 2012-04-26 14:05	--------	d-----w-	c:\windows\Internet Logs
2012-04-25 18:21 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-25 10:51 . 2012-04-25 10:51	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11019
2012-04-24 09:10 . 2012-04-24 09:10	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11018
2012-04-24 07:24 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAE87D6D-0ACA-491D-90D6-A11AB575E210}\mpengine.dll
2012-04-23 09:58 . 2012-04-23 09:58	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11017
2012-04-21 13:15 . 2012-04-21 13:16	--------	d-----w-	c:\programdata\Battle.net
2012-04-21 12:42 . 2012-04-21 22:34	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11016
2012-04-18 17:49 . 2012-04-18 17:49	--------	d--h--r-	c:\users\Tommy\AppData\Roaming\SecuROM
2012-04-18 17:30 . 2012-04-18 17:31	--------	d-----w-	c:\programdata\WinZip
2012-04-17 10:02 . 2012-04-17 10:02	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11015
2012-04-16 18:38 . 2012-04-17 00:00	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11014
2012-04-13 10:45 . 2012-04-13 10:45	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11013
2012-04-12 12:01 . 2012-04-12 13:30	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11012
2012-04-12 11:04 . 2012-04-12 11:04	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11010
2012-04-12 01:06 . 2012-03-06 06:39	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:06 . 2012-03-06 06:39	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 20:05 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 18:30 . 2012-04-11 18:30	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11009
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-26 22:55 . 2010-07-18 08:56	24944	----a-w-	c:\windows\system32\drivers\GVTDrv.sys
2012-04-26 22:55 . 2010-07-17 11:02	17488	----a-w-	c:\windows\gdrv.sys
2012-04-26 14:26 . 2011-02-27 15:54	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-26 21:01 . 2011-09-24 16:48	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 19:21 . 2012-02-29 19:21	42392	----a-w-	c:\windows\system32\xfcodec.dll
2012-02-23 08:18 . 2010-07-17 23:56	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 09:27 . 2011-10-25 23:30	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-15 00:22	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-15 00:22	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-15 00:22	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-15 00:22	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-15 00:22	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-15 00:22	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-03-26 21:04	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26	3908192	----a-w-	c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2012-04-16 53168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-12 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - c:\program files\C2DtoG15\C2DtoG15.exe [2010-7-18 557568]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-2-29 3537304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 04:41	329656	----a-w-	c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-07 08:19	6139904	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeCounter]
2001-07-30 12:51	278528	----a-w-	c:\program files\Volumenzaehler\BoVolume.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Free YouTube to Mp3 Converter - c:\users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-CloneCDTray - d:\bescheißen\SlySoft\CloneCD\CloneCDTray.exe
MSConfigStartUp-IP Changer 2 - c:\program files\Plustech Inc.\IP Changer 2.0\yourapp.Exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
AddRemove-Worms Armageddon - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-27 01:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!! 
error: Read  Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-04-27  01:48:32
ComboFix-quarantined-files.txt  2012-04-26 23:48
.
Vor Suchlauf: 31 Verzeichnis(se), 154.353.491.968 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 154.257.461.248 Bytes frei
.
- - End Of File - - E170BA79B41CB3DBF375FAFDBC2488BA
         
--- --- ---



Add-Remove Programs.txt
Code:
ATTFilter
32 Bit HP CIO Components Installer
3DMark 11
Activision(R)
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Aion
Any Video Converter 3.2.1
Apple Application Support
Apple Software Update
ATITool Overclocking Utility
Avira Free Antivirus
Back to the Future The Game - Episode 1
BufferChm
Bulletstorm Demo
C2DtoG15 2.0.0.1
C3100
c3100_Help
CCleaner
Cheat Engine 6.0
CloneDVD2
Copy
CustomerResearchQFolder
Der Herr der Ringe Online v03.02.04.8010
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Dragon Age II Demo
DSL-Manager
Easy Tune 6 B10.0528.1
Ein Quantum Trost(TM)
Energy Saver Advance B8.0610.1
eSupportQFolder
Fallout 3
Fax
Forsaken World 
Fraps (remove only)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.10.15.1228
Google Earth Plug-in
Google Update Helper
GRID
Half-Life 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
ICQ Toolbar
ICQ7.5
Infineon USB driver 1.0.0.6
Intel® Matrix Storage Manager
IP Changer 2.0
Iron Grip: Marauders
Java Auto Updater
Java(TM) 6 Update 31
Kane & Lynch 2: Dog Days
LG Internet Kit
LG PC Suite III
LG USB Modem Drivers
Livestream Procaster
Logitech Eyetoy Webcam
Logitech GamePanel Software 3.04.143
Malwarebytes Anti-Malware Version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.0
Might and Magic: Clash of Heroes - Demo
Mozilla Firefox 11.0 (x86 de)
Mozilla Thunderbird 11.0.1 (x86 de)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NASCAR® Racing 2002 Season
NCsoft Launcher
NVIDIA 3D Vision Controller-Treiber 280.19
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Treiber 280.26
NVIDIA Grafiktreiber 280.26
NVIDIA Install Application
NVIDIA nTune
NVIDIA PhysX
NVIDIA PhysX-Systemsoftware 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 280.26
NVIDIA Update 1.4.28
NVIDIA Update Components
OpenAL
OpenTTD 1.1.3
Orcs Must Die! Demo
PDFCreator
Pepakura Designer 3
Pro Evolution Soccer 2011
Pro Evolution Soccer 2011 DEMO
Pro Evolution Soccer 2012
Pro Evolution Soccer 2012 DEMO
Quantum of Solace(TM) 1.1 Patch
QuickTime
RAD Video Tools
Rainlendar2 (remove only)
Raptr
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Red Faction Guerrilla
Red Faction: Guerrilla
Republic Heroes
RESIDENT EVIL 5
Rise of Immortals
RivaTuner v2.20
Rusty Hearts
Sam & Max - Culture Shock 1.0
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Windows Media Encoder (KB2447961)
Ship Simulator Extremes Demo
SiSoftware Sandra Lite 2011.SP2
Skype™ 5.5
Smart Shutdown Manager
SolutionCenter
SopCast 3.3.2
Star Wars Empire at War
Star Wars Republic Commando
Star Wars: The Old Republic
StarCraft
Status
Tales of Monkey Island
Team Fortress 2
TeamSpeak 3 Client
The Witcher
TomTom HOME 2.8.2.2264
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Two Worlds
Uninstall 1.0.0.1
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
USB Flash Port Driver
Veetle TV 0.9.18
VLC media player 1.1.0
Volumenzähler 1.0
WebReg
Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Media Encoder 9-Reihe
WinRAR
Wolfenstein
World of Warcraft
Worms Armageddon
Worms Reloaded
Xfire (remove only)
Zattoo4 4.0.5
         

combofix-quarantined-files.txt falls das auch noch relevant ist
Code:
ATTFilter
2012-04-26 23:48:03 . 2012-04-26 23:48:03              540 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\AddRemove-Worms Armageddon.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45              938 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpybotSD TeaTimer.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45              932 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-IP Changer 2.reg.dat
2012-04-26 23:46:45 . 2012-04-26 23:46:45              910 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-CloneCDTray.reg.dat
2012-04-26 23:46:38 . 2012-04-26 23:46:38              101 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-PlayNC Launcher.reg.dat
2012-04-26 23:46:37 . 2012-04-26 23:46:37              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}.reg.dat
2012-04-26 23:46:37 . 2012-04-26 23:46:37              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}.reg.dat
2012-04-26 23:44:31 . 2012-04-26 23:44:31            4,967 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-04-26 23:31:47 . 2012-04-26 23:34:29               82 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-04-24 09:10:39 . 2012-04-24 09:10:39            7,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\BAcroIEHelpe109.dll.vir
2012-04-24 09:10:39 . 2012-04-24 09:10:39          226,792 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\AcroIEHelpe109.dll.vir
2012-04-11 18:30:30 . 2012-04-24 09:10:39               65 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\AcroIEHelpe.txt.vir
2012-04-11 18:30:17 . 2012-04-11 18:30:17              264 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\srvblck5.tmp.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\tabs.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\prefs.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\passwords.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\history.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\forms.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\bookmarks.json.vir
2011-09-23 10:16:48 . 2011-09-23 10:16:48                2 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\weave\toFetch\clients.json.vir
2011-04-15 14:37:13 . 1997-05-29 14:31:26          315,904 ----a-w-  C:\Qoobox\Quarantine\C\Windows\IsUn0407.exe.vir
2010-08-20 10:23:42 . 2010-08-20 10:23:42          243,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\Tommy\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst.vir
2007-11-07 07:03:18 . 2007-11-07 07:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\C\Install.exe.vir
2003-02-21 04:16:08 . 2003-02-21 04:16:08           49,152 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\URTTEMP\regtlib.exe.vir
         

Alt 27.04.2012, 05:57   #11
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



1.
Die combofix.exe befindet sich noch auf Deinem Desktop?
Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als cfscript.txt mit "Speichern unter" auf dem Desktop. Gib an "Alle Dateien" - Speichern:
Code:
ATTFilter
KILLALL::

File::
c:\users\Tommy\AppData\Roaming\xmldm
c:\users\Tommy\AppData\Roaming\11019
c:\users\Tommy\AppData\Roaming\11018
c:\users\Tommy\AppData\Roaming\11017
c:\users\Tommy\AppData\Roaming\11016
c:\users\Tommy\AppData\Roaming\11015
c:\users\Tommy\AppData\Roaming\11014
c:\users\Tommy\AppData\Roaming\11013
c:\users\Tommy\AppData\Roaming\11012
c:\users\Tommy\AppData\Roaming\11010
c:\users\Tommy\AppData\Roaming\11009
c:\program files\ConduitEngine\ConduitEngine.dll
         
solltest Du dann auf dem Desktop diese Datei cfscript.txt finden

in bezug auf das obige bild, ziehe das CFScript in die combofix.exe hinein. wenn CF fertig ist, wird es eine Logdatei unter C:\ComboFix.txt erstellen, poste den inhalt.
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt - Warte, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint!
Bitte füge es hier als nächste Antwort ein.

2.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und extra.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 27.04.2012, 11:44   #12
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



habs gemacht wie beschrieben. nur lassen sich jetzt der firefox und der internetexplorer nicht mehr normal öffnen. sie lassen sich nur öffnen, wenn ich sie als administrator ausführe. wenn ich normal draufklicke heißt es:

Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

combofix log
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-26.01 - Tommy 27.04.2012  12:13:38.2.2 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.3325.2083 [GMT 2:00]
ausgeführt von:: c:\users\Tommy\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tommy\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\ConduitEngine\ConduitEngine.dll"
"c:\users\Tommy\AppData\Roaming\11009"
"c:\users\Tommy\AppData\Roaming\11010"
"c:\users\Tommy\AppData\Roaming\11012"
"c:\users\Tommy\AppData\Roaming\11013"
"c:\users\Tommy\AppData\Roaming\11014"
"c:\users\Tommy\AppData\Roaming\11015"
"c:\users\Tommy\AppData\Roaming\11016"
"c:\users\Tommy\AppData\Roaming\11017"
"c:\users\Tommy\AppData\Roaming\11018"
"c:\users\Tommy\AppData\Roaming\11019"
"c:\users\Tommy\AppData\Roaming\xmldm"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine\ConduitEngine.dll
c:\users\Tommy\9-8b.jpg
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-27 bis 2012-04-27  ))))))))))))))))))))))))))))))
.
.
2012-04-27 10:20 . 2012-04-27 10:20	63115	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-04-27 10:20 . 2012-04-27 10:20	4599	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-04-27 10:18 . 2012-04-27 10:20	--------	d-----w-	c:\users\Tommy\AppData\Local\temp
2012-04-27 10:18 . 2012-04-27 10:18	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-04-27 10:18 . 2012-04-27 10:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-27 00:10 . 2012-04-27 00:10	--------	d-----w-	c:\program files\HD Tune
2012-04-27 00:05 . 2012-04-27 00:05	--------	d-----w-	c:\program files\Simpli Software
2012-04-26 14:32 . 2012-04-26 14:32	--------	d-----w-	c:\program files\Common Files\Adobe
2012-04-26 14:29 . 2012-04-26 14:29	--------	d-----w-	c:\program files\Common Files\Java
2012-04-26 14:21 . 2012-04-26 14:21	--------	d-----w-	c:\users\Tommy\AppData\Roaming\xmldm
2012-04-26 14:11 . 2012-04-26 14:11	--------	d-----w-	C:\_OTL
2012-04-26 14:05 . 2012-04-26 14:05	--------	d-----w-	c:\windows\Internet Logs
2012-04-25 18:21 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-25 10:51 . 2012-04-25 10:51	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11019
2012-04-24 09:10 . 2012-04-24 09:10	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11018
2012-04-24 07:24 . 2012-04-13 07:36	6734704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAE87D6D-0ACA-491D-90D6-A11AB575E210}\mpengine.dll
2012-04-23 09:58 . 2012-04-23 09:58	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11017
2012-04-21 13:15 . 2012-04-21 13:16	--------	d-----w-	c:\programdata\Battle.net
2012-04-21 12:42 . 2012-04-21 22:34	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11016
2012-04-18 17:49 . 2012-04-18 17:49	--------	d--h--r-	c:\users\Tommy\AppData\Roaming\SecuROM
2012-04-18 17:30 . 2012-04-18 17:31	--------	d-----w-	c:\programdata\WinZip
2012-04-17 10:02 . 2012-04-17 10:02	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11015
2012-04-16 18:38 . 2012-04-17 00:00	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11014
2012-04-13 10:45 . 2012-04-13 10:45	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11013
2012-04-12 12:01 . 2012-04-12 13:30	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11012
2012-04-12 11:04 . 2012-04-12 11:04	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11010
2012-04-12 01:06 . 2012-03-06 06:39	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:06 . 2012-03-06 06:39	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 20:05 . 2012-03-01 11:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-04-11 18:30 . 2012-04-11 18:30	--------	d-----w-	c:\users\Tommy\AppData\Roaming\11009
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-27 10:20 . 2010-07-17 11:02	16608	----a-w-	c:\windows\gdrv.sys
2012-04-27 10:04 . 2010-07-18 08:56	24944	----a-w-	c:\windows\system32\drivers\GVTDrv.sys
2012-04-26 14:26 . 2011-02-27 15:54	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-26 21:01 . 2011-09-24 16:48	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-29 19:21 . 2012-02-29 19:21	42392	----a-w-	c:\windows\system32\xfcodec.dll
2012-02-23 08:18 . 2010-07-17 23:56	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 09:27 . 2011-10-25 23:30	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 15:45 . 2012-03-15 00:22	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-15 00:22	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-15 00:22	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-15 00:22	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-15 00:22	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-02-02 15:16 . 2012-03-15 00:22	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-03-26 21:04	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2012-04-16 53168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-12 119608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 357448]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 1573448]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 3203144]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-10-31 81920]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - c:\program files\C2DtoG15\C2DtoG15.exe [2010-7-18 557568]
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2012-2-29 3537304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DSL-Manager.lnk - c:\program files\DSL-Manager\DslMgr.exe [2011-10-6 1085440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-08-23 04:41	329656	----a-w-	c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-07 08:19	6139904	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 10:15	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeCounter]
2001-07-30 12:51	278528	----a-w-	c:\program files\Volumenzaehler\BoVolume.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: Free YouTube to Mp3 Converter - c:\users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\ConduitEngine.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-04-27 12:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\GIGABYTE\EnergySaver\GSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\C2DtoG15\SyStoG15Svc.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DSL-Manager\DslMgrSvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\progra~1\Raptr\raptr.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\progra~1\Raptr\raptr_im.exe
c:\program files\Xfire\xfire_exception.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-27  12:24:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-27 10:24
ComboFix2.txt  2012-04-26 23:48
.
Vor Suchlauf: 34 Verzeichnis(se), 154.165.428.224 Bytes frei
Nach Suchlauf: 35 Verzeichnis(se), 154.103.275.520 Bytes frei
.
- - End Of File - - 17B32305E21FC6554CAC051201906199
         
--- --- --- OTL OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.04.2012 12:34:19 - Run 4
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 59,05% Memory free
6,68 Gb Paging File | 5,31 Gb Available in Paging File | 79,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 143,59 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,09 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 113,61 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Raptr\raptr.exe (Raptr, Inc)
PRC - C:\Programme\Raptr\raptr_im.exe (Raptr, Inc)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
PRC - C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
PRC - C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Tommy\AppData\Roaming\11019\components\AcroFF019.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Raptr\PyQt4.QtNetwork.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtCore.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtWebKit.pyd ()
MOD - C:\Programme\Raptr\PyQt4.QtGui.pyd ()
MOD - C:\Programme\Raptr\sip.pyd ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Programme\Raptr\libtorrent.pyd ()
MOD - C:\Programme\Raptr\heliotrope._purple.pyd ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Raptr\liboscar.dll ()
MOD - C:\Programme\Raptr\libjabber.dll ()
MOD - C:\Programme\Raptr\libymsg.dll ()
MOD - C:\Programme\Raptr\plugins\libaim.dll ()
MOD - C:\Programme\Raptr\plugins\libicq.dll ()
MOD - C:\Programme\Raptr\plugins\libirc.dll ()
MOD - C:\Programme\Raptr\plugins\ssl-nss.dll ()
MOD - C:\Programme\Raptr\plugins\libyahoojp.dll ()
MOD - C:\Programme\Raptr\plugins\ssl.dll ()
MOD - C:\Programme\Raptr\plugins\libmsn.dll ()
MOD - C:\Programme\Raptr\plugins\libxmpp.dll ()
MOD - C:\Programme\Raptr\plugins\libyahoo.dll ()
MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Programme\Raptr\libxml2-2.dll ()
MOD - C:\Programme\Raptr\sqlite3.dll ()
MOD - C:\Users\Tommy\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GermanyRain.gadget\GermanyRainRadar.dll ()
MOD - C:\Programme\Raptr\zlib1.dll ()
MOD - C:\Programme\Raptr\win32gui.pyd ()
MOD - C:\Programme\Raptr\win32file.pyd ()
MOD - C:\Programme\Raptr\win32api.pyd ()
MOD - C:\Programme\Raptr\win32process.pyd ()
MOD - C:\Programme\Raptr\gobject._gobject.pyd ()
MOD - C:\Programme\Raptr\win32com.shell.shell.pyd ()
MOD - C:\Programme\Raptr\pythoncom26.dll ()
MOD - C:\Programme\Raptr\pywintypes26.dll ()
MOD - C:\Programme\Raptr\PIL._imaging.pyd ()
MOD - C:\Programme\Raptr\_ssl.pyd ()
MOD - C:\Programme\Raptr\unicodedata.pyd ()
MOD - C:\Programme\Raptr\_hashlib.pyd ()
MOD - C:\Programme\Raptr\pyexpat.pyd ()
MOD - C:\Programme\Raptr\_ctypes.pyd ()
MOD - C:\Programme\Raptr\_sqlite3.pyd ()
MOD - C:\Programme\Raptr\_socket.pyd ()
MOD - C:\Programme\Raptr\winsound.pyd ()
MOD - C:\Programme\Raptr\plugins\libqq.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SystoG15Service) -- C:\Programme\C2DtoG15\SystoG15Svc.exe (Andreas Sammann)
SRV - (getPlusHelper) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\RpcAgentSrv.exe (SiSoftware)
SRV - (TDslMgrService) -- C:\Programme\DSL-Manager\DslMgrSvc.exe (T-Systems Enterprise Services GmbH)
SRV - (GEST Service) -- C:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()
SRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva391) -- C:\Windows\system32\XDva391.sys File not found
DRV - (XDva390) -- C:\Windows\system32\XDva390.sys File not found
DRV - (XDva360) -- C:\Windows\system32\XDva360.sys File not found
DRV - (WPRO_40_1340) WinPcap Packet Driver (WPRO_40_1340) -- system32\drivers\WPRO_40_1340.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (mbr) -- C:\Users\Tommy\AppData\Local\Temp\mbr.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows (R) 2000 DDK provider)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP2\WNt500x86\sandra.sys (SiSoftware)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RivaTuner32) -- C:\Programme\RivaTuner v2.20\RivaTuner32.sys ()
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (WinRing0_1_2_0) -- C:\Programme\C2DtoG15\WinRing0.sys (OpenLibSys.org)
DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (dsltestSp5) -- C:\Windows\System32\drivers\DslTestSp5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (DslMNLwf) -- C:\Windows\System32\drivers\dslmnlwf.sys (T-Systems Enterprise Services GmbH)
DRV - (aiptektp) -- C:\Windows\System32\drivers\aiptektp.sys (WALTOP International Corp.)
DRV - (ovt519) -- C:\Windows\System32\drivers\ov519vid.sys (OmniVision Technologies, Inc.)
DRV - (papyjoy) -- C:\Windows\System32\drivers\papyjoy.sys ()
DRV - (papycpu2) -- C:\Windows\System32\drivers\papycpu2.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 76 AC 14 61 24 CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tommy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.26 23:04:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.12 21:57:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Tommy\AppData\Roaming\11019 [2012.04.25 12:51:04 | 000,000,000 | ---D | M]
 
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions
[2011.04.27 01:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.10.05 21:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions
[2012.03.28 22:12:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.24 03:36:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.08 14:04:12 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\dnmzewow.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.08.31 11:25:08 | 000,000,917 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\conduit.xml
[2012.04.07 01:18:12 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-1.xml
[2010.09.18 22:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-2.xml
[2010.10.21 15:45:25 | 000,000,950 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin-3.xml
[2011.03.30 16:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\dnmzewow.default\searchplugins\icqplugin.xml
[2012.04.26 16:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:26:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.25 12:51:04 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\TOMMY\APPDATA\ROAMING\11019
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:26:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2012.04.27 12:18:31 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Raptr] C:\Programme\Raptr\raptrstub.exe (Raptr, Inc)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Programme\C2DtoG15\C2DtoG15.exe (Andreas Sammann)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O4 - Startup: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Tommy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D7C1B26-69B5-403D-8482-29F3ADB3332C}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Tommy\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.27 12:24:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.27 12:20:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.27 12:18:29 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\temp
[2012.04.27 12:11:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.04.27 02:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2012.04.27 02:10:44 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2012.04.27 02:05:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simpli Software
[2012.04.27 02:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Simpli Software
[2012.04.27 01:31:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.27 01:31:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.27 01:31:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.27 01:31:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.27 01:31:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.27 00:46:00 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Tommy\Desktop\ComboFix.exe
[2012.04.26 16:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.04.26 16:31:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.04.26 16:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.04.26 16:26:36 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.26 16:26:36 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.26 16:21:52 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\xmldm
[2012.04.26 16:11:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.26 16:05:21 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012.04.26 01:52:59 | 003,654,896 | ---- | C] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe
[2012.04.26 00:44:33 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.25 20:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.25 20:21:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.25 12:51:04 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11019
[2012.04.24 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11018
[2012.04.23 11:58:15 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11017
[2012.04.21 15:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.04.21 14:42:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11016
[2012.04.18 19:49:57 | 000,000,000 | RH-D | C] -- C:\Users\Tommy\AppData\Roaming\SecuROM
[2012.04.18 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAPCOM
[2012.04.18 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.04.18 19:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.04.17 12:02:36 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11015
[2012.04.16 20:38:39 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11014
[2012.04.13 12:45:05 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11013
[2012.04.12 14:01:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11012
[2012.04.12 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11010
[2012.04.12 03:07:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 03:07:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.12 03:07:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 03:07:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.12 03:07:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 03:07:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 03:06:38 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.12 03:06:38 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 20:30:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\11009
[2012.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PESEdit.com 2012 Patch
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.27 12:25:31 | 000,641,772 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.27 12:25:31 | 000,607,366 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.27 12:25:31 | 000,132,410 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.27 12:25:31 | 000,109,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.27 12:20:06 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys
[2012.04.27 12:19:49 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.27 12:19:49 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.27 12:19:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.27 12:19:42 | 3487,850,496 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.27 12:18:31 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.04.27 12:04:03 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2012.04.27 02:55:24 | 000,000,796 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.04.27 02:10:45 | 000,000,740 | ---- | M] () -- C:\Users\Tommy\Desktop\HD Tune.lnk
[2012.04.27 00:46:23 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Tommy\Desktop\ComboFix.exe
[2012.04.27 00:21:46 | 000,166,400 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.26 23:13:02 | 000,000,680 | ---- | M] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat
[2012.04.26 16:32:16 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.26 16:26:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.04.26 16:26:23 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.04.26 16:26:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.04.26 11:52:26 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.26 01:53:10 | 003,654,896 | ---- | M] (Piriform Ltd) -- C:\Users\Tommy\Desktop\ccsetup318.exe
[2012.04.26 00:44:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe
[2012.04.25 20:21:05 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.25 18:01:22 | 000,000,016 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.04.25 14:07:27 | 000,000,048 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.18 19:15:41 | 001,047,158 | ---- | M] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.04.27 02:10:45 | 000,000,740 | ---- | C] () -- C:\Users\Tommy\Desktop\HD Tune.lnk
[2012.04.27 01:31:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.27 01:31:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.27 01:31:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.27 01:31:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.27 01:31:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.26 16:32:16 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.04.26 16:32:16 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.04.26 11:52:26 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.25 20:21:05 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.22 00:21:57 | 3487,850,496 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 19:10:52 | 001,047,158 | ---- | C] () -- C:\Users\Tommy\Desktop\Bubble_Wallpaper.jpg
[2012.04.12 18:10:30 | 000,000,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\urhtps.dat
[2012.04.11 20:30:19 | 000,000,016 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\blckdom.res
[2012.03.13 21:47:28 | 000,017,408 | ---- | C] () -- C:\Users\Tommy\AppData\Local\WebpageIcons.db
[2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.12.05 23:29:47 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2011.12.05 23:29:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2011.12.05 23:28:44 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.11.09 18:12:00 | 000,019,400 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2011.10.13 01:41:51 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.09.15 11:03:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.09.09 17:47:26 | 000,036,892 | ---- | C] () -- C:\Windows\System32\bassmod.dll
[2011.08.03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.05.16 12:55:28 | 011,010,048 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\Sandra.mdb
[2011.04.13 15:07:49 | 000,001,984 | ---- | C] () -- C:\Windows\System32\drivers\papycpu2.sys
[2011.04.13 15:07:49 | 000,001,856 | ---- | C] () -- C:\Windows\System32\drivers\papyjoy.sys
[2011.04.13 15:06:50 | 000,000,202 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.12 13:44:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.26 14:28:19 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.26 14:28:19 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.02.14 13:42:58 | 000,000,552 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d8caps.dat
[2011.01.06 18:04:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011.01.06 17:45:44 | 000,074,752 | ---- | C] () -- C:\Windows\System32\CLEyeDevices.dll
[2010.12.06 03:16:11 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.11.04 03:16:50 | 000,000,093 | ---- | C] () -- C:\Users\Tommy\AppData\Local\fusioncache.dat
[2010.10.20 12:01:05 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2010.10.20 12:01:05 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2010.08.27 21:28:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2010.08.27 21:28:46 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.07.23 18:18:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.23 18:18:52 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.07.20 16:25:39 | 000,166,400 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.19 11:10:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.07.18 23:16:38 | 000,146,190 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.07.18 10:56:50 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.07.17 23:02:49 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.07.17 13:37:10 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.17 13:02:17 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.07.17 12:58:09 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat

< End of report >
         
--- --- --- Extras OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.04.2012 12:34:19 - Run 4
OTL by OldTimer - Version 3.2.42.0     Folder = C:\Users\Tommy\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 59,05% Memory free
6,68 Gb Paging File | 5,31 Gb Available in Paging File | 79,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,82 Gb Total Space | 143,59 Gb Free Space | 30,83% Space Free | Partition Type: NTFS
Drive D: | 464,23 Gb Total Space | 53,09 Gb Free Space | 11,44% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 113,61 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
 
Computer Name: TOMMY-PC | User Name: Tommy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017A3BEC-B7BA-4BCB-B93D-F0AFA4F2FC84}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\wnt500x86\rpcsandrasrv.exe | 
"{17BF2527-3D2C-4E27-A52A-335D765C9B71}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2011.sp2\rpcagentsrv.exe | 
"{B4D26F88-212D-4814-AE61-E5025C3D2193}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C9647509-994C-4A16-B4CA-EC7109561E02}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00620CC1-D498-4423-9896-CC5A77255AD5}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{01B24FCC-2E63-4DA1-84AC-9FC6D8C80AFC}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{04A02DE7-9BAB-494A-B528-1A32D0745159}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{05205A34-0373-4CB1-A7A0-AD1B184C2011}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{0631EAED-5859-4807-B74C-85F3B01193A9}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{07B84C9C-8307-4494-8DFD-1DAF134E9023}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{07DE5062-84F0-4B3D-B299-3544E3D391A7}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{0D63082B-4CB1-4B9D-ABED-B4FE72C8C464}" = protocol=6 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx9.exe | 
"{1120922E-2CFF-41D9-BA00-8CE71EA9FE22}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{184BA749-E1D9-45F0-9262-555402C4F527}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{19EDD077-C8C4-4EE2-A320-DEDB7134B9DC}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{1CB0E5CE-4F79-4E8A-BDF2-D5C39D886FAB}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{1DB4FF3C-0507-47EC-B8EA-C5EF4C8D86EB}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{1E45F541-C265-4E80-AAAF-6E8AD018DC57}" = protocol=6 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds_radeon.exe | 
"{23C56C71-059B-4021-B9C8-CD76219E796A}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{324851DB-58D2-4E7B-BAF2-E0996704E922}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{35BA93CB-333C-4CF6-8725-11A17A243391}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{3A589C88-CF25-42B8-9FA1-92497C882B7A}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{3AC095A9-3247-4C63-8473-3BD770B9C20B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{3E9D0BFA-3CE7-4FB1-A21B-57ADD51A3EE3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{42377774-C2DE-4D34-B9F3-C32BBC1C7AD2}" = protocol=6 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{4392C986-9C66-4DC7-931C-D7C1025685F8}" = protocol=6 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{4C140D38-27DC-4D28-BAE3-1E66BF97CEF1}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{50C5997D-B2D4-4F9B-B2F8-78B56D6DEA04}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{59E4CCF8-22B5-4C4F-87EE-06A1BB88D51D}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{60DFDA8D-4F6E-48B4-962B-2ADD5E106EEC}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{62757F24-4DFF-4168-9234-4D327FA7E047}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{651A1A49-015B-4C90-9DE9-832A7E8BA785}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{669BCEAE-EFCA-4731-B451-EF0D095218BB}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rusty hearts\clientlauncher.exe | 
"{6825AEE4-B11B-4EDB-8390-190C1A04BC1E}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{69B164D5-A05D-47DF-9AF2-EA1822B42267}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{6F73E07A-155A-4446-A5EA-B735BDB4593B}" = protocol=17 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{725138F0-640F-4CAC-94EE-7C148F6A877D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx10.exe | 
"{791F8798-EFB2-4E96-9020-C56D4FF7BEDD}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{79E3658D-84F3-4488-B3F1-96F6EE0F796D}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{7AD4D544-6D73-455A-BBFF-30551F72919F}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\empire total war demo\empire.exe | 
"{7B6CB3B9-CDB5-4A24-90EF-E95202F4017B}" = protocol=17 | dir=in | app=d:\spiele\reality pump\two worlds\twoworlds.exe | 
"{82E761B3-68B0-48FE-86AE-07A06B46FFFA}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{85C784E8-E53A-4FF8-A799-B194D047EB17}" = protocol=6 | dir=in | app=d:\spiele\activision\ein quantum trost(tm)\jb_liveengine_s.exe | 
"{86D45300-0ACD-4BE8-AB72-030A7827B356}" = protocol=17 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{880E771B-8EE5-42F4-825B-6F1BD9F39299}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\shipsimextremesdemo\steam.exe | 
"{8C528F8F-F9E0-468E-A0E7-80D0C6046279}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{938512F5-34FE-4BA1-AA62-0E2441A6F1B8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"{94733B01-EFEF-4380-8485-D76DA1B97A93}" = protocol=17 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{95F18369-3CA7-45A7-B410-D932FEA49DA2}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{96F625FD-1546-4B7F-9F13-12DBE198CA5D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9C38C6AB-BA1D-40AA-9CC3-3AC823585D2B}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{9D8B252F-6326-4430-821A-316AD24CA993}" = protocol=17 | dir=in | app=d:\spiele\capcom\resident evil 5\re5dx10.exe | 
"{9EB1B8D1-4A1C-4CC8-A5A7-7CABB99B6676}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\rise of immortals\roiclientr.exe | 
"{A15AB570-8384-4902-9D28-2FB4F6BD58AB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{A1FFC0BC-265D-4E1E-AFC0-7BC8DDDF8284}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\lost planet extreme condition\lostplanetdx9.exe | 
"{A22B1C81-8077-4B1B-925A-2003ED70E811}" = protocol=17 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{AA526D98-2546-4B01-9B31-BD81DE179A61}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\iron grip marauders\prism.exe | 
"{AB965C6A-AC05-4DD4-90D9-2693C880D0C5}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr_im.exe | 
"{B1BB64BA-947C-4E8B-893B-894A6A5CF03B}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{B6AD2761-C0BA-4118-90E1-5D00BC3F05DD}" = protocol=17 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{C4E6D21C-2533-44CD-8AEA-BC3CBBB65F03}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\kane & lynch 2 - dog days\kl2.exe | 
"{D0693EBA-B3B3-4D51-8710-B584971E25CF}" = protocol=6 | dir=in | app=d:\spiele\codemasters\grid\grid.exe | 
"{D2762F96-67AE-4661-85F2-93677C02B61C}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\the secret of monkey island special edition\mise.exe | 
"{D2E250DE-8CED-4856-821F-A915978A3047}" = protocol=6 | dir=in | app=c:\windows.old.000\program files\steam\steam.exe | 
"{D2FEF08A-BA2F-4BFE-8495-C28381A88465}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\republic heroes\republic heroes.exe | 
"{D8A0FC63-6DB0-4125-AF9E-1D00DB435CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB0EE392-F4C7-40CD-BC17-D20B73A179A0}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\might and magic clash of heroes demo\clashofheroesdemo.exe | 
"{DC9915A7-A4E1-4F03-BDB2-2D294B9706F7}" = protocol=17 | dir=in | app=d:\spiele\star wars-the old republic\launcher.exe | 
"{E16414F2-4350-45CC-8098-6D9935769051}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe | 
"{E359C5D5-6000-42B2-97CC-223E33D82831}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E4E9454F-0456-4B33-9BD7-483B19A1D56F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E56812BF-5C28-4F52-A7E4-55BC8D7CFC2B}" = protocol=6 | dir=in | app=c:\program files\raptr\raptr.exe | 
"{E6B40784-8AB0-4447-B716-5F0808923114}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mplite.exe | 
"{EB685CA2-12DF-4AC1-8522-714E9561AB02}" = protocol=17 | dir=in | app=c:\spiele\volition inc\red faction guerrilla\rfg.exe | 
"{EB6BA865-1719-444D-B73A-6322C6DF530B}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\bulletstorm demo\binaries\win32\shippingpc-stormgame.exe | 
"{EDA860F6-074C-41B9-9658-EF874CC73C76}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\forsaken world\patcher.exe | 
"{EDFD00CD-8896-414F-AA72-07650C4F0301}" = protocol=6 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\fear2\fear2.exe | 
"{F08CE25F-BB41-49B3-ACCB-7616CF6A8B3C}" = protocol=6 | dir=in | app=d:\spiele\lucasarts\star wars empire at war\gamedata\sweaw.exe | 
"{F6E67672-46EE-47A7-AB25-BA1503196D01}" = protocol=17 | dir=in | app=c:\windows.old\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{FA4A80D3-5AE6-4FD9-875C-7DD84059AE30}" = protocol=6 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"{FECE9618-DC46-4FDC-A57C-3B22D90001C2}" = protocol=17 | dir=in | app=d:\spiele\activision\wolfenstein\mp\wolf2mp.exe | 
"TCP Query User{0D5EBFBC-A9A4-438C-B1D8-7207BE0D26A8}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"TCP Query User{0EDD7BF4-BA1D-483A-BDBA-6C18E7FB5F2C}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{25FC25FB-538C-421A-BB38-DAB484798C45}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{354DF200-F50E-42F1-B226-24FD7EDC1E24}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{3A281E06-7267-4768-A385-2042F13D632D}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"TCP Query User{7BD0C7D7-F7B8-44DD-A8F0-917490ED8D41}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{A4E43130-B07D-40AA-840E-7265589F4480}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C6F24F49-73D7-4621-BAFE-891D0DE44590}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{017ABF61-7E57-4DB4-88CE-20257B965F54}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{2738105C-0A02-44A5-A826-626C478737A9}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{50FC507A-C9A5-4A78-B157-1D4D8DEF50BD}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{842BD1C4-91FA-4B84-9BF1-77073DFB2578}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe | 
"UDP Query User{9E5D26BC-0E59-4953-8E0E-E3E183CDDEFB}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{D3AFC773-2271-46A8-AB69-049243EC6FD5}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"UDP Query User{E14BE6CF-E5E0-4444-A059-21EE2136BA75}D:\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{E6D79A89-5C1D-4F41-983C-7770670D18CC}D:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{065D5505-3821-4C2E-BB6C-FE66A7E7CB4F}" = USB Flash Port Driver
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.0.1
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{10A1D1C4-F0B0-4341-B49A-A9ED8FBDBF9D}" = Livestream Procaster
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{336C4194-47FA-40A8-8D65-21000CA5186E}" = Pro Evolution Soccer 2011 DEMO
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{54510837-257F-4E9A-B359-731000028301}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028302}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000028303}" = Red Faction: Guerrilla
"{54510837-257F-4E9A-B359-731000038301}" = Red Faction: Guerrilla
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5612C844-55BC-4B77-82C2-A2E28962418E}" = Republic Heroes
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0610.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP2
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Activision(R)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"7D6D030B3D73FCCA3D4E45319380F315DFBE7A54" = Windows-Treiberpaket - Infineon Technologies (FlashUSB) USB  (04/16/2009 1.0.0.6)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.1
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Cheat Engine 6.0_is1" = Cheat Engine 6.0
"CloneDVD2" = CloneDVD2
"Episode 1" = Back to the Future The Game - Episode 1
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HD Tach_is1" = HD Tach version 3
"HD Tune_is1" = HD Tune 2.55
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ICQToolbar" = ICQ Toolbar
"Infineon USB driver_is1" = Infineon USB driver 1.0.0.6
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0528.1
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace(TM) 1.1 Patch
"InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}" = Red Faction Guerrilla
"InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Ein Quantum Trost(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IP Changer 2.0" = IP Changer 2.0
"Logitech Eyetoy Webcam" = Logitech Eyetoy Webcam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"NASCAR Racing 2002 Season" = NASCAR® Racing 2002 Season
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.1.3
"pepakura_designer3en" = Pepakura Designer 3
"RADVideo" = RAD Video Tools
"Rainlendar2" = Rainlendar2 (remove only)
"Raptr" = Raptr
"RivaTuner" = RivaTuner v2.20
"Sam & Max - Culture Shock" = Sam & Max - Culture Shock 1.0
"SopCast" = SopCast 3.3.2
"StarCraft" = StarCraft
"Steam App 102610" = Orcs Must Die! Demo
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 28000" = Kane & Lynch 2: Dog Days
"Steam App 31740" = Iron Grip: Marauders
"Steam App 36620" = Forsaken World 
"Steam App 36630" = Rusty Hearts
"Steam App 440" = Team Fortress 2
"Steam App 48810" = Ship Simulator Extremes Demo
"Steam App 61720" = Might and Magic: Clash of Heroes - Demo
"Steam App 90530" = Rise of Immortals
"Steam App 99870" = Bulletstorm Demo
"Tales of Monkey Island" = Tales of Monkey Island
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Two Worlds" = Two Worlds
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.0
"Volumenzähler_is1" = Volumenzähler 1.0
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"Smart Shutdown Manager" = Smart Shutdown Manager
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 27.04.2012, 20:47   #13
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



nur Firefox und der Internet Explorer, oder andere Programme auch?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 27.04.2012, 23:40   #14
Tommyfighter
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



nun gehts wieder. firefox und ie lassen sich auch so wieder öffnen. bei anderen programmen gibts auch keine probleme

Alt 28.04.2012, 09:04   #15
kira
/// Helfer-Team
 
Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - Standard

Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden



1.
läuft unter XP, Vista mit (32Bit)
die Objekte existieren immer noch?
Code:
ATTFilter
c:\users\Tommy\AppData\Roaming\xmldm
c:\users\Tommy\AppData\Roaming\11019
c:\users\Tommy\AppData\Roaming\11018
c:\users\Tommy\AppData\Roaming\11017
c:\users\Tommy\AppData\Roaming\11016
c:\users\Tommy\AppData\Roaming\11015
c:\users\Tommy\AppData\Roaming\11014
c:\users\Tommy\AppData\Roaming\11013
c:\users\Tommy\AppData\Roaming\11012
c:\users\Tommy\AppData\Roaming\11010
c:\users\Tommy\AppData\Roaming\11009
         
2.
läuft unter XP, Vista mit (32Bit)
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

4.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
             
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden
.exe, .exe datei, antivir, bundespolizei, content.ie5, datei, files, gefunde, heute, inter, interne, internet, pferd, plattmachen, quarantäne, reich, temporary, troja, trojaner, trojanisches, trojanisches pferd, zweimal



Ähnliche Themen: Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden


  1. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (13)
  2. Trojanisches Pferd TR/Crypt.XPACK.Gen3 gefunden ... Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 07.04.2013 (11)
  3. Trojanisches Pferd TR/Kazy. 134903.1 gefunden
    Log-Analyse und Auswertung - 05.02.2013 (21)
  4. Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (37)
  5. Trojanisches Pferd TR/Spy.Banker.Gen5 & EXP/CVE-2012-1723.BU & Java-Scriptvirus JS/Dldr.Expack.BA.3
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (3)
  6. Trojanisches Pferd: TR/Spy.Banker.Age.8 - Die Datei wurde ignoriert
    Mülltonne - 07.06.2012 (1)
  7. erst TR/Spy.Banker.Gen2 gefunden, dann TR/PSW.Banker.O.33
    Log-Analyse und Auswertung - 28.03.2012 (26)
  8. Trojanisches Pferd TR/Crypt.zpack.gen2 gefunden. Kein Internet!
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (62)
  9. Trojanisches Pferd TR/Derusbi.A mit Antivir gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.09.2011 (6)
  10. Trojanisches Pferd TR/Patched.Gen //// Trojanisches Pferd TR/Refroso.ayol
    Überwachung, Datenschutz und Spam - 26.12.2010 (6)
  11. Trojanisches Pferd TR/Banker.Banker.aywq gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (7)
  12. Trojanisches Pferd TR/Crypt.ZPACK.Gen gefunden - was tun?
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (17)
  13. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (4)
  14. Trojanisches Pferd TR/BHO.b.3.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2006 (7)
  15. Trojanisches Pferd Spy.Banker.el.16
    Plagegeister aller Art und deren Bekämpfung - 27.07.2005 (1)
  16. Trojanisches Pferd TR
    Plagegeister aller Art und deren Bekämpfung - 21.06.2005 (1)
  17. Trojanisches Pferd
    Log-Analyse und Auswertung - 26.01.2005 (3)

Zum Thema Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden - hallo, wie oben schon geschrieben, hat mein antivir heute den trojaner TSW.Banker.O.26 gefunden. dabei handelt es sich um eine datei, die er im Temporary Internet Files\Content.IE5\EDX06o6T\calc[1].exe gefunden hat. ich hab - Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden...
Archiv
Du betrachtest: Trojanisches Pferd TR/PSW.Banker.O.26 wurde gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.