Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira Fund EXP/2011-3544.CQ.1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.05.2012, 20:59   #1
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Hallo
am 16.04. hatte ich mit Avira einen Komplett-Scan gemacht.
Hier ist der Bericht zu sehen:
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 16. April 2012  18:35

Es wird nach 3625013 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : ***-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 20:05:36
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 20:05:35
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 20:05:36
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  15.02.2012 20:05:38
AVREG.DLL      : 12.1.0.36     229128 Bytes  05.04.2012 19:14:16
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 19:12:21
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 20:11:20
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 19:00:05
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 19:00:05
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 19:02:00
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 19:02:00
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 19:02:00
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 19:02:00
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 19:02:00
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 19:02:00
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 19:02:00
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 19:02:00
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 18:57:38
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 19:14:10
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 19:15:50
VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 11:57:37
VBASE018.VDF   : 7.11.27.107   161280 Bytes  12.04.2012 19:14:47
VBASE019.VDF   : 7.11.27.159   148992 Bytes  13.04.2012 19:14:55
VBASE020.VDF   : 7.11.27.160     2048 Bytes  13.04.2012 19:14:56
VBASE021.VDF   : 7.11.27.161     2048 Bytes  13.04.2012 19:14:57
VBASE022.VDF   : 7.11.27.162     2048 Bytes  13.04.2012 19:14:57
VBASE023.VDF   : 7.11.27.163     2048 Bytes  13.04.2012 19:14:57
VBASE024.VDF   : 7.11.27.164     2048 Bytes  13.04.2012 19:14:57
VBASE025.VDF   : 7.11.27.165     2048 Bytes  13.04.2012 19:14:57
VBASE026.VDF   : 7.11.27.166     2048 Bytes  13.04.2012 19:14:57
VBASE027.VDF   : 7.11.27.167     2048 Bytes  13.04.2012 19:14:58
VBASE028.VDF   : 7.11.27.168     2048 Bytes  13.04.2012 19:14:58
VBASE029.VDF   : 7.11.27.169     2048 Bytes  13.04.2012 19:14:58
VBASE030.VDF   : 7.11.27.170     2048 Bytes  13.04.2012 19:14:58
VBASE031.VDF   : 7.11.27.178    32768 Bytes  15.04.2012 18:56:35
Engineversion  : 8.2.10.42 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL   : 8.1.4.16      446842 Bytes  04.04.2012 19:18:44
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 20:04:45
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 15:43:37
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.16.9      807287 Bytes  30.03.2012 19:04:49
AEOFFICE.DLL   : 8.1.2.27      201082 Bytes  04.04.2012 19:18:39
AEHEUR.DLL     : 8.1.4.15     4628855 Bytes  13.04.2012 19:16:24
AEHELP.DLL     : 8.1.19.1      254327 Bytes  02.04.2012 19:14:13
AEGEN.DLL      : 8.1.5.23      409973 Bytes  08.03.2012 15:41:10
AEEXP.DLL      : 8.1.0.29       82293 Bytes  13.04.2012 19:16:27
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.25.6      201078 Bytes  15.03.2012 15:41:56
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 20:05:34
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, G:, H:, I:, J:, K:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 16. April 2012  18:35

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD5
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'G:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'H:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'I:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'J:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'K:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '153' Modul(e) wurden durchsucht
Durchsuche Prozess 'XMBLicensing.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Sound_Blaster_X-Fi_MB_Cleanup.0001' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'AMBSPISyncService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'YahooAUService.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '644' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Temp\jar_cache4827510852522062610.tmp
  [0] Archivtyp: ZIP
  --> game/advertise.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Niabil.Gen
  --> game/game3c777fbc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CQ.1
Beginne mit der Suche in 'E:\' <Games>
Beginne mit der Suche in 'F:\' <Eigene Dateien>
Beginne mit der Suche in 'G:\' <Downloads>
Beginne mit der Suche in 'H:\' <Volume>
Beginne mit der Suche in 'I:\' <Daten>
Beginne mit der Suche in 'J:\' <Daten 1>
Beginne mit der Suche in 'K:\' <Daten 2>

Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\jar_cache4827510852522062610.tmp
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CQ.1
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a20dec9.qua' verschoben!


Ende des Suchlaufs: Montag, 16. April 2012  21:29
Benötigte Zeit:  2:53:09 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  44873 Verzeichnisse wurden überprüft
 1673174 Dateien wurden geprüft
      2 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1673172 Dateien ohne Befall
  13748 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise
 566177 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
(Namen durch *** ersetzt)
Dort wurden 2 Funde gemeldet. Ich hatte angenommen, dass sich das Problem dadurch gelöst hat, hatte auch nie irgendetwas bemerkt, das auf einen Virus hingedeutet hat.
Ich habe mich dann mal mit Google über diesen Virus informiert und bin zum Beispiel auch auf einen Beitrag in diesem Forum gefunden, wo von einer Infizierung des kompletten Systems durch diesen Virus und einer sehr aufwändigen Reinigung die Rede war.
Ich habe dann heute beschlossen mich doch nochmal zu vergewissern, dass mein Computer gesäubert wurde und habe mir dazu nach dieser Anleitung http://www.trojaner-board.de/51187-a...i-malware.html MalwareBytes runtergeladen und ausgeführt.
Beim Quick Scan hat er mir keine Funde angezeigt, aber beim vollständigen Suchdurchlauf wurden dann 10 Dateien gefunden, die ich entfernen lassen habe (für mich haben diese harmlos gewirkt, also ich hätte bei ihnen kein Gefahrenpotenzial erwartet, bzw. bei den meisten).
Hier der Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.11.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

11.05.2012 18:38:49
mbam-log-2012-05-11 (18-38-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 655905
Laufzeit: 1 Stunde(n), 47 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 10
E:\Battlefield 2\mods\stats\Stats.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\SoftonicDownloader_fuer_anno-1701.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\SoftonicDownloader_fuer_doodle-jump.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\SoftonicDownloader_fuer_hypercam.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
G:\SoftonicDownloader_fuer_meat-boy.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
I:\Yuri\ra2.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
K:\installer_mario_forever_3_01_Deutsch_Deutsch.exe (PUP.SmsPay.pns) -> Erfolgreich gelöscht und in Quarantäne gestellt.
K:\smart_shutdown_manager.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
K:\stress.exe (Joke.Stressreducer) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Kann ich jetzt davon ausgehen, dass mein Computer wieder sauber ist, bzw. waren das auch wirkliche Funde und keine Fehlfunde eventuell?
Wäre nett wenn mir jemand sagen könnte wie ich weiterverfahren soll.
Vielen Dank schon mal im voraus.

Alt 11.05.2012, 22:54   #2
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner - Installer herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Alt 12.05.2012, 02:26   #3
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Okay habe ich gemacht.
Hier die beiden Logs von OTL:
OTL.Txt
Code:
ATTFilter
OTL logfile created on: 12.05.2012 02:13:38 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Joel\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,88% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 51,95 Gb Free Space | 53,20% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 206,51 Gb Free Space | 83,56% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 150,50 Gb Free Space | 77,06% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,03 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 135,96 Gb Free Space | 69,61% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 76,62 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Joel\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0015\~de6248.tmp ()
MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0015\~df394b.tmp ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll ()
MOD - C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll ()
MOD - C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- E:\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (SandraAgentSrv) -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (SANDRA) -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {596D83A1-1857-4C0E-A57E-57F07608805B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66055
IE - HKCU\..\SearchScopes\{596D83A1-1857-4C0E-A57E-57F07608805B}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 11:16:47 | 000,000,000 | ---D | M]
 
[2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2012.05.11 18:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions
[2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.10 17:06:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com
[2010.12.15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\conduit.xml
[2012.05.07 19:19:31 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml
[2011.05.06 21:56:19 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-2.xml
[2011.05.08 01:21:21 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-3.xml
[2011.05.10 23:23:25 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-4.xml
[2011.08.17 01:24:20 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-5.xml
[2011.05.05 18:21:00 | 000,001,056 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin.xml
[2012.05.12 02:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI
[2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 07:53:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.14 17:37:07 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.23 20:15:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.28 00:59:37 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.23 20:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.23 20:15:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 18:31:00 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.23 20:15:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 20:15:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_18-windows-i586.cab (Java Plug-in 1.5.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.05 10:17:48 | 000,003,201 | ---- | M] () - K:\AutoZoomOut_0.54.zip -- [ NTFS ]
O33 - MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\Shell - "" = AutoRun
O33 - MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\Shell\AutoRun\command - "" = M:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 02:06:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 06:59:01 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 06:59:00 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 06:59:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 06:59:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 06:59:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 06:58:02 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 06:58:00 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 06:58:00 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.01 21:11:51 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Babylon
[2012.05.01 21:11:50 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Babylon
[2012.05.01 21:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.14 03:03:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.14 03:03:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.14 03:03:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.14 03:03:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.14 03:03:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.14 03:03:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.14 03:03:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.14 03:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.14 03:03:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.14 03:03:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.14 03:03:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.14 03:00:36 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.14 03:00:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.14 03:00:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 02:02:57 | 000,019,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 02:02:57 | 000,019,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 01:37:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.11 21:02:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.11 21:02:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.11 21:02:26 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.11 18:22:27 | 373,545,129 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.10 21:16:54 | 000,300,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.10 07:00:55 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.10 07:00:55 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.10 07:00:55 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.10 07:00:55 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.10 07:00:55 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.05.06 11:27:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.06 11:27:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.14 11:16:47 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar
[2011.10.21 23:20:03 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.21 23:20:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.21 23:20:02 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc[1].exe
[2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat
[2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

< End of report >
         
Extras.Txt
Code:
ATTFilter
OTL Extras logfile created on: 12.05.2012 02:13:38 - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Joel\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,88% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 51,95 Gb Free Space | 53,20% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 206,51 Gb Free Space | 83,56% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 150,50 Gb Free Space | 77,06% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,03 Gb Free Space | 3,09% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 135,96 Gb Free Space | 69,61% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 76,62 Gb Free Space | 61,81% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 | 
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 | 
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 | 
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system | 
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{77E9ED34-819C-4500-9E1B-A8F10105E550}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7A7831F9-5AA2-4C5C-92E4-6B64EC5369E1}" = protocol=58 | dir=in | app=system | 
"{7BB39CE6-176A-47DF-B3DC-2298540ADEA1}" = protocol=6 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{96FC5E05-1AE6-400B-9E03-3F14D598EE2A}" = protocol=17 | dir=in | app=e:\league of legends\air\lolclient.exe | 
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B7F084E9-77CD-4A0D-8E31-0DB7916F1E9B}" = protocol=17 | dir=in | app=e:\yahoomessenger\messenger\yahoomessenger.exe | 
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CF49EC83-92F9-4296-935E-E0FC3613316E}" = protocol=17 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E1DE0B38-4078-45EE-B9FF-1CA933CAF8C7}" = protocol=6 | dir=in | app=e:\league of legends\game\league of legends.exe | 
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F01D5329-7906-41B0-8149-F291FA232532}" = protocol=6 | dir=in | app=e:\yahoomessenger\messenger\yahoomessenger.exe | 
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe | 
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"TCP Query User{15B1FA33-B2A4-4063-A42B-F6C90BE37973}E:\urban terror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urban terror\iourbanterror.exe | 
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
"TCP Query User{1CCFB4BD-9150-4836-8A7C-97EB9EE95DE4}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe | 
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe | 
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe | 
"TCP Query User{3C75981C-BDB3-4F80-8D36-A2337E4F4DB4}E:\metin2\metin2.bin" = protocol=6 | dir=in | app=e:\metin2\metin2.bin | 
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe | 
"TCP Query User{56196593-5849-4371-8F61-E0D8F0214F93}E:\metin2\metin2client.bin" = protocol=6 | dir=in | app=e:\metin2\metin2client.bin | 
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"TCP Query User{90047765-8B53-4A79-95FF-4A9A837D4249}C:\users\joel\downloads\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=c:\users\joel\downloads\yuleech-runes_of_magic_3_0_5_2262.exe | 
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"TCP Query User{CB9FC27F-BB97-4E4C-AED8-AD6D399BDDAB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{D26591DE-8A9E-463B-B28D-CE3F2F2350D0}G:\teeworlds\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=g:\teeworlds\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"TCP Query User{D7B9F740-CF10-4284-93CE-60A34073D883}E:\crossfire\cf_g4box.exe" = protocol=6 | dir=in | app=e:\crossfire\cf_g4box.exe | 
"TCP Query User{DE49DCFC-B397-4517-ADD6-1DBC75BA8E39}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"UDP Query User{11DDBA46-F99D-4622-9C66-AEBDF2F791F4}E:\metin2\metin2.bin" = protocol=17 | dir=in | app=e:\metin2\metin2.bin | 
"UDP Query User{1509A5C3-C4DA-4D3C-87C0-4D31B9F2D1F4}E:\crossfire\cf_g4box.exe" = protocol=17 | dir=in | app=e:\crossfire\cf_g4box.exe | 
"UDP Query User{1E90480F-CDA1-4B48-82D0-885870362267}E:\metin2\metin2client.bin" = protocol=17 | dir=in | app=e:\metin2\metin2client.bin | 
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe | 
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe | 
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"UDP Query User{3478A4B0-173A-427C-B767-4EFDF0318D3D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe | 
"UDP Query User{453A31CB-7B08-4D93-BDA6-9D1A6ADE61A6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{64662E59-BE13-4A80-9C0F-ADF2F1D6C9E9}C:\users\joel\downloads\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=c:\users\joel\downloads\yuleech-runes_of_magic_3_0_5_2262.exe | 
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe | 
"UDP Query User{764E2C17-BA7E-4F7F-B287-170569DFEC11}G:\teeworlds\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=g:\teeworlds\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe | 
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{C6CF15C3-B9BB-42B9-AEF3-D6182FAF619B}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{C92421E1-E86F-48D6-9AD6-F08DFE16559B}E:\urban terror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urban terror\iourbanterror.exe | 
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe | 
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3248F0A8-6813-11D6-A77B-00B0D0150180}" = J2SE Runtime Environment 5.0 Update 18
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Ask Toolbar_is1" = Foxit Toolbar
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader" = Foxit Reader
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"Pangya" = Pangya (Ntreev SG Interactive)
"PunkBusterSvc" = PunkBuster Services
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Security Task Manager" = Security Task Manager 1.8d
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.05.2012 11:50:28 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 11:50:38 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 11:51:46 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 11:51:56 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 12:01:02 | Computer Name = Joel-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 11.05.2012 12:23:05 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 15:03:05 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.05.2012 17:00:30 | Computer Name = Joel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Client.exe, Version: 4.0.10.2522,
 Zeitstempel: 0x4f7aa9c0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003cb8d  ID des fehlerhaften
 Prozesses: 0x1d4  Startzeit der fehlerhaften Anwendung: 0x01cd2fa946418947  Pfad der
 fehlerhaften Anwendung: E:\Runes of Magic\Client.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 571d779f-9bac-11e1-84c2-0025226920ee
 
Error - 11.05.2012 19:54:04 | Computer Name = Joel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5be07e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000016d11
ID
 des fehlerhaften Prozesses: 0x140  Startzeit der fehlerhaften Anwendung: 0x01cd2fa89eb844e0
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe  Pfad des fehlerhaften
 Moduls: c:\windows\system32\sysmain.dll  Berichtskennung: 967438b1-9bc4-11e1-84c2-0025226920ee
 
Error - 11.05.2012 20:06:46 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Audio-Endpunkterstellung" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Zugriff auf Eingabegeräte" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Heimnetzgruppen-Listener" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Netzwerkverbindungen" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 11.05.2012 19:54:10 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
 
< End of report >
         
Und hier noch die Liste der Programm aus dem CC-Cleaner
Code:
ATTFilter
Acrobat.com	Adobe Systems Incorporated	29.10.2010		1.1.377
Adobe AIR	Adobe Systems Inc.	29.10.2010		1.0.4990
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	15.11.2011	6,00MB	11.1.102.55
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	05.05.2012	6,00MB	11.2.202.235
Adobe Reader 9.5.1	Adobe Systems Incorporated	13.04.2012	103,3MB	9.5.1
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	05.03.2012		11.6.4.634
Allied Intent Xtended 2.0	AIX Community	01.10.2011		2.0
AMR to MP3 Converter 1.4	amrtomp3converter.com	10.03.2011		
Ashampoo Burning Studio 6 FREE v.6.80	ashampoo GmbH & Co. KG	09.05.2011	39,4MB	6.8.0
ASRock IES v2.0.69		29.10.2010	8,95MB	
ASRock InstantBoot v1.24		29.10.2010		
ASRock OC Tuner v2.3.91		29.10.2010		
Audacity 1.2.6		01.02.2011		
Avira Free Antivirus	Avira	07.05.2012	108,8MB	12.0.0.1125
CamStudio		29.05.2011		
CCleaner	Piriform	11.05.2012		3.18
CDBurnerXP	CDBurnerXP	01.12.2010	15,8MB	4.3.8.2474
ConvertHelper 2.2	DownloadHelper	15.11.2011		
Debugging Tools for Windows (x86)	Microsoft Corporation	24.02.2011	38,5MB	6.11.1.404
Die Sims - Megastar		22.09.2011		
Divine Divinity		17.10.2011		
EVEREST Home Edition v2.20	Lavalys Inc	12.05.2011		2.20
Explorer Suite III		30.03.2012		
Far Cry 2	Ubisoft	23.04.2011		1.03.00
Foxit Reader	Foxit Software Company	28.10.2010		3.1.4.1125
Foxit Toolbar	Ask.com	13.07.2010		4.1.0.5
Free Mp3 Wma Converter V 1.93	Koyote Soft	01.08.2011	16,2MB	1.93.0.0
Free Pascal 2.6.0	Free Pascal Team	28.01.2012	186,8MB	
GIMP 2.6.11	The GIMP Team	30.06.2011	107,7MB	2.6.11
Google Chrome	Google Inc.	31.03.2012		18.0.1025.142
HyperCam 2		13.07.2011		
ICQ7.6	ICQ	02.11.2011		7.6
Icy Tower v1.5	Free Lunch Design	08.07.2011	4,34MB	
J2SE Runtime Environment 5.0 Update 18	Sun Microsystems, Inc.	17.04.2011	146,9MB	1.5.0.180
Jagged Alliance 2 Wildfire		07.09.2011		
Jagged Alliance 2: Unfinished Business		01.09.2011		
Java(TM) 6 Update 31	Oracle	06.03.2012	95,1MB	6.0.310
JDownloader 0.9	AppWork GmbH	30.09.2011		0.9
League of Legends	Riot Games	24.12.2010		1.02.0000
Little Fighter 2 1.9c		18.11.2010		1.9c
Logitech SetPoint	Logitech	30.12.2011	17,00KB	4.80
LogMeIn Hamachi	LogMeIn, Inc.	28.02.2012		2.1.0.166
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.05.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	13.11.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	13.01.2012	52,0MB	4.0.30319
Microsoft Age of Empires II		21.02.2011		
Microsoft Age of Empires II: The Conquerors Expansion		21.02.2011		
Microsoft Silverlight	Microsoft Corporation	09.05.2012	86,9MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	14.07.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	23.01.2012	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.07.2011	0,29MB	8.0.56336
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	30.12.2011	0,69MB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022	Microsoft Corporation	13.07.2010	2,52MB	9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	29.10.2010	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	15.07.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	13.07.2010	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	29.10.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.07.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	29.12.2011	12,3MB	10.0.40219
mIRC	mIRC Co. Ltd.	19.08.2011		7.19
Mozilla Firefox 12.0 (x86 de)	Mozilla	24.04.2012	41,2MB	12.0
Mozilla Maintenance Service	Mozilla	24.04.2012	0,21MB	12.0
Need for Speed Underground 2		15.06.2011		
Need for Speed™ Most Wanted		11.06.2011		
Njam 1.21	Milan Babuskov	18.11.2010		
Notepad++		16.05.2011		5.9
NVIDIA 3D Vision Controller-Treiber 296.10	NVIDIA Corporation	12.03.2012		296.10
NVIDIA 3D Vision Treiber 296.10	NVIDIA Corporation	12.03.2012		296.10
NVIDIA Drivers	NVIDIA Corporation	22.04.2011	63,0MB	1.7
NVIDIA ForceWare Network Access Manager	NVIDIA Corporation	22.04.2011	33,6MB	1.00.7316
NVIDIA Grafiktreiber 296.10	NVIDIA Corporation	12.03.2012		296.10
NVIDIA HD-Audiotreiber 1.3.12.0	NVIDIA Corporation	12.03.2012		1.3.12.0
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	12.03.2012		9.12.0213
NVIDIA Update 1.7.11	NVIDIA Corporation	12.03.2012		1.7.11
OpenOffice.org 3.2	OpenOffice.org	13.07.2010	373MB	3.2.9483
Opera 11.62	Opera Software ASA	29.03.2012		11.62.1347
Pangya (Ntreev SG Interactive)		17.05.2011		
PunkBuster Services	Even Balance, Inc.	20.10.2011		0.991
Robin Hood - Die Legende von Sherwood	Wanadoo Edition	17.06.2011		
Robokill	MyPlayBus.com	28.12.2011		
Rome - Total War	The Creative Assembly	29.09.2011		1.5
Runes of Magic	Frogster Interactive Pictures	22.06.2011		3.0.5.2262.slim
Security Task Manager 1.8d	Neuber Software	09.09.2011		1.8d
SharpDevelop 4.1	ic#code	13.01.2012	55,8MB	4.1.8000
SiSoftware Sandra Lite 2010.SP3	SiSoftware	02.11.2010	69,1MB	16.67.2010.10
Skype™ 5.8	Skype Technologies S.A.	28.04.2012	19,0MB	5.8.158
Sound Blaster X-Fi MB	Creative Technology Limited	29.10.2010		1.0
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	29.11.2010	29,7MB	9.0.0
System Requirements Lab		24.02.2011		
TeamSpeak 3 Client	TeamSpeak Systems GmbH	28.11.2010		
TeamViewer 6	TeamViewer GmbH	22.04.2011		6.0.10511
Thief - Deadly Shadows		08.10.2011		1.0
TmNationsForever	Nadeo	19.11.2010		
Urban Terror 4.1	Frozen Sand LLC	11.06.2011		
VIA Plattform-Geräte-Manager	VIA Technologies, Inc.	13.07.2010	2,62MB	1.34
VirtualCloneDrive	Elaborate Bytes	30.09.2011		
Visual MP3 Splitter & Joiner 6.1	ManiacTools.com	04.03.2012		
VLC media player 1.0.5	VideoLAN Team	28.10.2010		1.0.5
Windows Live Essentials	Microsoft Corporation	15.07.2011		15.4.3538.0513
WinRAR		28.10.2010		
Xvid 1.2.2 final uninstall	Xvid team (Koepi)	01.05.2011		1.2
Yahoo! Software Update		13.04.2011		
Yontoo 1.10.02	Yontoo LLC	30.04.2012	1,16MB	1.10.02
         
__________________

Alt 12.05.2012, 08:26   #4
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Du hast dein Windows sehr vernachlässigt! All dies hat dann natürlich auch Auswirkungen auf die Systemsicherheit...
a.,
noch immer kein Service Pack (SP 1 fehlt!) installiert?!
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.
Allerdings nicht in diesem Zustand der alten Version eine Aufrüstung auf die nächste NICHT erfolgen darf, sonst schadet es mehr als es nutzt! Soll nun die Festplatte erst bereinigt werden, also absolut malwarefrei sein!
Also nur am Ende der Reinigung der aktuelle Version installieren! - ich werde Dir Bescheid sagen wann!

b.,
Java und Adobe auch veraltet!

Systemreinigung und Prüfung:

1.
deinstalliere :
unter `Systemsteuerung -> Software -> Ändern/Entfernen...`
Code:
ATTFilter
Foxit Toolbar	Ask.com
         
Während der Installation darauf zu achten ist!:
- Benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
- Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen, weil damit stimmt man nämlich zu, dass Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
Zitat:
Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
-> Im Browser: die aktuelle Webseite als Startseite von dir festgelegt worden?
-> unter Extras ⇒ Erweiterungen ungewollte AddOns/PlugIns, Toolbars eingetragen sind?
-> In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!
2.
würde ich deinstallieren:
Security Task Manager 1.7
und stattdessen den Prozess Explorer empfehlen:
Tipp:
Um eine bessere Übersicht über laufenden Anwendungen und Prozesse, die CPU-Aktivität zu beobachten , kann ich Dir aus eigene Erfahrung auch den -> Prozess explorer Von Mark Russinovich zu empfehlen

3.
wenn Yahoo nicht benötigst, deinstalliere:
Yahoo! Software Update

4.
Nicht mehr installiert?:
Elaborate Bytes AG

5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {596D83A1-1857-4C0E-A57E-57F07608805B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66055
IE - HKCU\..\SearchScopes\{596D83A1-1857-4C0E-A57E-57F07608805B}: "URL" = http://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2010.12.15 16:12:32 | 000,000,923 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\conduit.xml
[2011.05.06 21:56:19 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-2.xml
[2011.05.08 01:21:21 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-3.xml
[2011.05.10 23:23:25 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-4.xml
[2011.08.17 01:24:20 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-5.xml
[2011.05.05 18:21:00 | 000,001,056 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin.xml
[2012.02.23 20:15:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.12.28 00:59:37 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.02.23 20:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.23 20:15:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.01 18:31:00 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.23 20:15:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.23 20:15:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.05 10:17:48 | 000,003,201 | ---- | M] () - K:\AutoZoomOut_0.54.zip -- [ NTFS ]
O33 - MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\Shell - "" = AutoRun
O33 - MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\Shell\AutoRun\command - "" = M:\Autorun.exe
[2012.05.12 01:37:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.11 21:02:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
C:\Users\Joel\AppData\Local\Babylon
C:\Users\Joel\AppData\Roaming\Babylon
C:\ProgramData\Babylon
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software (z.B von McAfee), Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

5.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

8.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

9.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

damit ich weiß, welche Änderungen Du vorgenommen hast:
Zitat:
► Berichte mir kurz über alle Umsetzungsschritte (zu jedem Punkt), die Du erledigt hast!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 12.05.2012, 21:24   #5
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Hm ja ich habe grade leider kein System zum installieren da. Habe zurzeit Windows 7 Home Premium 64 Bit drauf, aber das ist eigentlich nur eine Testversion für 30 Tage gewesen, die beim Kauf des Computers dabei war.
Ich müsste mir also wahrscheinlich erstmal eine Windows 7 Version kaufen, bevor ich das dann aktuallisieren kann.
Ich hab mal etwas nachgeschaut nach einem günstigen Anbieter und bin dabei auf dieses Angeboet gestoßen (hxxp://www.softwarebilliger.de/betriebssysteme/windows-7-home-premium-64-bit-oem-dvd-und-windows-7-home-premium-coa-multilanguage/). Was hälst du von dem Angebot, oder weißt du vielleicht noch eine günstigere Variante? Oder würdest du mir vielleicht zu einer anderen Windows 7 Version raten? Ich hoffe, dass das okay ist wenn ich die Fragen in dem Thread hier mitstelle, oder sollte man dafür dann einen neuen aufmachen?
Jetzt erstmal weiter mit den Punkten die du mir gegeben hast.
1. Habe die Toolbar deinstalliert.
2. Security Task Manager 1.7 wurde deinstalliert und ich hab mir den von dir empfohlenen ProcessExplorer runtergeladen.
3. Habe Yahoo! Software Update deinstalliert.
4. Nein es scheint nicht mehr installiert zu sein. Konnte es jedenfalls nicht mehr finden.
5. Habe den Fix mit OTL durchführen lassen. Hier das Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{596D83A1-1857-4C0E-A57E-57F07608805B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{596D83A1-1857-4C0E-A57E-57F07608805B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\conduit.xml moved successfully.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
K:\AutoZoomOut_0.54.zip moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ae621e-ebfa-11e0-b362-0025226920ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98ae621e-ebfa-11e0-b362-0025226920ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98ae621e-ebfa-11e0-b362-0025226920ee}\ not found.
File M:\Autorun.exe not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
C:\Users\Joel\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Joel\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Joel\AppData\Local\Babylon folder moved successfully.
C:\Users\Joel\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Downloads\cmd.bat deleted successfully.
C:\Users\Joel\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Joel
->Temp folder emptied: 1582145934 bytes
->Temporary Internet Files folder emptied: 1975360007 bytes
->Java cache emptied: 8206963 bytes
->FireFox cache emptied: 635997343 bytes
->Google Chrome cache emptied: 25895027 bytes
->Opera cache emptied: 13094936 bytes
->Flash cache emptied: 47229 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182628792 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46395324 bytes
RecycleBin emptied: 2757226 bytes
 
Total Files Cleaned = 4.267,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05122012_114307

Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
2. Habe die alten Java-Versionen deinstalliert und die neue installiert.
Ich hoffe, dass es nicht schlimm ist, wenn ich die Jave 7 Update 4 Version genommen habe?

3.Ich habe zuerst wie beschrieben Adobe gestartet und nach Updates suchen lassen. Es kam aber die Meldung, dass keine Updates verfügbar sind.
Ich habe mir dann die aktuelle Version runtergeladen und installiert.
Weißt du warum er keine Updates gefunden hat?

5. Bereinigung wurde durchgeführt.

6. Habe den Scan mit SUPERAntiSpyware durchführen lassen.
Hier der Log:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/12/2012 at 01:36 PM

Application Version : 5.0.1148

Core Rules Database Version : 8590
Trace Rules Database Version: 6402

Scan type       : Complete Scan
Total Scan Time : 01:00:33

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 628
Memory threats detected   : 0
Registry items scanned    : 65098
Registry threats detected : 0
File items scanned        : 102214
File threats detected     : 26

Adware.Tracking Cookie
	C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3R1S0KBU.txt [ Cookie:joel@google.com/accounts/ ]
	I:\JOEL\COOKIES\JOEL@247REALMEDIA[1].TXT [ /247REALMEDIA ]
	I:\JOEL\COOKIES\JOEL@2O7[1].TXT [ /2O7 ]
	I:\JOEL\COOKIES\JOEL@A3.ADSERVER01[1].TXT [ /A3.ADSERVER01 ]
	I:\JOEL\COOKIES\JOEL@ADS.GAMERSHELL[1].TXT [ /ADS.GAMERSHELL ]
	I:\JOEL\COOKIES\JOEL@ADS.SPORTY-ADS[1].TXT [ /ADS.SPORTY-ADS ]
	I:\JOEL\COOKIES\JOEL@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
	I:\JOEL\COOKIES\JOEL@CLICKS.PANGORA[2].TXT [ /CLICKS.PANGORA ]
	I:\JOEL\COOKIES\JOEL@E-2DJ6WALIKIDZEBO.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WALIKIDZEBO.STATS.ESOMNITURE ]
	I:\JOEL\COOKIES\JOEL@E-2DJ6WAMIQOD5EAO.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WAMIQOD5EAO.STATS.ESOMNITURE ]
	I:\JOEL\COOKIES\JOEL@E-2DJ6WBLOCKD5OAP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WBLOCKD5OAP.STATS.ESOMNITURE ]
	I:\JOEL\COOKIES\JOEL@E-2DJ6WCLYQHCPIGO.STATS.ESOMNITURE[1].TXT [ /E-2DJ6WCLYQHCPIGO.STATS.ESOMNITURE ]
	I:\JOEL\COOKIES\JOEL@E-2DJ6WDKOGHDJOHP.STATS.ESOMNITURE[2].TXT [ /E-2DJ6WDKOGHDJOHP.STATS.ESOMNITURE ]
	I:\JOEL\COOKIES\JOEL@FASTCLICK[1].TXT [ /FASTCLICK ]
	I:\JOEL\COOKIES\JOEL@HALF-LIFE-COUNTERSTRIKE.SOFTONIC[1].TXT [ /HALF-LIFE-COUNTERSTRIKE.SOFTONIC ]
	I:\JOEL\COOKIES\JOEL@HASENET.122.2O7[1].TXT [ /HASENET.122.2O7 ]
	I:\JOEL\COOKIES\JOEL@PARTNERS.WEBMASTERPLAN[2].TXT [ /PARTNERS.WEBMASTERPLAN ]
	I:\JOEL\COOKIES\JOEL@QKSRV[2].TXT [ /QKSRV ]
	I:\JOEL\COOKIES\JOEL@TACODA[1].TXT [ /TACODA ]
	I:\JOEL\COOKIES\JOEL@WEBMASTERPLAN[2].TXT [ /WEBMASTERPLAN ]
	I:\JOEL\COOKIES\JOEL@YADRO[1].TXT [ /YADRO ]
	I:\JOEL\COOKIES\JOEL@XITI[1].TXT [ /XITI ]
	I:\JOEL\COOKIES\JOEL@ZANOX-AFFILIATE[1].TXT [ /ZANOX-AFFILIATE ]
	I:\JOEL\COOKIES\JOEL@ZANOX[2].TXT [ /ZANOX ]
	I:\JOEL\COOKIES\JOEL@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
	.xiti.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
         
7. Habe meine 3 USB-Sticks angeschlossen.

8. ESET-Scan wurde ausgeführt, hier der Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3a2680998ff804496940e0b9bf6a501
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-12 07:03:19
# local_time=2012-05-12 09:03:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 11659960 11659960 0 0
# compatibility_mode=5893 16776573 100 94 27561147 89247849 0 0
# compatibility_mode=8192 67108863 100 0 340 340 0 0
# scanned=290868
# found=5
# cleaned=5
# scan_time=7264
C:\Program Files (x86)\Yontoo\YontooIEClient.dll	a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
H:\JOEL-PC\Backup Set 2011-04-18 231006\Backup Files 2011-06-05 193948\Backup files 1.zip	a variant of Win32/SoftonicDownloader.A application (deleted - quarantined)	00000000000000000000000000000000	C
H:\JOEL-PC\Backup Set 2011-04-18 231006\Backup Files 2011-08-07 210704\Backup files 1.zip	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
H:\JOEL-PC\Backup Set 2012-01-08 190001\Backup Files 2012-01-08 190001\Backup files 4.zip	probably a variant of Win32/Adware.LVTAJCG application (deleted - quarantined)	00000000000000000000000000000000	C
         
9. Habe den Scan mt OTL erneut durchführen lassen.
Erstes Log:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.05.2012 21:08:09 - Run 2
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Joel\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 39,14% Memory free
8,00 Gb Paging File | 5,48 Gb Available in Paging File | 68,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 53,36 Gb Free Space | 54,64% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,64 Gb Free Space | 84,42% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 155,89 Gb Free Space | 79,82% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
Drive L: | 7,45 Gb Total Space | 6,23 Gb Free Space | 83,61% Space Free | Partition Type: FAT32
Drive N: | 1,87 Gb Total Space | 1,67 Gb Free Space | 89,45% Space Free | Partition Type: FAT
Drive O: | 1,86 Gb Total Space | 0,02 Gb Free Space | 1,03% Space Free | Partition Type: FAT
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.12 17:56:23 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.05.11 22:59:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Downloads\OTL.exe
PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe
PRC - [2011.10.21 23:20:03 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.02.02 00:15:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.02.02 00:15:46 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.12 17:56:23 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0004\~df394b.tmp
MOD - [2012.05.12 17:56:23 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0004\~de6248.tmp
MOD - [2012.05.11 17:46:31 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012.05.10 21:18:50 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012.05.10 21:18:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012.05.06 11:27:39 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
MOD - [2010.07.14 17:40:05 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.07.14 19:58:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.10.21 23:20:03 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.30 17:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.12 12:15:30 | 000,000,000 | ---D | M]
 
[2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2012.05.11 18:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions
[2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.10 17:06:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com
[2012.05.07 19:19:31 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml
[2012.05.12 02:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI
[2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.07 07:53:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.14 17:37:07 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - Startup: C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.05.12 12:15:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 06:59:01 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 06:59:00 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012.05.10 06:59:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.10 06:59:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012.05.10 06:59:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.10 06:58:02 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 06:58:00 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 06:58:00 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.14 03:03:19 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.14 03:03:18 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.14 03:03:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.14 03:03:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.14 03:03:17 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.14 03:03:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.14 03:03:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.14 03:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.14 03:03:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.14 03:03:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.14 03:03:16 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.14 03:00:36 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.14 03:00:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.14 03:00:34 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 20:56:18 | 000,019,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 20:56:18 | 000,019,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 18:58:01 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.12 18:58:01 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.12 18:58:01 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.12 18:58:01 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.12 18:58:01 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.12 17:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.12 17:55:46 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.10 21:16:54 | 000,300,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.05.06 11:27:39 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.06 11:27:39 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar
[2011.10.21 23:20:03 | 000,234,536 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.21 23:20:03 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.21 23:20:02 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc[1].exe
[2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat
[2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== LOP Check ==========
 
[2012.05.08 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa
[2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo
[2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader
[2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go
[2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0
[2012.05.12 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ
[2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode
[2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient
[2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++
[2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet
[2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org
[2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera
[2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer
[2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds
[2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client
[2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Das Zeite (Extras) Log hab ich als angehangen, da ich sonst zuviele Zeichen hatte.

Vielen Dank für deine Hilfe, und ich hoffe mal, dass ich alles richtig gemacht habe.
Probleme mit dem PC gab es in sofern, dass ich gestern und vorgestern einen Bluescreen hatte und das ab und zu in unregelmäßigen Abständen bei verschiedenen Programmen kommt: Programm XY funktioniert nicht mehr.
Danach muss das Programm geschlossen werden, aber kann wieder normal neugestartet werden.

Angehängte Dateien
Dateityp: txt Extras.Txt (78,4 KB, 194x aufgerufen)

Alt 12.05.2012, 22:12   #6
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Zitat:
Zitat von blubberflash Beitrag anzeigen
Hm ja ich habe grade leider kein System zum installieren da. Habe zurzeit Windows 7 Home Premium 64 Bit drauf, aber das ist eigentlich nur eine Testversion für 30 Tage gewesen, die beim Kauf des Computers dabei war.
Ich müsste mir also wahrscheinlich erstmal eine Windows 7 Version kaufen, bevor ich das dann aktuallisieren kann.
beim Kauf eines Laptops/PC`s mit Betriebssystem, also ist ein aktuelles Betriebssystem wie Windows 7 meistens schon vorinstalliert! Du musst da nichts extra kaufen!

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):
Code:
ATTFilter
:OTL
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
versuche mal mit Update dann auch das SP 1 aufspielen:
Zitat:
Update deinen Rechner mit aktuellen Updates von Windows 7:-> Microsoft Update hält Ihren Computer auf dem neuesten Stand
__________________
--> Avira Fund EXP/2011-3544.CQ.1

Alt 13.05.2012, 11:48   #7
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Als ich heute auf eine Meldung die mich auf Updates hingewiesen hat geklickt habe war er wohl dabei das SP1 zu installieren.
Avira hat dann plötzlich einen Fund gemeldet und das Update war nicht erfolgreich.
Code:
ATTFilter
Die Datei 'C:\Windows\winsxs\Temp\PendingRenames\545dd29beb30cd01dd4900001c128c05.wow64_microsoft-windows-p..installerandprintui_31bf3856ad364e35_6.1.7601.17514_none_3eceef6140ec9728_puiobj.dll_343adf45'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen5' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4af52661.qua' verschoben!
         
Den OTL-Fix habe ich noch nicht ausgeführt.
Sollte ich ihn trotzdem erstmal anwenden?

Hm also ich nehme an, dass das ein Fehlfund war, nachdem ich hier mal nach dem Virus gesucht habe.
Ich habe den OTL-Fix ausführen lassen und hatte das Log kopiert und wollte es hier posten, aber da schien die Seite grade down zu sein.
Nun kann ich das Log nicht mehr finden. Muss man die Logs von OTL immer manuell abspeichern?
Kann leider nur noch ein alter Log finden.

Edit: Habe den Speicherort der Fix-Logs von OTL nun doch gefunden. Hier der Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Error: Unable to stop service VClone!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VClone deleted successfully.
C:\Windows\SysNative\drivers\VClone.sys moved successfully.
Service ElbyCDIO stopped successfully!
Service ElbyCDIO deleted successfully!
C:\Windows\SysNative\drivers\ElbyCDIO.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Joel\Downloads\cmd.bat deleted successfully.
C:\Users\Joel\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Joel
->Temp folder emptied: 56920316 bytes
->Temporary Internet Files folder emptied: 5784207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 962790338 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 1321 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2894 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 978,00 mb
 
 
OTL by OldTimer - Version 3.2.42.3 log created on 05132012_161226

Files\Folders moved on Reboot...
C:\Users\Joel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 13.05.2012, 23:11   #8
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



deaktiviere Avira während die Updates von Microsoft laufen!
-> Avira deaktivieren:
in der Taskleiste ist der kleine Kontrollschirm von Antivir. Den mit der rechten Maustaste anklicken und Antivir aktivieren Häkchen weg
dananch bitte nicht vergessen wieder aktivieren!!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 13.05.2012, 23:46   #9
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Okay habe Avira deaktivert und das Service Pack 1 konnte erfolgreich installiert werden.
Wenn ich unter Windows Updates nachschaue werden mir da nun noch einige andere wichtige Updates empfohlen. Soll ich gleich mit denen weitermachen?

Alt 14.05.2012, 00:08   #10
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



ja, solange bis noch angeboten wird, alle Updates installieren!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 14.05.2012, 16:07   #11
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Habe ich gemacht.
Mein System scheint jetzt (von den Windows Updates her) auf dem neusten Stand zu sein.
Ich hab mir noch den Secunia PSI runtergeladen und werde mal nachsehen ob der mir noch was anzeigt.
Hast du sonst noch irgendwelche Tipps?

Alt 15.05.2012, 09:53   #12
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



alles im grünen Bereich?

erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 15.05.2012, 15:51   #13
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Ja zurzeit habe ich keine Probleme.
Hier die 2 OTL-Logs.

Code:
ATTFilter
OTL logfile created on: 15.05.2012 15:43:47 - Run 3
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Joel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,52% Memory free
8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 51,64 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,70 Gb Free Space | 81,77% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.15 12:57:19 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2012.05.11 22:59:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Downloads\OTL.exe
PRC - [2012.05.08 21:28:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.25 23:42:44 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.19 08:57:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.04.19 08:57:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.28 18:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- E:\Hamachi\hamachi-2-ui.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.07.08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009.05.04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.15 12:57:21 | 000,592,896 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0005\~de6248.tmp
MOD - [2012.05.15 12:57:19 | 000,697,884 | ---- | M] () -- C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0005\~df394b.tmp
MOD - [2012.05.14 19:29:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.14 15:39:26 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 15:39:21 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.06 11:27:39 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.25 23:42:44 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.04.13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2012.02.29 14:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.16 17:52:21 | 000,008,704 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\GetCoreTempInfoNET.dll
MOD - [2011.06.16 17:52:21 | 000,007,680 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\SystemInfo.dll
MOD - [2011.06.16 17:52:21 | 000,006,144 | ---- | M] () -- C:\Users\Joel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.6.gadget\CoreTempReader.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.04.20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.08 21:28:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:28:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.25 23:42:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 12:26:16 | 001,295,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.03.30 12:26:14 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 14:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.13 18:38:00 | 004,241,016 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.10.30 17:42:31 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.10.30 17:41:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.30 17:41:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.08.10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009.08.10 15:19:30 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 05:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.12.16 16:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.17 18:52:16 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.17 18:52:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.08.12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.11.25 15:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.05 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2001.08.25 16:44:45 | 000,011,616 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (Secdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {2922AFAD-0159-43EB-8D35-9DA555BFC30A}
IE - HKCU\..\SearchScopes\{2922AFAD-0159-43EB-8D35-9DA555BFC30A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9
FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 23:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.14 16:29:46 | 000,000,000 | ---D | M]
 
[2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions
[2012.05.11 18:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions
[2012.02.13 12:07:38 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2012.03.29 22:47:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.05 22:07:20 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.10 17:06:51 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.01 21:11:47 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\plugin@yontoo.com
[2012.05.14 21:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.14 16:33:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.05.11 18:24:02 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI
[2012.04.25 23:42:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.14 16:33:26 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Joel\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Babylon Translator = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\
CHR - Extension: Google Mail = C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [ASRockOCTuner]  File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.14 19:42:40 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.14 16:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.14 16:33:31 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:31 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.05.14 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Secunia PSI (BETA)
[2012.05.14 16:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.05.14 15:08:25 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012.05.13 23:47:23 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012.05.13 23:47:21 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.05.13 23:47:21 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.05.13 23:47:15 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.05.13 23:47:13 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.05.13 23:47:13 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.05.13 23:47:13 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.05.13 23:47:13 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.05.13 23:47:13 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.05.13 23:47:12 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.05.13 23:47:12 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.05.13 23:47:12 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.05.13 23:47:12 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.05.13 23:47:12 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.05.13 23:47:12 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.05.13 23:47:12 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.05.13 23:47:12 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.05.13 23:47:08 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.05.13 23:47:07 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.05.13 23:47:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012.05.13 23:47:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012.05.13 23:47:05 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012.05.13 23:47:05 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012.05.13 23:46:49 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012.05.13 23:46:48 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012.05.13 23:46:46 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.05.13 23:46:45 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.05.13 23:46:38 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012.05.13 23:46:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012.05.13 23:46:37 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012.05.13 23:46:37 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012.05.13 23:46:37 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012.05.13 23:46:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012.05.13 23:46:37 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012.05.13 23:46:31 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012.05.13 23:44:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.05.13 23:44:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.05.13 23:24:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.05.13 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.13 23:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.13 11:22:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.05.12 18:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.12 12:35:02 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.12 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.12 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.12 12:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.05.12 12:08:29 | 000,839,112 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:28 | 000,955,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:28 | 000,268,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:22 | 000,189,384 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:22 | 000,188,872 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 12:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.05.12 11:43:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.12 02:22:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.11 18:31:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Malwarebytes
[2012.05.11 18:31:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.11 18:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.10 06:59:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 06:58:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 06:58:01 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 06:58:01 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.05.01 21:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.04.29 17:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.25 23:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.15 14:59:56 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 14:59:56 | 000,019,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.15 13:02:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.15 13:02:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.15 13:02:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.15 13:02:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.15 13:02:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.15 12:56:47 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.15 12:56:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.15 12:56:31 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.14 19:42:40 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:33:26 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.05.14 16:33:26 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.05.14 16:33:26 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.05.14 16:31:29 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:12:57 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.14 16:12:57 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.14 15:31:24 | 001,590,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.13 23:30:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.05.13 23:30:22 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2012.05.13 13:44:23 | 544,077,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:26 | 000,132,796 | ---- | M] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:08:04 | 000,955,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.05.12 12:08:04 | 000,839,112 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.05.12 12:08:04 | 000,268,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.05.12 12:08:04 | 000,189,384 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.05.12 12:08:04 | 000,188,872 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.05.12 02:22:06 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.08 21:28:20 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 21:28:20 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.06 22:27:36 | 000,156,374 | ---- | M] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.04.29 17:16:42 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.14 19:42:40 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.05.14 16:31:29 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012.05.14 16:17:26 | 000,000,994 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.14 16:07:48 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.05.13 13:44:23 | 544,077,993 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.05.12 12:34:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.12 12:22:18 | 000,132,796 | ---- | C] () -- C:\Users\Joel\Documents\cc_20120512_122214.reg
[2012.05.12 12:15:31 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.05.12 12:15:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.05.12 02:22:06 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.11 18:31:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.06 22:27:36 | 000,156,374 | ---- | C] () -- C:\Users\Joel\Documents\ts3_clientui-win32-1334913258-2012-05-06 22_27_36.107679.dmp
[2012.02.29 14:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar
[2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat
[2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
[2011.05.02 22:01:15 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.02 22:01:15 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda
[2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== LOP Check ==========
 
[2012.05.08 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2011.05.19 14:49:26 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\aaa
[2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo
[2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader
[2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go
[2012.02.13 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0
[2012.05.15 15:42:32 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ
[2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode
[2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech
[2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient
[2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++
[2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet
[2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org
[2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera
[2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer
[2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds
[2012.04.23 22:15:56 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client
[2012.03.18 10:47:41 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Und der Extras Log:

Code:
ATTFilter
OTL Extras logfile created on: 15.05.2012 15:43:47 - Run 3
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Joel\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,52% Memory free
8,00 Gb Paging File | 5,75 Gb Available in Paging File | 71,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 51,64 Gb Free Space | 52,88% Space Free | Partition Type: NTFS
Drive E: | 247,15 Gb Total Space | 208,63 Gb Free Space | 84,41% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 98,73 Gb Free Space | 50,55% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 159,70 Gb Free Space | 81,77% Space Free | Partition Type: NTFS
Drive H: | 195,31 Gb Total Space | 6,35 Gb Free Space | 3,25% Space Free | Partition Type: NTFS
Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS
 
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015815D5-4987-4150-9D7A-F49B9F7D5396}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05EBCCD6-652A-44CA-94E9-E57F8FF52600}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{06FA5D42-DFB0-43D1-B7D7-DFBA6422BACF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{088EC2C0-2CEA-4D29-8E3A-5BC6E17937E1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0EDD4EB9-0141-455D-9869-5381630AA28B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11124883-B46D-4855-8250-DD475A4450D7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{11A2AE83-0D1A-4044-9EA4-F3FC9A6AF2F9}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{12381292-6D93-4B38-9CAA-EB4B17D2AB73}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{19B708A7-7745-4D63-A51A-751417C1C5E1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2135EF7B-ABE1-4308-A8B5-B1E1D2F362F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{245E9322-C745-4F47-B696-F263FAD6BA38}" = lport=6889 | protocol=17 | dir=in | name=teeworlds 6889 | 
"{26E18C0F-89A8-40EE-B0E8-74745893CF29}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2BCA9D23-17DE-40B5-8956-536B7F56943A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2DA99FB8-C4C6-4827-B4EB-134F1BBF2347}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3846C789-5684-43E0-9C11-DDDA5AC2205A}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE6A1A6-8931-4FDA-ACB7-0D68F8946B24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3DD2EBCF-BC0B-46F1-BEB1-CB58F2E65B7F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3FA2AA14-4FF3-41D9-9933-898491A8BD5E}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{4A9E817D-66BF-42F7-BE98-4F37970322BB}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C7BEE98-F2F3-4C05-84AC-40AF57B7367F}" = lport=8303 | protocol=6 | dir=in | name=teeworlds 8303 | 
"{541ADF90-38D5-4693-ACB5-4A564C8085F3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57B3AD67-C67C-4D4B-81D1-24525953D8ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{712ED346-27E9-411E-A1DB-BB3532EFD6B5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7550083D-8366-456B-B103-512A483711FD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7FC55C48-E1F7-4431-B5DC-9F9D444A98F0}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8CA0D869-4A94-4DDF-8AD7-1D6C6ABA9A6F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{90260A72-7C51-4B92-BBA0-C9601E4CFC14}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94C425E1-132A-4F32-8420-B01024B7A645}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AF4B6F89-C56C-4714-AB97-84E206950D7B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFF3AA23-9A5C-4C27-A1A8-C71198CE1C9C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C8D3113E-3008-42E5-8128-862A1139E7E4}" = lport=8303 | protocol=17 | dir=in | name=teeworlds 8303 | 
"{C8FF6561-17F4-4395-97DD-A94AC3D92833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CFDEFD51-A904-405A-83E7-B82E240785DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D4CB7803-B589-43B8-A12D-6E054869F04F}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{D6B45973-2137-4C51-89AF-88D1ED1B86DD}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{DADA2499-EB5D-4D4B-9C25-EB8AE22216D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{DDE33CEC-4819-4165-8E5A-FC118D7824B2}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{E0F2A274-ACD8-4DAE-98E5-F9CB96999C05}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E860FF78-F313-4A86-A9F6-4A25D60C7C76}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{E9F41EDC-A75F-4CF9-B45C-8B59470A88A0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{EBAAA8FB-EE5E-4D9C-B789-DAFAF2302B15}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | 
"{EC717585-9A40-4B80-822F-B922F7225B6B}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{F7E65764-E8BC-43CD-8379-1B573B36D4F3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FA262EBD-ADCA-44BE-8B37-025647D07DB4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA8481E5-AF40-4F49-821C-04D8A55A9539}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FD9831E4-DDFC-45D7-9D5D-26B7A280F5D6}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FE14AF1F-F279-4CF9-8D44-436CD5C52E30}" = lport=rpc | protocol=6 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3B126-5F17-43AC-B5F8-5308CBEBC442}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{0E866DD7-C829-40E7-86BB-7ADE18317CB1}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{1A15FD6B-66CC-4499-95F8-0A4704128839}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1BD50DC6-91B6-4E81-93C0-D914DE6940BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CAB8500-5FBC-4D0B-AC57-862DF5B4FCAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D6D9081-B49B-45A3-AD35-38697A98CBC5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{1DD0803B-C9BC-48F4-A29A-B2DFEA15FC3B}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{23C1D74F-982F-48CB-BE6E-179079715A8A}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{2980A7BE-7C96-472E-94E2-1655BFB5ABFC}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3245222B-3529-4C6D-A44B-4965FD2D4BF2}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{33328ADB-1A55-4554-ADE1-97F6BDF67CB4}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{3CE72F82-D496-44CD-BEE9-59D94F70DA9F}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{42EE1539-3799-4CB6-9280-B99B08FA2E51}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4AD08C25-9E9B-46D5-9CA6-F93EFADB2001}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5108EEC9-83CD-4EFE-A7B6-45EA62B06744}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{52764308-B504-4B40-934F-42FB2E462B67}" = protocol=17 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{57B906E3-9808-4E95-B071-8E9A8546FF35}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{5C244910-F9D9-439B-918F-22807DF574E1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{600EFF9C-C1E7-4214-9C47-1328DFACD1B0}" = protocol=6 | dir=out | app=system | 
"{605C8B43-1D1D-4210-944C-326BD8D13605}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{61BFECEE-5A94-40F9-8395-3030C378BFCD}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{665EE240-9017-40A5-BC67-7E33C9BF1BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69078C34-E2F9-4E08-B796-4CB9554E522C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{6A1776CA-3594-4245-A668-15FD1BAFEAB0}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2editor.exe | 
"{76EF8693-A675-4258-878F-1E8331258C53}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{792616E3-4491-4D5E-BF85-699167F5D06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7CEC6574-F3FC-45EF-ADEA-EFE123CD08DF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{7CEEDD4F-F520-4689-BD77-E863AF242D04}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{80902871-5467-415E-8A7F-0FBC14CE5AAF}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\rpcagentsrv.exe | 
"{8132ECDD-BD30-4E30-83FF-DACEA64249B5}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{8B718EAC-453F-4770-9A91-B722EDCB5229}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{8BD19A94-2866-4DB0-997C-BA8313179C68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D0B9BCD-352A-44B0-8E6A-78BDE7EAFB9B}" = protocol=58 | dir=in | app=system | 
"{90B29A8C-07D4-4FA8-B437-372618C0E054}" = protocol=6 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{95ACD2CD-8FBD-491F-B65E-93F7E61FC6A2}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A4D77DD2-7F25-4CDB-B66B-C2779EA49D70}" = protocol=17 | dir=in | app=e:\far cry 2\bin\fc2launcher.exe | 
"{A9461706-D7AA-451B-A0F0-35F0D8F86C3B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A9EA04DD-B6D9-49AF-84D0-34A21A9DC884}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AD9F48D9-D24B-437B-8225-A71D72AB9D01}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{AF98AE5C-1802-4662-AB77-C4EAF0D40CA8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BB3FDDCF-593C-4FED-8177-2CEBF9B876F4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BD89DF75-6603-4B1E-8B3B-18571CE447EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BF72DDE1-60A7-4EC6-9F75-2A09A053835E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C760398A-B8AF-4F00-A259-1CD29D9C6248}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{C8EA45EE-3F6D-4393-8033-EF756008536B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D15DB42D-7FFD-441B-9CEC-FAFBADEC5832}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{DC00E59C-509D-47EE-94E7-8D35DAB582AE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{DCAA34C4-8967-42E4-9C78-E9956F3C99B8}" = protocol=6 | dir=in | app=e:\far cry 2\bin\farcry2.exe | 
"{DCB87F33-6EC8-4205-8D96-4444FC969B3A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E3C22EB4-9D0A-4100-B80F-1720117B69AF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{EE2F26C4-A33E-4F03-9FA8-B391F9652B3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA942E7-DD54-4CE3-9BF6-302536EED318}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{EEFB4877-B4D1-46A2-80CB-68D11A9A95BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F18CDE47-D147-4493-8719-911BC85815F1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe | 
"{F6B7F342-6C59-467F-93A9-4DD469789FAC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F7B31CA4-7E0F-4495-B49F-AADAF19AC1A9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC5FE58-F9BF-4219-9C75-AF67E4D16254}" = protocol=1 | dir=in | app=e:\sisoftware sandra lite 2010.sp3\wnt500x64\rpcsandrasrv.exe | 
"{FDB0D687-F909-4780-88F0-871C9B48F49F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{073D0A6D-EA75-4A3D-999C-EFE9F9AE03BE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"TCP Query User{08120891-AC55-4A3F-8B9A-7189CDB31059}E:\runes of magic\launcher.exe" = protocol=6 | dir=in | app=e:\runes of magic\launcher.exe | 
"TCP Query User{0F5C36C0-7EE5-4213-BC9E-0A4C7E30463A}E:\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"TCP Query User{1702350D-7D8E-49F4-BD9A-1481CBEC6825}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
"TCP Query User{1F5934C3-A05B-469D-A920-C93A55B72337}E:\runes of magic\client.exe" = protocol=6 | dir=in | app=e:\runes of magic\client.exe | 
"TCP Query User{2DD4A950-554B-41AC-9BE5-1C9CB737EE03}E:\age of empires 2\empires2.exe" = protocol=6 | dir=in | app=e:\age of empires 2\empires2.exe | 
"TCP Query User{33AE62CA-5396-44C9-8DEE-C79E74321E4D}E:\njam\njam.exe" = protocol=6 | dir=in | app=e:\njam\njam.exe | 
"TCP Query User{42355D16-A3D8-4F51-867C-4ECD1083F2F4}E:\mirc\mirc.exe" = protocol=6 | dir=in | app=e:\mirc\mirc.exe | 
"TCP Query User{60F5A421-F134-494C-9412-D47E063047C9}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=6 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"TCP Query User{7D5DB9CE-ABFE-4DDF-A061-08CB79AEB9CF}E:\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"TCP Query User{967A166B-39B2-4214-B950-5B99F1604481}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{C3DDD949-FC0A-434A-9C69-5147C5752836}E:\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{0A856155-4C77-4DCF-BEC9-D28558A76A27}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{0B31C258-5707-421D-A622-702B6C248E48}E:\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=e:\tmnationsforever\tmforever.exe | 
"UDP Query User{1EFF81D8-9DA8-4B64-968C-7E8EEC6943DE}E:\runes of magic\launcher.exe" = protocol=17 | dir=in | app=e:\runes of magic\launcher.exe | 
"UDP Query User{2BD8ECDB-C61C-41D0-A08E-BB42CBDA032D}E:\runes of magic\client.exe" = protocol=17 | dir=in | app=e:\runes of magic\client.exe | 
"UDP Query User{2C29389C-B73A-4E2B-B303-79A30D00295D}E:\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=e:\urbanterror\iourbanterror.exe | 
"UDP Query User{34CBF9A0-42B6-4A84-8F3A-CF5C9765C80B}E:\age of empires 2\empires2.exe" = protocol=17 | dir=in | app=e:\age of empires 2\empires2.exe | 
"UDP Query User{753EADA8-C870-408E-B86E-DF7B0DA963A7}E:\njam\njam.exe" = protocol=17 | dir=in | app=e:\njam\njam.exe | 
"UDP Query User{9CE78EEB-CEBF-4F55-9179-B97C83428D8A}E:\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=e:\league of legends\lol.launcher.exe | 
"UDP Query User{DE0C055B-D2C0-483F-B300-94D2EB7D1586}G:\yuleech-runes_of_magic_3_0_5_2262_slim.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262_slim.exe | 
"UDP Query User{E0EB627E-59EE-48F3-A037-EDE088A9CFEE}E:\age of empires 2\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=e:\age of empires 2\age2_x1\age2_x1.exe | 
"UDP Query User{FDFE606C-9EA9-48A5-97BA-701C72E61D04}E:\mirc\mirc.exe" = protocol=17 | dir=in | app=e:\mirc\mirc.exe | 
"UDP Query User{FEFAD096-12E3-4147-94AB-9DE82B585771}G:\yuleech-runes_of_magic_3_0_5_2262.exe" = protocol=17 | dir=in | app=g:\yuleech-runes_of_magic_3_0_5_2262.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010.SP3
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Explorer Suite_is1" = Explorer Suite III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05248BF9-6E23-4AF0-A1CB-C378F9D25524}" = SharpDevelop 4.1
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}" = Die Sims - Megastar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27A48664-BDDF-4AA3-8627-47CB8AC7D8A4}_is1" = Robokill
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC123EEA-330A-4685-911C-95B8F5E9DE68}" = Thief - Deadly Shadows
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"ASRock IES_is1" = ASRock IES v2.0.69
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.24
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.3.91
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Divine Divinity" = Divine Divinity
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"FreePascal_is1" = Free Pascal 2.6.0
"HyperCam 2" = HyperCam 2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Jagged Alliance 2 Wildfire" = Jagged Alliance 2 Wildfire
"Jagged Alliance 2: Unfinished Business" = Jagged Alliance 2: Unfinished Business
"Little Fighter 2" = Little Fighter 2 1.9c
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Njam_is1" = Njam 1.21
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"Pangya" = Pangya (Ntreev SG Interactive)
"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood
"Secunia PSI" = Secunia PSI (3.0.0.0006)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TmNationsForever_is1" = TmNationsForever
"Urban Terror_is1" = Urban Terror 4.1
"VirtualCloneDrive" = VirtualCloneDrive
"Visual MP3 Splitter & Joiner_is1" = Visual MP3 Splitter & Joiner 6.1
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.05.2012 17:51:11 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 17:51:45 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 17:51:56 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 17:52:08 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.05.2012 17:52:19 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.05.2012 10:05:56 | Computer Name = Joel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Joel\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 14.05.2012 10:08:25 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.05.2012 10:08:25 | Computer Name = Joel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 15.05.2012 09:11:47 | Computer Name = Joel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 15.05.2012 09:13:37 | Computer Name = Joel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Joel\downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 13.05.2012 17:39:06 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 14.05.2012 09:03:25 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.05.2012 09:03:25 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 14.05.2012 09:36:19 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.05.2012 09:36:19 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 14.05.2012 13:22:36 | Computer Name = Joel-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 14.05.2012 13:24:00 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 14.05.2012 13:24:00 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 15.05.2012 06:59:55 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 15.05.2012 06:59:55 | Computer Name = Joel-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         

Alt 16.05.2012, 08:43   #14
kira
/// Helfer-Team
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



1.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen!
Nach installation in der Log-Datei soll etwa so aussehen:
Zitat:
Folder = C:\Users\***\Desktop
Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

2.
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 16.05.2012, 15:13   #15
blubberflash
 
Avira Fund EXP/2011-3544.CQ.1 - Standard

Avira Fund EXP/2011-3544.CQ.1



Oh das mit auf dem Destkop speichern hatte ich leider überlesen :/
Ich werde es mir bald runterladen und dann auf dem Destkop speichern.
Ich bin aber erst am Freitag wieder da. Aslo den Thread bitte in der Zeit nicht schließen.

Antwort

Themen zu Avira Fund EXP/2011-3544.CQ.1
.dll, administrator, appdata, autostart, avg, avira, blaster, datei, dateisystem, desktop, deutsch, entfernen, exp/2011-3544.cq.1, explorer, forum, free, google, heuristiks/extra, heuristiks/shuriken, modul, monitor.exe, namen, nt.dll, problem, programm, prozesse, pup.bundleoffer.downloader.s, pup.offerbundler.st, registry, shutdown, sound, trojan.agent.h, trojan.fakealert, verweise, windows



Ähnliche Themen: Avira Fund EXP/2011-3544.CQ.1


  1. Java/Exploit.CVE-2011-3544.BR trojan
    Log-Analyse und Auswertung - 28.11.2012 (14)
  2. Exp/cve-2011-3544
    Log-Analyse und Auswertung - 15.10.2012 (1)
  3. AviraExploitsfunde:EXP/2011-3544.CZ.2; EXP/Java.Ternub.a.6; EXP/Java.Ternub.a.28 &Fund APPL/HideWindows.31232 in C:\Programme\MioNet\cmd.exe
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (33)
  4. Exploits EXP/CVE-2011-3544.BU von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (37)
  5. Laptop befallen von: Exploit.Java.cve-2011-3544.ji, Was tun?
    Plagegeister aller Art und deren Bekämpfung - 09.08.2012 (12)
  6. Exploits EXP/CVE-2011-3544.CF - Ist alles weg?
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (2)
  7. Trojanerfund EXP/2011-3544.BY & TR/Ransom.Ej.13 & W32/Parite.BadClean.Gen
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (6)
  8. Exp/2011-3544.hh
    Log-Analyse und Auswertung - 26.04.2012 (1)
  9. Avira meldet EXP/2011-3544.BW.1 und JAVA/Dldr.OpenS.H
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (5)
  10. EXP/2011-3544.BU.1 in AppData\Local\Temp\jar_cache1546302327481531767.tmp
    Log-Analyse und Auswertung - 27.03.2012 (24)
  11. EXP/2011-3544.BU.1 mittels Avira AntiVir gefunden
    Log-Analyse und Auswertung - 19.03.2012 (8)
  12. Avira meldet EXP/2011-3544.BY.1, ist mein System noch sicher?
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (5)
  13. Avira hat TR/Maljava.A.43 und Exploits EXP/CVE-2011-3544.AZ gefunden - und nun?
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (33)
  14. Avira Fund EXP/CVE-2011-3544 & TR/Crypt.ULPM.Gen
    Log-Analyse und Auswertung - 24.02.2012 (22)
  15. 2 Viren gefunden (Exploit) - EXP/CVE-2011-3544.E und EXP/CVE-2011-3544.J
    Plagegeister aller Art und deren Bekämpfung - 20.02.2012 (30)
  16. exploit.java.cve-2011-3544 irreparabel
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (23)
  17. EXP/2011-3544.AK und EXP/2010-0840.CN
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (4)

Zum Thema Avira Fund EXP/2011-3544.CQ.1 - Hallo am 16.04. hatte ich mit Avira einen Komplett-Scan gemacht. Hier ist der Bericht zu sehen: Code: Alles auswählen Aufklappen ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Montag, 16. April - Avira Fund EXP/2011-3544.CQ.1...
Archiv
Du betrachtest: Avira Fund EXP/2011-3544.CQ.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.