Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Battle.net-Acc wurde gehackt nach Echtgeldeinkauf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.07.2012, 22:28   #1
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Hi Leute,

Ich habe gestern Abend noch ne Runde Diablo3 gespielt und bin dann schlafen gegangen.

Hab mich heute Abend wieder rangesetzt und musste einen gesperrten Acc vorfinden.
Daraufhin habe ich durch die Blizzard-Hotline meinen Acc wieder entsperren lassen und habe erfahren dass ich von den USA aus gehackt wurde.

Um ein neues sicheres Passwort zu erstellen sollte mein PC frei von Vieren sein.
Man gab mir den tipp HiJack-This zu verwenden.

Gesagt - Getan

nur bin ich nicht wirklich schlau daraus geworden:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:24, on 17.07.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe
C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
F:\Downloads\Firefox\HiJackThis204.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Codecv - {23C68CD2-0FA7-4929-A50E-8958825B5A6A} - C:\ProgramData\Codecv\bhoclass.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O3 - Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe                                                                                                                                                                                                                        
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe                                                                                                                                                                                                                      
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-18\..\Run: [Steam] "E:\Steam\Steam.exe" -silent (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Steam] "E:\Steam\Steam.exe" -silent (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - d:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\Windows\SysWOW64\dgdersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 13522 bytes
         
Ehe ich da etwas rummurkse dachte ich mir: hol ich mir hilfe und bin auf euch gestossen.

Hab dann die Anweisungen für Neulinge befolgt und dass kam dabei heraus:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

17.07.2012 21:13:00
mbam-log-2012-07-17 (21-25-12).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217746
Laufzeit: 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{23C68CD2-0FA7-4929-A50E-8958825B5A6A} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23C68CD2-0FA7-4929-A50E-8958825B5A6A} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{23C68CD2-0FA7-4929-A50E-8958825B5A6A} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23C68CD2-0FA7-4929-A50E-8958825B5A6A} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:42 on 17/07/2012 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
         
Code:
ATTFilter
OTL logfile created on: 17.07.2012 21:26:52 - Run 2
OTL by OldTimer - Version 3.2.54.0     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,42% Memory free
8,00 Gb Paging File | 5,72 Gb Available in Paging File | 71,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,68 Gb Free Space | 19,15% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,93 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,47 Gb Free Space | 20,55% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.17 20:35:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
PRC - [2012.07.12 02:17:17 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012.07.09 22:48:42 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.09 22:48:35 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.06.16 17:35:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe
PRC - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.12 02:17:17 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012.07.09 22:49:31 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.09 22:48:35 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012.06.16 17:35:06 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010.01.30 03:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011.11.23 12:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011.01.27 00:55:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.12 02:17:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.10 20:17:28 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 22:48:42 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.22 02:40:29 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.16 17:35:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.18 17:47:48 | 000,819,976 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011.03.02 17:39:02 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.09.22 17:19:38 | 000,352,976 | ---- | M] (Kaspersky Lab ZAO) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- d:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 11:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Disabled | Stopped] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:02 | 000,032,536 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.01.27 01:37:20 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.27 00:13:32 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.25 11:10:22 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.09.22 17:19:38 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010.07.28 15:33:08 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.28 15:33:08 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.28 15:33:08 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2010.03.10 09:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.01.19 15:04:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.16 19:48:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.01.16 19:48:43 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.09.30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.10.25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.10.25 11:03:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 75 1C AA 2E 96 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={9B7F8B89-5DD1-437F-B594-B03BA95DF87D}&mid=fe2a85ec684a47d1b3edd16b536d85b0-fbd65ef0e68b34be3a076a84c096458c476d4435&lang=de&ds=tt014&pr=sa&d=2012-01-03 19:34:05&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.31 00:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 20:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 20:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.22 17:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
 
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.15 22:34:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions
[2012.07.15 22:34:06 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2012.04.26 22:12:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.04.11 16:58:54 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\4f8550d2151bf@4f8550d2151c1.info
[2012.01.03 20:21:04 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\avg@toolbar
[2010.12.30 21:15:42 | 000,000,937 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\conduit.xml
[2010.04.03 21:35:58 | 000,002,055 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\daemon-search.xml
[2012.07.14 08:44:53 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-1.xml
[2010.10.31 13:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-2.xml
[2010.12.11 21:33:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-3.xml
[2011.01.09 21:05:19 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-4.xml
[2011.03.05 18:26:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-5.xml
[2011.03.25 08:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-6.xml
[2011.04.16 11:50:18 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-7.xml
[2011.06.11 00:31:16 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-8.xml
[2011.06.24 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin.xml
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.24 00:56:08 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.19 05:58:00 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\mozilla firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.09.25 11:51:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.06.06 07:05:45 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011.04.16 12:07:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.05.24 22:38:37 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.06.16 17:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.11 20:48:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 22:48:33 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.11 20:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:48:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:48:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:48:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:48:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0\
 
O1 HOSTS File: ([2011.01.31 01:33:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Codecv Class) - {23C68CD2-0FA7-4929-A50E-8958825B5A6A} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe ( )
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\clpsla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\finecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\finereader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gamecenternotifier.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msc.thunder.easyguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setupneromobile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\clpsla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\finecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\finereader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gamecenternotifier.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msc.thunder.easyguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setupneromobile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\Shell - "" = AutoRun
O33 - MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\Shell - "" = AutoRun
O33 - MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\Shell\AutoRun\command - "" = G:\autorun_setup.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 20:54:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 20:35:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 19:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.06 23:02:33 | 000,000,000 | ---D | C] -- C:\tmp
[2012.07.02 16:48:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Eigene G700-Profile
[2012.07.02 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logishrd
[2012.07.02 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.07.02 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.07.02 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.07.02 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.06.27 03:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.06.27 03:41:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.06.27 03:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012.06.27 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.06.27 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ABBYY
[2012.06.27 00:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.06.27 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.06.25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\COMODO
[2012.06.22 04:04:23 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.22 04:04:20 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.22 04:04:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.22 04:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.22 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.22 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia
[2012.06.22 02:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.06.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.06.22 02:38:56 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.06.22 02:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.06.22 02:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.06.22 02:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012.06.22 02:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 21:23:04 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.07.17 21:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 21:12:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.17 20:48:22 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 20:48:22 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 20:43:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.17 20:43:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 20:43:05 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 20:42:00 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:35:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 20:12:57 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:11 | 000,010,545 | ---- | M] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.12 07:27:14 | 004,991,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 15:13:16 | 001,808,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.11 15:13:16 | 000,765,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.11 15:13:16 | 000,721,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.11 15:13:16 | 000,174,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.11 15:13:16 | 000,147,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 14:07:13 | 000,522,059 | ---- | M] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:56 | 000,392,357 | ---- | M] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:57 | 000,033,242 | ---- | M] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:39 | 000,081,278 | ---- | M] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 19:29:54 | 000,002,727 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | M] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012.06.24 06:45:01 | 000,101,531 | ---- | M] () -- E:\Eigene Dateien\Desktop\normal__2650ab332eef8c0878f2b749dfbbb103_37.jpg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.17 20:42:00 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:56 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:10 | 000,010,545 | ---- | C] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.05 14:07:12 | 000,522,059 | ---- | C] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:55 | 000,392,357 | ---- | C] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:51 | 000,033,242 | ---- | C] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:34 | 000,081,278 | ---- | C] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.06.27 19:29:54 | 000,002,727 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | C] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012.06.24 06:44:45 | 000,101,531 | ---- | C] () -- E:\Eigene Dateien\Desktop\normal__2650ab332eef8c0878f2b749dfbbb103_37.jpg
[2012.06.22 04:03:26 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.06.22 02:07:42 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011.12.21 20:00:48 | 000,001,044 | ---- | C] () -- C:\Users\Andreas\SciTE.session
[2011.11.27 21:39:21 | 086,933,066 | ---- | C] () -- C:\Users\Andreas\stricheSymetrisch.xcf
[2011.11.20 17:04:58 | 049,994,484 | ---- | C] () -- C:\Users\Andreas\Kreis6Abstract.xcf
[2011.07.24 17:40:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\SuhfhvvMxq455337.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\ShvwxduvMxq455337.dat
[2011.03.28 15:52:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.02 17:40:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.02.06 15:22:46 | 000,001,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.02.05 02:41:03 | 000,000,132 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.31 21:51:25 | 000,000,062 | ---- | C] () -- C:\Windows\Contribute.INI
[2011.01.20 21:04:16 | 000,000,246 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Autorun.vbs
[2011.01.16 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.28 20:39:33 | 000,019,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\WebpageIcons.db
[2010.09.28 20:09:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.09.28 20:09:38 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.09.28 20:09:38 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.08.10 02:29:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.10 10:39:38 | 000,007,597 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.01.21 14:13:11 | 000,217,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2011.10.23 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenCandy
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.03.10 04:59:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Passware
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2012.01.10 21:56:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:EB78D20BB6F208DF
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 17.07.2012 20:45:24 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,00% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,71 Gb Free Space | 19,18% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,93 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,48 Gb Free Space | 20,56% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08439B33-31DC-4E91-ACF7-2BAB628152A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{119FAA3A-145B-4608-9E8D-3A9432AAE3D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{12AE4B62-3C67-47E1-B330-2DBA21E391F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12DBA6D6-AB09-41D9-BEF7-45775731C962}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{14CC4243-F83A-46F1-B26E-50817DF9E583}" = rport=139 | protocol=6 | dir=out | app=system | 
"{193480A8-662B-4B42-8D90-F4FAD69D687A}" = lport=1047 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1B9945A3-CC10-43ED-93B1-BED33560216B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2E19904D-85D1-4D9E-A559-41A7E02464E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{36ED1EA1-BD72-4D25-8381-932358277C85}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{414876B0-5253-4311-8AEA-97A7DD8BC9C6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{462E0BFA-B92B-47E7-A376-62BB11E33F24}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4FFE416E-F845-4AA2-BB4A-0B126651E657}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5264EE29-84DF-4C62-BE7B-F4C5CB347948}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5608052A-4818-4016-97AF-A6086D3F016F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5A2D8C4D-3CD6-484E-B01C-8780E9F7236A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{635686E6-87F8-4D82-929C-04A06434CDE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7773F4E3-5D31-438E-B9CE-A551FB464CD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CAE4D63-34A4-4D6F-8FAC-B68C94215FF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{80558743-D110-4A34-95DC-3E0024DF6B96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8641EC4B-68FA-4F0E-B846-DEEE1852E3FF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9614E85C-14A0-4F12-9902-FF9364255452}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96787087-784F-4B15-962F-FF8E804404E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{AC3E73DB-2BB7-407E-95FC-1AE2A69D6A9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B6EBD221-5CA7-4E19-97B6-A668F4A60711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B76F02DC-5EF6-4DC3-94B3-445CC5F36EE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7D813ED-90AA-4A57-9312-166AC239CE29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD244A5B-8103-4A88-A878-15A17C79FA4C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD61A77D-BAE8-45F9-97E1-A30E2F144E1B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF96545C-4DED-4F46-AA9B-2C616A07BF46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3953BCE-B788-44C2-A04B-2228152AD8F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5E3867-0668-4D12-9EA6-74F6EF707687}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DB39D798-B36A-4D4C-9D6A-5DD2A4DBBF32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE480028-9078-40C1-B701-D34E647CD0F6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EF9646B4-362D-482E-8568-3B962A80B5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA3FF8FC-F518-4323-BB17-0850D6561F2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FECCB568-4949-40F2-A47B-0F577B0BBD2B}" = lport=10777 | protocol=17 | dir=in | name=passware kit enterprise 10.0 | 
"{FF585117-8A14-4449-B425-0392094DD7D0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AEA306-EFDC-43B6-94F5-7FD765CA1E6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1166E571-1287-42DC-9E93-E7AE2E42A07C}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo3\diablo iii\diablo iii.exe | 
"{11E0D41E-8FD0-4338-921C-D88FCF69AB89}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{19BDED4D-86DD-4A2D-8137-4C871CB72B8A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2267DB8D-9E48-40BE-B5BD-C5D7A333ECEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{231FC7B6-2A2C-4ECE-A532-71CB58467DA6}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo3\diablo iii\diablo iii.exe | 
"{242474A6-5947-4D6E-A192-5F0C4D4F5BC3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{24A849B9-507F-48D6-B06C-BC0AA5C6E8E6}" = protocol=17 | dir=in | app=e:\downloads\firefox\facemoods.exe | 
"{2B5B58B0-F531-460A-AA1B-60B47D06870A}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{308CFC51-FC48-4A3E-B2ED-E2EF6DD0FFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3101F8B3-9D27-4CB6-81F9-340E7E5B41E0}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{336E9CFE-B797-41BC-91F4-B4DD1C45F2AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{3A907B32-0736-46D1-B330-C6DF4F505BAF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\demolitioninc\finaldgamegl.exe | 
"{3D51CAA8-84B6-4458-B917-E9E559EFCEF3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3E09111E-8B13-4666-893E-D4150233D1BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{42354FB2-E586-4A92-8813-935E64FC0984}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{42360135-4807-4BEF-B898-B035C32C8E49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{425DFDD0-58B8-4256-B7EA-DBD612E760CA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\demolitioninc\finaldgamegl.exe | 
"{44BCBEF0-C9FC-4268-A7B0-3C96F193E9C5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{4657B1BF-3094-450F-818F-CC14651D3835}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{48914184-0DF3-4BDF-827D-AA3035CF0FB6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A876F32-2C6F-42D0-8FFF-2A9DBB25A5DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52BEB34B-A276-492C-8A14-A9461996FD68}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{54266E5F-B283-46CA-9570-38E16222D2F7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{55EFED03-D99B-4DC6-92BD-B693E6FE04F4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{59FAA555-1BAB-4625-A013-4BF5BFA100E4}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{5A2AFA23-9A72-4AF4-A54F-93037E7243E2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{60674DDB-01B4-4909-8CA1-EDDCF9732BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{66D0A8E5-72E5-4042-B1F9-9A8C724D777A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{781827F0-0909-4207-9F09-E88E6229D5F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{78BD0CE6-0189-4532-B4F0-EBB31936021B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{78CD9EBF-2D54-40CB-A94D-7A91693069F8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7E9744CF-D754-4D63-8E33-6DFC5BC4BE49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FA219B7-A9D4-49A5-9FEA-A2C8F3391DE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{83F954BA-2A98-459B-9FF5-A49078326C53}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{87B3DD63-1399-4176-8895-B0F385B69741}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{8A6A1B1D-F007-43C4-8DEF-7022B9975499}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8AA2840B-F1E3-4F63-8AC3-AD8462DA1A89}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{9A8AA0CE-02F1-4590-A033-0FB733B70561}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A0F66EA6-2727-4F0D-9E31-BCD5B8697CA9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{A89CF59E-DA76-48A7-88BC-838FC68C40DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{AB1531C8-EC61-4934-A819-1AB3BF06259B}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{AC60EF55-9D80-423A-93E4-8C58D1B8A64A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B21CF911-6FFB-407E-BB6A-E1421C9DE68B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B237421A-3675-4836-B795-F8F2167F9A0C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{B2C1B9E6-4450-478D-AF8A-E1AFFC3A7CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B3838712-1328-4333-918C-7E0865E648F3}" = protocol=6 | dir=out | app=system | 
"{B390360A-8FF0-44D1-A42F-A7D266920649}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B44F4818-DF44-489C-889F-0E03083A97C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B5391274-EFCD-4615-BF03-266342A0D247}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B6151D22-5915-4938-8004-F54869351EF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BA3F9F1A-4106-4E66-9DA8-1569D2CA7B72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{BA8586AA-DFAC-4571-907C-7381A8F61615}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0796486-B821-4632-9FE7-072860D8102A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{C3A9F648-63CD-4B7E-978E-CE9666DF2DD9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{C5099768-634A-4FD3-A830-D363C835C1AD}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{D24445F7-948E-42C4-9F2B-B63E8A66E0DC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{D455ECF7-A7FD-440C-9E5B-28D8C7DDE586}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D5BD4CE2-9FF2-434C-A737-C97817BC16D4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{D645A062-D551-425F-99AC-48B11C8696E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D82AE490-CF2A-4C66-A72F-EB3716D9AD87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D99AA3D3-C70E-4C0E-A95B-2AA9AF16E418}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{DC79A0EC-CE6A-4BB8-BFD8-FE0C62EAAC07}" = protocol=6 | dir=in | app=e:\downloads\firefox\facemoods.exe | 
"{DD3C1715-81C5-4BA4-8753-47E51C79C1B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E00C7842-D476-4614-9BBB-2D2CEA16A17B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E11A9E78-1682-4A19-9F4D-E3A7D6952860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E16B2892-640D-4EE1-B445-DC5620D88181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2FB7263-B8A4-4E71-A9C2-FFEC75C2AC86}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E3787E7D-23BB-4F9B-9601-5A072AFCC6B0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{E3874FB9-2C50-4827-BDAC-9D502974BE3E}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{E95EB4D2-A740-4EBE-88F8-2CF1CF10B00C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECF22247-E61C-42E3-BA7E-0F64D217634D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ECF2DB0C-6A9A-4BE9-BAAA-3393FDD965D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE081E36-CDDA-4C69-B4E5-9E30668B3ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0F615AE-F9C2-468A-8247-99473085E937}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F935CD95-2F69-4D62-8CF7-5D1452C8FD11}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{FF305FD9-BA8D-47BB-92AF-F0F7D676E87E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1F8AE91C-CE26-45AF-A53C-E7A16C0E0A80}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{29534BE2-19AC-4356-BE06-B112058B69E2}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"TCP Query User{2E3B7709-219A-4B4B-87D3-7FDB8799C50F}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{2FE89A1E-A720-4B0C-BA08-736F51B21AB9}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{30F2F1A2-0DFD-4B53-A58A-9E81FD33DBE4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{448E8019-A999-42BD-AAD7-07835031C03D}C:\glassfish3\jdk7\eclipse.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk7\eclipse.exe | 
"TCP Query User{6C1D6B04-69FA-4011-A496-CC21940432C8}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7966CE5D-168A-4008-986F-BD9DBFED4F01}C:\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe | 
"TCP Query User{85C2BBCA-80FE-4CC2-BDCA-C7688CA21C9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{88D0A748-0DCE-4747-BA71-346BE6B426CC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{8C852CEC-F351-465F-8856-8D2D83B42511}I:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe" = protocol=6 | dir=in | app=i:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe | 
"TCP Query User{996D984B-DDD0-41D4-8694-CB4C44A465DA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{9F894552-EADD-440F-84AF-565A8D3C61BF}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{A7CE5E48-75F4-4464-8D21-4592A58BC51D}D:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\udk\dungeon defense\binaries\win32\udk.exe | 
"TCP Query User{B352D297-89C3-408C-A5FC-E3A884011D09}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"TCP Query User{B372DF63-E50C-4323-82A2-BA8EFBAE1826}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{BA699F29-A8A4-4E82-9A92-9A2C48382995}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"TCP Query User{D60BD14B-A439-4906-B425-F8ABBC846D66}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{DF6DFBA5-860E-4E72-B931-28D588B2D8AF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F1D75B63-3FC2-4FA0-8C5B-E30D944F1751}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{02F46B2C-CC8F-4308-8AC2-B3E1766EDCB3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{17D36062-1FC4-41DB-8067-E953A0591299}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{388035D2-AAA5-4C99-808E-E0B8D3FA9C19}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{3C5A91C8-5F25-4A99-B51B-6AA539862257}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"UDP Query User{3CAF1693-734E-4D5F-A379-4A3A182F9D70}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"UDP Query User{598155E6-8663-4B3B-882B-AD95C6685283}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{5B56F996-E268-4FF8-9138-87891F726305}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{5F19C4A7-D622-4AC9-BE8F-7BD8B17F87EA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7479CBA0-A89B-4655-B481-741CFD50B1E0}D:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\udk\dungeon defense\binaries\win32\udk.exe | 
"UDP Query User{761FEF01-EB06-40F5-AB35-A18DEB69BBDE}C:\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe | 
"UDP Query User{8AD4BE4B-3C07-41EA-A8AB-B6496ECEBF80}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{8D34FE2D-13AD-4CFA-9CFF-DAC397608957}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{8DED39FD-0CB6-4935-8D5C-BE72CD3838E2}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{B1ED37C8-5DF9-49BC-B4E7-19F2E150AB81}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{C802EAB0-DACB-40AB-84B0-0642628E589C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D3583856-721C-423B-8A56-B262689E7B86}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{D3EFABCB-CAC9-4B56-9594-53A974E97B9A}I:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe" = protocol=17 | dir=in | app=i:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe | 
"UDP Query User{DAD7B657-8C8D-4DEB-A8DE-DA7CA5E57151}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F13D1015-FCBC-4EE8-B6CA-9765543D57DE}C:\glassfish3\jdk7\eclipse.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk7\eclipse.exe | 
"UDP Query User{F625C784-0F24-41D2-8FC5-D125E6B03B2E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{270D4D2B-CEB9-C46B-4F17-B1390D450AB1}" = ATI AVIVO64 Codecs
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6EC70FBF-7390-74A2-E0A8-8D414F89FE6C}" = ATI Problem Report Wizard
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"ImageMagick 6.7.0 Q16_is1" = ImageMagick 6.7.0-3 Q16 (2011-06-01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-958c5b1b-20b5-49ce-8190-8e54f1c98a1b" = Dungeon Defense
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0507A8FD-AA20-7691-C2AA-CDE6B5182675}" = Application Profiles
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26B03CED-4E5A-4057-BCF9-EE80B13FCF94}" = Stereoscopic Player
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{2F083216-8203-4E94-8C7C-EDF1C91D037D}" = RealWorld Cursor Editor
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E082BD8-AC11-450C-A9C6-523DE3FB0213}" = Agama2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{55D39D7E-0475-450B-A7A9-919EBCBC9F53}" = Camera RAW Plug-In for EPSON Creativity Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.31 Final
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B725D249-58A9-4579-809E-B9767F363B99}" = Dawn Of Magic 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E7EE88BF-D287-74E1-EC9C-29746228B0D8}" = HydraVision
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}" = calibre
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akademie der Magie" = Akademie der Magie
"Akamai" = Akamai NetSession Interface Service
"AutoItv3" = AutoIt v3.3.6.1
"AVG Secure Search" = AVG Security Toolbar
"BFG-Drawn - Der Turm" = Drawn: Der Turm ™
"Bricks '2000" = Bricks '2000
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"Deponia" = Deponia
"Diablo III" = Diablo III
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Farm Frenzy 3: Russian Roulette" = Farm Frenzy 3: Russian Roulette
"ffdshow_is1" = ffdshow
"FileZilla Client" = FileZilla Client 3.5.3
"ImgBurn" = ImgBurn
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nebel der Elfen" = Nebel der Elfen
"Neverball" = Neverball 1.5.4
"Neverwinter Nights 2 - Ultimate Edition" = Neverwinter Nights 2 - Ultimate Edition
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"Purebreaker 2 - Evolution_is1" = Purebreaker 2 version 1.0
"Steam App 18700" = And Yet It Moves
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 48000" = LIMBO
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 98600" = Demolition, Inc.
"Steam App 99700" = NightSky
"Trine 2_is1" = Trine 2
"Trine_is1" = Trine
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"World of Warcraft" = World of Warcraft
"X3TerranConflict_is1" = X3 Terran Conflict v2.5
"xampp" = XAMPP 1.7.4
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Play65" = Play65
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2012 18:00:37 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\Firefox\SoftonicDownloader_fuer_abbyy-finereader.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 26.06.2012 18:00:39 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\Firefox\SoftonicDownloader_fuer_abbyy-finereader.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:03 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_realworld-cursor-editor.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:03 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_eclipse.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:04 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_strata-3d-cx.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 28.06.2012 09:04:12 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DriveDefrag.exe, Version: 12.0.3600.73,
 Zeitstempel: 0x4fc4ae3a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002dfe4  ID des fehlerhaften
 Prozesses: 0x1880  Startzeit der fehlerhaften Anwendung: 0x01cd54be80ad763a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2012\DriveDefrag.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c15aa45d-c121-11e1-a3e2-002215896c43
 
Error - 02.07.2012 10:32:03 | Computer Name = Andreas-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 10.07.2012 19:42:14 | Computer Name = Andreas-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f78    Startzeit: 
01cd5e38de7fb625    Endzeit: 529    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 db11df26-cae8-11e1-9a00-002215896c43  
 
Error - 17.07.2012 11:04:43 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d1e33  ID des fehlerhaften Prozesses: 0x3398  Startzeit der fehlerhaften Anwendung:
 0x01cd64112686d905  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 bd109e52-d020-11e1-8ec3-002215896c43
 
Error - 17.07.2012 13:54:57 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6fb26c6a  ID des fehlerhaften
 Prozesses: 0x64c  Startzeit der fehlerhaften Anwendung: 0x01cd644546321180  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 84aad8a7-d038-11e1-8bfb-002215896c43
 
[ Media Center Events ]
Error - 03.03.2010 22:30:59 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:30:59 - Fehler beim Herstellen der Internetverbindung.  03:30:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.03.2010 22:32:13 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:31:06 - Fehler beim Herstellen der Internetverbindung.  03:31:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.01.2011 14:20:34 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 19:20:34 - Fehler beim Herstellen der Internetverbindung.  19:20:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.01.2011 14:20:46 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 19:20:39 - Fehler beim Herstellen der Internetverbindung.  19:20:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 21:31:48 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:31:47 - Fehler beim Herstellen der Internetverbindung.  03:31:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 22:31:54 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 04:31:53 - Fehler beim Herstellen der Internetverbindung.  04:31:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 23:31:59 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 05:31:58 - Fehler beim Herstellen der Internetverbindung.  05:31:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.05.2011 00:32:04 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 06:32:03 - Fehler beim Herstellen der Internetverbindung.  06:32:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 05.07.2012 03:05:59 | Computer Name = Andreas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 09.07.2012 22:31:56 | Computer Name = Andreas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 11.07.2012 02:11:43 | Computer Name = Andreas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.07.2012 12:35:40 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 17.07.2012 12:37:02 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.07.2012 12:44:35 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.07.2012 12:49:14 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 17.07.2012 12:50:25 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
[ TuneUp Events ]
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
Ich benutzte zum surfen Firefox
Für Firewall und AntiVir sind COMODO zuständig.

Comodo führt gerade einen Scan durch der noch nichts ergeben hat.

Ich hoffe meine Schilderungen waren bisher von Nutzten für euch, damit ihr mir hoffentlich helft.

Über eine schnelle Antwort würde ich mich natürlich riesig freuen.
Und ein Danke schonmal im vorraus an euch.


Update1:
ComodoScan hat nichts entdeckt

also bleiben noch die 8 Probleme aus dem Malwarebytes-Test.

Geändert von Seraphim137 (17.07.2012 um 23:25 Uhr)

Alt 18.07.2012, 11:28   #2
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf





Lasse die Funde von Malwarebytes loeschen.


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2012.07.09 22:48:42 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe 
PRC - [2012.07.09 22:48:35 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe 
MOD - [2012.07.12 02:17:17 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll 
SRV - [2011.03.02 17:39:02 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\URLSearchHook: - No CLSID value found 
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found 
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd 
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9B7F8B89-5DD1-437F-B594-B03BA95DF87D}&mid=fe2a85ec684a47d1b3edd16b536d85b0-fbd65ef0e68b34be3a076a84c096458c476d4435&lang=de&ds=tt014&pr=sa&d=2012-01-03 19:34:05&v=8.0.0.34&sap=dsp&q={searchTerms} 
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421; 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "google.com/" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0 
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 
FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2 
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
CHR - Extension: Facemoods = C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0\ 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - No CLSID value found. 
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe () 
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) 
O27:64bit: - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\clpsla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\finecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\finereader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\gamecenternotifier.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\msc.thunder.easyguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\setupneromobile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\clpsla.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\finecmd.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\finereader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\gamecenternotifier.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\gplayer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\kies.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\msc.thunder.easyguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\photosnap.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\photosnapviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\setupneromobile.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\soundtrax.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\steam.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\uninstall.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\Shell - "" = AutoRun 
O33 - MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\Shell\AutoRun\command - "" = G:\Setup.exe 
O33 - MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\Shell - "" = AutoRun 
O33 - MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\Shell\AutoRun\command - "" = G:\autorun_setup.bat 

[2011.01.20 21:04:16 | 000,000,246 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Autorun.vbs 

@Alternate Data Stream - 24 bytes -> C:\Windows:EB78D20BB6F208DF 
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5 

[2012.07.17 21:17:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.17 21:12:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.17 20:43:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 

[2011.01.20 21:04:16 | 000,000,246 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Autorun.vbs 
 
:Files


G:\Setup.exe
G:\autorun_setup.bat

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________

Alt 18.07.2012, 13:13   #3
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Ersteinmal danke für diese rasante antwort.

Stand 10:15

Ich musste feststellen das mein Battle.net-ACC wieder gehackt wurde.
Durch ein Passwort mit 16 STellen dachte ich es wäre sicher.

Habe dann bei blizzard erneut angerufen.
wieder aus den usa gehackt.

allso hab ich mir überlegt das ich sowas wie einen KEY-LOGGER auf meiner festplatte habe.

Vieleicht ist das hilfreich:
Ausgehende Verbindungen wärend Diablo3 geöffnet ist:


Hab dann mit Malwarebytes noch mal gescannt.

Stand 12:55

Comodo über die task-leiste Beendet

Anweisungen befolgt:

Code:
ATTFilter
All processes killed
========== OTL ==========
Process ToolbarUpdater.exe killed successfully!
No active process named vprot.exe was found!
Service KMService stopped successfully!
Service KMService deleted successfully!
C:\Windows\SysWOW64\srvany.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Bigpoint Games DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "google.com/" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CA60F577-1B28-41D6-8C78-C49E63304FCF}:1.0 removed from extensions.enabledItems
Prefs.js: ffxtlbr@Facemoods.com:1.1.0 removed from extensions.enabledItems
Prefs.js: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: linkfilter@kaspersky.ru:11.0.1.400 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.3.3.2 removed from extensions.enabledItems
Prefs.js: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0\style folder moved successfully.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0\js folder moved successfully.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0\img folder moved successfully.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4.1_0 folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
File C:\Users\Andreas\AppData\Local\Akamai\netsession_win.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully.
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backitup.exe\ deleted successfully.
C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bonus.screenshotreader.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdspeed.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clpsla.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\coverdes.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drivespeed.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finecmd.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finereader.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gamecenternotifier.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gplayer.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infotool.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\misc.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msc.thunder.easyguide.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nero.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroburnrights.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerohome.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neromediahome.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroscoutoptions.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerostartsmart.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroupgrade.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerovision.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnap.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnapviewer.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recode.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupneromobile.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupx.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showtime.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundtrax.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steam.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\waveedit.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\ deleted successfully.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backitup.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bonus.screenshotreader.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdspeed.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clpsla.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\coverdes.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drivespeed.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finecmd.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\finereader.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gamecenternotifier.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gplayer.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infopath.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infotool.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kies.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\misc.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msc.thunder.easyguide.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nero.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroburnrights.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerohome.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neromediahome.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroscoutoptions.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerostartsmart.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neroupgrade.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nerovision.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onenote.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outlook.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnap.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photosnapviewer.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recode.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupneromobile.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupx.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showtime.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\skype.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soundtrax.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\steam.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uninstall.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\waveedit.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\ not found.
File C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c1d0809-bee3-11e1-a3e2-002215896c43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c1d0809-bee3-11e1-a3e2-002215896c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c1d0809-bee3-11e1-a3e2-002215896c43}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7391f5d5-04fb-11df-b1b9-002215896c43}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7391f5d5-04fb-11df-b1b9-002215896c43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7391f5d5-04fb-11df-b1b9-002215896c43}\ not found.
File G:\autorun_setup.bat not found.
C:\Users\Andreas\AppData\Roaming\Autorun.vbs moved successfully.
ADS C:\Windows:EB78D20BB6F208DF deleted successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File C:\Users\Andreas\AppData\Roaming\Autorun.vbs not found.
========== FILES ==========
File\Folder G:\Setup.exe not found.
File\Folder G:\autorun_setup.bat not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
E:\Eigene Dateien\Desktop\cmd.bat deleted successfully.
E:\Eigene Dateien\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Andreas
->Temp folder emptied: 152757704 bytes
->Temporary Internet Files folder emptied: 256255536 bytes
->Java cache emptied: 10543841 bytes
->FireFox cache emptied: 104017720 bytes
->Google Chrome cache emptied: 7339879 bytes
->Flash cache emptied: 81397697 bytes
 
User: AppData
 
User: Default
->Temp folder emptied: 224273 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 311296 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1058634 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 337255 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 586,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Andreas
->Flash cache emptied: 0 bytes
 
User: AppData
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07182012_124414

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\klogon.dll scheduled to be moved on reboot.
C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
[2010.07.01 21:39:00 | 000,233,656 | R--- | M] (Kaspersky Lab ZAO) C:\Windows\SysNative\klogon.dll : Unable to obtain MD5
File C:\Users\Andreas\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         
-neustart angenommen

Mir ist aufgefallen das sich die grafische Oberfläche von Firefox verändert hat.
Comodo ist nach neustart wieder Eingeschaltet
Benutzerkontensteuerung ist eingeschaltet worden

-OTL nochmal mit richtigen einstellungen SCANNEN lassen:
http://www.trojaner-board.de/85104-o...-oldtimer.html

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.07.2012 13:51:55 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,07% Memory free
8,00 Gb Paging File | 5,55 Gb Available in Paging File | 69,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,83 Gb Free Space | 19,30% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,93 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,47 Gb Free Space | 20,55% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\Eigene Dateien\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- d:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cmderd) -- C:\Windows\SysNative\drivers\cmderd.sys (COMODO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 75 1C AA 2E 96 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.31 00:47:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.09 20:57:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 20:38:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.09.22 17:11:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 17:35:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 01:14:49 | 000,000,000 | ---D | M]
 
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions
[2010.07.02 15:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.18 12:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions
[2012.07.15 22:34:06 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e}
[2012.04.26 22:12:42 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.04.11 16:58:54 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\4f8550d2151bf@4f8550d2151c1.info
[2012.01.03 20:21:04 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Andreas\AppData\Roaming\mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\avg@toolbar
[2010.12.30 21:15:42 | 000,000,937 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\conduit.xml
[2010.04.03 21:35:58 | 000,002,055 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\daemon-search.xml
[2012.07.14 08:44:53 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-1.xml
[2010.10.31 13:43:09 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-2.xml
[2010.12.11 21:33:50 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-3.xml
[2011.01.09 21:05:19 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-4.xml
[2011.03.05 18:26:32 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-5.xml
[2011.03.25 08:46:28 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-6.xml
[2011.04.16 11:50:18 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-7.xml
[2011.06.11 00:31:16 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-8.xml
[2011.06.24 14:13:30 | 000,000,950 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\icqplugin.xml
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.24 00:56:08 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.08.19 05:58:00 | 000,000,000 | ---D | M] (FindXplorer) -- C:\Program Files (x86)\mozilla firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}
[2012.06.21 01:14:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2010.09.25 11:51:23 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.06.06 07:05:45 | 000,030,312 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
[2011.04.16 12:07:41 | 000,105,386 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
[2012.05.24 22:38:37 | 000,363,041 | ---- | M] () (No name found) -- C:\USERS\ANDREAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O5RWWXM5.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI
[2012.06.16 17:35:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.03.27 19:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2009.10.23 16:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.11 20:48:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 22:48:33 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.11 20:48:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.11 20:48:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 20:48:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 20:48:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 20:48:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\9.0.597.84\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.01.31 01:33:01 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Copy Handler] C:\Program Files\Copy Handler\ch64.exe ( )
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60532AA5-B3C4-4141-96D8-DF4CFFAC12F6}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.18 13:52:26 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Desktop\Otl stand vor  1350
[2012.07.17 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Malwarebytes
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 20:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 20:54:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 20:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 20:35:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 19:49:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.17 19:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.07.12 03:01:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:01:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:01:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:01:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:01:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:01:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:01:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:01:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:01:31 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:01:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:01:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:01:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 03:01:30 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 10:10:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 10:10:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 10:10:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 10:10:15 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 10:10:14 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.06 23:02:33 | 000,000,000 | ---D | C] -- C:\tmp
[2012.07.02 16:48:56 | 000,000,000 | ---D | C] -- E:\Eigene Dateien\Documents\Eigene G700-Profile
[2012.07.02 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Logishrd
[2012.07.02 16:31:27 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.07.02 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.07.02 16:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.07.02 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2012.07.02 16:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012.07.02 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2012.07.02 16:21:34 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Logishrd
[2012.06.27 03:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.06.27 03:41:40 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.06.27 03:31:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
[2012.06.27 00:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 11
[2012.06.27 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\ABBYY
[2012.06.27 00:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.06.27 00:11:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 11
[2012.06.25 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\COMODO
[2012.06.22 19:40:02 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.22 19:40:02 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.22 19:40:01 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.22 19:38:45 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.22 19:38:45 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.22 19:38:45 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.22 19:38:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.22 19:38:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.22 04:04:23 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.06.22 04:04:20 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.06.22 04:04:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.06.22 04:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.06.22 04:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.06.22 02:46:17 | 000,000,000 | ---D | C] -- C:\Users\Andreas\AppData\Local\Macromedia
[2012.06.22 02:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.06.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.06.22 02:38:56 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012.06.22 02:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.06.22 02:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012.06.22 02:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012.06.22 02:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012.06.22 02:04:52 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012.06.22 02:04:52 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.06.21 01:14:49 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.06.21 01:14:49 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.06.21 01:14:49 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.06.21 01:14:49 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 13:56:46 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.07.18 13:03:11 | 000,115,735 | ---- | M] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.18 12:52:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 12:52:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 12:46:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 12:46:48 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 20:42:00 | 000,000,020 | ---- | M] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:35:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- E:\Eigene Dateien\Desktop\OTL.exe
[2012.07.17 20:12:57 | 000,050,477 | ---- | M] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:11 | 000,010,545 | ---- | M] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.12 07:27:14 | 004,991,328 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 02:17:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.12 02:17:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.11 15:13:16 | 001,808,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.11 15:13:16 | 000,765,938 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.11 15:13:16 | 000,721,256 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.11 15:13:16 | 000,174,264 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.11 15:13:16 | 000,147,218 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.05 14:07:13 | 000,522,059 | ---- | M] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:56 | 000,392,357 | ---- | M] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:57 | 000,033,242 | ---- | M] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:39 | 000,081,278 | ---- | M] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 16:31:27 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.06.27 19:29:54 | 000,002,727 | ---- | M] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | M] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012.06.24 06:45:01 | 000,101,531 | ---- | M] () -- E:\Eigene Dateien\Desktop\normal__2650ab332eef8c0878f2b749dfbbb103_37.jpg
[2012.06.22 02:04:52 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012.06.22 02:04:52 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.06.21 01:14:44 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.06.21 01:14:44 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.06.21 01:14:44 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.06.21 01:14:44 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.06.21 01:14:44 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.18 13:03:11 | 000,115,735 | ---- | C] () -- E:\Eigene Dateien\Desktop\ausgehende verbindungen.PNG
[2012.07.17 20:42:00 | 000,000,020 | ---- | C] () -- C:\Users\Andreas\defogger_reenable
[2012.07.17 20:12:56 | 000,050,477 | ---- | C] () -- E:\Eigene Dateien\Desktop\Defogger.exe
[2012.07.16 17:46:10 | 000,010,545 | ---- | C] () -- E:\Eigene Dateien\Desktop\446d750a7e4039888400d351ee68a840.jpg
[2012.07.05 14:07:12 | 000,522,059 | ---- | C] () -- E:\Eigene Dateien\Desktop\diablo-3-cathedral.jpg
[2012.07.05 14:03:55 | 000,392,357 | ---- | C] () -- E:\Eigene Dateien\Desktop\wings-original_00238557.jpg
[2012.07.05 14:01:51 | 000,033,242 | ---- | C] () -- E:\Eigene Dateien\Desktop\a56ef8561a39d6831e0adbace299bdf1.jpg
[2012.07.04 14:47:34 | 000,081,278 | ---- | C] () -- E:\Eigene Dateien\Desktop\Drachenboot7.jpg
[2012.06.27 19:29:54 | 000,002,727 | ---- | C] () -- C:\Users\Andreas\.recently-used.xbel
[2012.06.27 03:31:16 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\Trine 2.lnk
[2012.06.27 03:17:49 | 000,001,256 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2012.06.27 00:10:59 | 374,873,708 | ---- | C] () -- E:\Eigene Dateien\Desktop\ABBYY_FR11_PE_TRIAL_ESD.exe
[2012.06.24 06:44:45 | 000,101,531 | ---- | C] () -- E:\Eigene Dateien\Desktop\normal__2650ab332eef8c0878f2b749dfbbb103_37.jpg
[2012.06.22 04:03:26 | 000,002,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.06.22 02:07:42 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2011.12.21 20:00:48 | 000,001,044 | ---- | C] () -- C:\Users\Andreas\SciTE.session
[2011.11.27 21:39:21 | 086,933,066 | ---- | C] () -- C:\Users\Andreas\stricheSymetrisch.xcf
[2011.11.20 17:04:58 | 049,994,484 | ---- | C] () -- C:\Users\Andreas\Kreis6Abstract.xcf
[2011.07.24 17:40:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\SuhfhvvMxq455337.dat
[2011.03.31 08:16:06 | 000,000,008 | ---- | C] () -- C:\Windows\ShvwxduvMxq455337.dat
[2011.03.28 15:52:01 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.02.06 15:22:46 | 000,001,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.02.05 02:41:03 | 000,000,132 | ---- | C] () -- C:\Users\Andreas\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.31 21:51:25 | 000,000,062 | ---- | C] () -- C:\Windows\Contribute.INI
[2011.01.16 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\page.ini
[2010.12.21 04:27:20 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.28 20:39:33 | 000,019,456 | ---- | C] () -- C:\Users\Andreas\AppData\Local\WebpageIcons.db
[2010.09.28 20:09:38 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.09.28 20:09:38 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2010.09.28 20:09:38 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2010.08.10 02:29:04 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.03.10 10:39:38 | 000,007,597 | ---- | C] () -- C:\Users\Andreas\AppData\Local\resmon.resmoncfg
[2010.01.21 14:13:11 | 000,217,088 | ---- | C] () -- C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.05.11 02:01:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Acreon
[2011.01.16 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Aurora Web Editor
[2010.04.03 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Big Fish Games
[2011.01.27 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Bilder
[2011.01.25 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Blender Foundation
[2012.01.02 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Broken Rules
[2012.07.17 19:45:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer
[2010.01.16 01:28:36 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\BSplayer Pro
[2012.04.12 04:26:07 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\calibre
[2011.01.24 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.09.28 20:29:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\concept design
[2012.01.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Crayon Physics Deluxe
[2010.01.31 22:36:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Lite
[2010.01.19 14:59:47 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\DAEMON Tools Pro
[2010.07.01 18:16:52 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\EPSON
[2012.05.20 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\FileZilla
[2012.06.01 03:07:33 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\gtk-2.0
[2011.11.02 18:23:39 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ICQ
[2011.03.25 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ImgBurn
[2011.03.08 07:17:01 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\IrfanView
[2011.01.16 14:19:04 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Kalypso Media
[2010.02.01 03:25:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Leadertech
[2011.12.21 20:20:15 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Macro Recorder
[2012.03.06 04:09:29 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Magic Academy
[2011.01.16 17:16:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\mresreg
[2010.02.24 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Neverball
[2012.04.03 11:54:25 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Notepad++
[2011.01.16 17:05:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Nvu
[2011.10.23 16:48:06 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenCandy
[2010.06.24 17:11:13 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\OpenOffice.org
[2011.03.10 04:59:28 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Passware
[2011.01.16 14:16:18 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\ProtectDISC
[2011.08.04 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Recorder
[2010.12.01 15:46:02 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Samsung
[2010.02.28 16:59:14 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\SolSuite
[2010.08.03 01:07:22 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Stereoscopic Player
[2011.02.02 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Thunderbird
[2012.06.27 03:41:40 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Trine2
[2012.01.03 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\TuneUp Software
[2011.03.10 09:42:53 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\Ubisoft
[2011.10.23 22:00:35 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\updatetool
[2011.01.28 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\winupd
[2011.08.07 18:10:58 | 000,000,000 | ---D | M] -- C:\Users\Andreas\AppData\Roaming\www.rene-zeidler.de
[2012.01.10 21:56:35 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/CODE]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.07.2012 13:51:55 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = E:\Eigene Dateien\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,92 Gb Available Physical Memory | 48,07% Memory free
8,00 Gb Paging File | 5,55 Gb Available in Paging File | 69,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 18,83 Gb Free Space | 19,30% Space Free | Partition Type: NTFS
Drive D: | 292,97 Gb Total Space | 199,01 Gb Free Space | 67,93% Space Free | Partition Type: NTFS
Drive E: | 1006,64 Gb Total Space | 941,93 Gb Free Space | 93,57% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 191,47 Gb Free Space | 20,55% Space Free | Partition Type: NTFS
 
Computer Name: ANDREAS-PC | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant administratoren:F /t (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08439B33-31DC-4E91-ACF7-2BAB628152A8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{119FAA3A-145B-4608-9E8D-3A9432AAE3D0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{12AE4B62-3C67-47E1-B330-2DBA21E391F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{12DBA6D6-AB09-41D9-BEF7-45775731C962}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{14CC4243-F83A-46F1-B26E-50817DF9E583}" = rport=139 | protocol=6 | dir=out | app=system | 
"{193480A8-662B-4B42-8D90-F4FAD69D687A}" = lport=1047 | protocol=6 | dir=in | name=akamai netsession interface | 
"{1B9945A3-CC10-43ED-93B1-BED33560216B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2E19904D-85D1-4D9E-A559-41A7E02464E2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{36ED1EA1-BD72-4D25-8381-932358277C85}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{414876B0-5253-4311-8AEA-97A7DD8BC9C6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{462E0BFA-B92B-47E7-A376-62BB11E33F24}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4FFE416E-F845-4AA2-BB4A-0B126651E657}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5264EE29-84DF-4C62-BE7B-F4C5CB347948}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5608052A-4818-4016-97AF-A6086D3F016F}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5A2D8C4D-3CD6-484E-B01C-8780E9F7236A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{635686E6-87F8-4D82-929C-04A06434CDE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7773F4E3-5D31-438E-B9CE-A551FB464CD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CAE4D63-34A4-4D6F-8FAC-B68C94215FF5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{80558743-D110-4A34-95DC-3E0024DF6B96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8641EC4B-68FA-4F0E-B846-DEEE1852E3FF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9614E85C-14A0-4F12-9902-FF9364255452}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96787087-784F-4B15-962F-FF8E804404E7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{AC3E73DB-2BB7-407E-95FC-1AE2A69D6A9A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B6EBD221-5CA7-4E19-97B6-A668F4A60711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B76F02DC-5EF6-4DC3-94B3-445CC5F36EE8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7D813ED-90AA-4A57-9312-166AC239CE29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BD244A5B-8103-4A88-A878-15A17C79FA4C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD61A77D-BAE8-45F9-97E1-A30E2F144E1B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF96545C-4DED-4F46-AA9B-2C616A07BF46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C3953BCE-B788-44C2-A04B-2228152AD8F1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC5E3867-0668-4D12-9EA6-74F6EF707687}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DB39D798-B36A-4D4C-9D6A-5DD2A4DBBF32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EE480028-9078-40C1-B701-D34E647CD0F6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EF9646B4-362D-482E-8568-3B962A80B5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA3FF8FC-F518-4323-BB17-0850D6561F2D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FECCB568-4949-40F2-A47B-0F577B0BBD2B}" = lport=10777 | protocol=17 | dir=in | name=passware kit enterprise 10.0 | 
"{FF585117-8A14-4449-B425-0392094DD7D0}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03AEA306-EFDC-43B6-94F5-7FD765CA1E6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1166E571-1287-42DC-9E93-E7AE2E42A07C}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo3\diablo iii\diablo iii.exe | 
"{11E0D41E-8FD0-4338-921C-D88FCF69AB89}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{19BDED4D-86DD-4A2D-8137-4C871CB72B8A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2267DB8D-9E48-40BE-B5BD-C5D7A333ECEB}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{231FC7B6-2A2C-4ECE-A532-71CB58467DA6}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo3\diablo iii\diablo iii.exe | 
"{242474A6-5947-4D6E-A192-5F0C4D4F5BC3}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{24A849B9-507F-48D6-B06C-BC0AA5C6E8E6}" = protocol=17 | dir=in | app=e:\downloads\firefox\facemoods.exe | 
"{2B5B58B0-F531-460A-AA1B-60B47D06870A}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{308CFC51-FC48-4A3E-B2ED-E2EF6DD0FFC1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3101F8B3-9D27-4CB6-81F9-340E7E5B41E0}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{336E9CFE-B797-41BC-91F4-B4DD1C45F2AE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{3A907B32-0736-46D1-B330-C6DF4F505BAF}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\demolitioninc\finaldgamegl.exe | 
"{3D51CAA8-84B6-4458-B917-E9E559EFCEF3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3E09111E-8B13-4666-893E-D4150233D1BF}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\cogs\cogs.exe | 
"{42354FB2-E586-4A92-8813-935E64FC0984}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{42360135-4807-4BEF-B898-B035C32C8E49}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{425DFDD0-58B8-4256-B7EA-DBD612E760CA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\demolitioninc\finaldgamegl.exe | 
"{44BCBEF0-C9FC-4268-A7B0-3C96F193E9C5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{4657B1BF-3094-450F-818F-CC14651D3835}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{48914184-0DF3-4BDF-827D-AA3035CF0FB6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A876F32-2C6F-42D0-8FFF-2A9DBB25A5DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52BEB34B-A276-492C-8A14-A9461996FD68}" = protocol=17 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{54266E5F-B283-46CA-9570-38E16222D2F7}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{55EFED03-D99B-4DC6-92BD-B693E6FE04F4}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{59FAA555-1BAB-4625-A013-4BF5BFA100E4}" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{5A2AFA23-9A72-4AF4-A54F-93037E7243E2}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\shank\bin\shank.exe | 
"{60674DDB-01B4-4909-8CA1-EDDCF9732BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{66D0A8E5-72E5-4042-B1F9-9A8C724D777A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{781827F0-0909-4207-9F09-E88E6229D5F4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{78BD0CE6-0189-4532-B4F0-EBB31936021B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{78CD9EBF-2D54-40CB-A94D-7A91693069F8}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{7E9744CF-D754-4D63-8E33-6DFC5BC4BE49}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FA219B7-A9D4-49A5-9FEA-A2C8F3391DE8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{83F954BA-2A98-459B-9FF5-A49078326C53}" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"{87B3DD63-1399-4176-8895-B0F385B69741}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{8A6A1B1D-F007-43C4-8DEF-7022B9975499}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8AA2840B-F1E3-4F63-8AC3-AD8462DA1A89}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{9A8AA0CE-02F1-4590-A033-0FB733B70561}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A0F66EA6-2727-4F0D-9E31-BCD5B8697CA9}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{A89CF59E-DA76-48A7-88BC-838FC68C40DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{AB1531C8-EC61-4934-A819-1AB3BF06259B}" = protocol=6 | dir=in | app=d:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{AC60EF55-9D80-423A-93E4-8C58D1B8A64A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B21CF911-6FFB-407E-BB6A-E1421C9DE68B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B237421A-3675-4836-B795-F8F2167F9A0C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{B2C1B9E6-4450-478D-AF8A-E1AFFC3A7CFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B3838712-1328-4333-918C-7E0865E648F3}" = protocol=6 | dir=out | app=system | 
"{B390360A-8FF0-44D1-A42F-A7D266920649}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{B44F4818-DF44-489C-889F-0E03083A97C2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B5391274-EFCD-4615-BF03-266342A0D247}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B6151D22-5915-4938-8004-F54869351EF4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BA3F9F1A-4106-4E66-9DA8-1569D2CA7B72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{BA8586AA-DFAC-4571-907C-7381A8F61615}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C0796486-B821-4632-9FE7-072860D8102A}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{C3A9F648-63CD-4B7E-978E-CE9666DF2DD9}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\hammerfight\hammerfight.exe | 
"{C5099768-634A-4FD3-A830-D363C835C1AD}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{D24445F7-948E-42C4-9F2B-B63E8A66E0DC}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bit.trip runner\runner.exe | 
"{D455ECF7-A7FD-440C-9E5B-28D8C7DDE586}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D5BD4CE2-9FF2-434C-A737-C97817BC16D4}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe | 
"{D645A062-D551-425F-99AC-48B11C8696E0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D82AE490-CF2A-4C66-A72F-EB3716D9AD87}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D99AA3D3-C70E-4C0E-A95B-2AA9AF16E418}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{DC79A0EC-CE6A-4BB8-BFD8-FE0C62EAAC07}" = protocol=6 | dir=in | app=e:\downloads\firefox\facemoods.exe | 
"{DD3C1715-81C5-4BA4-8753-47E51C79C1B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E00C7842-D476-4614-9BBB-2D2CEA16A17B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E11A9E78-1682-4A19-9F4D-E3A7D6952860}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E16B2892-640D-4EE1-B445-DC5620D88181}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E2FB7263-B8A4-4E71-A9C2-FFEC75C2AC86}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{E3787E7D-23BB-4F9B-9601-5A072AFCC6B0}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\nightsky\nightsky.exe | 
"{E3874FB9-2C50-4827-BDAC-9D502974BE3E}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{E95EB4D2-A740-4EBE-88F8-2CF1CF10B00C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECF22247-E61C-42E3-BA7E-0F64D217634D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ECF2DB0C-6A9A-4BE9-BAAA-3393FDD965D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE081E36-CDDA-4C69-B4E5-9E30668B3ED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F0F615AE-F9C2-468A-8247-99473085E937}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F935CD95-2F69-4D62-8CF7-5D1452C8FD11}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{FF305FD9-BA8D-47BB-92AF-F0F7D676E87E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1F8AE91C-CE26-45AF-A53C-E7A16C0E0A80}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{29534BE2-19AC-4356-BE06-B112058B69E2}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"TCP Query User{2E3B7709-219A-4B4B-87D3-7FDB8799C50F}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"TCP Query User{2FE89A1E-A720-4B0C-BA08-736F51B21AB9}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{30F2F1A2-0DFD-4B53-A58A-9E81FD33DBE4}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{448E8019-A999-42BD-AAD7-07835031C03D}C:\glassfish3\jdk7\eclipse.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk7\eclipse.exe | 
"TCP Query User{6C1D6B04-69FA-4011-A496-CC21940432C8}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{7966CE5D-168A-4008-986F-BD9DBFED4F01}C:\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe | 
"TCP Query User{85C2BBCA-80FE-4CC2-BDCA-C7688CA21C9A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{88D0A748-0DCE-4747-BA71-346BE6B426CC}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{8C852CEC-F351-465F-8856-8D2D83B42511}I:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe" = protocol=6 | dir=in | app=i:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe | 
"TCP Query User{996D984B-DDD0-41D4-8694-CB4C44A465DA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{9F894552-EADD-440F-84AF-565A8D3C61BF}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"TCP Query User{A7CE5E48-75F4-4464-8D21-4592A58BC51D}D:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\udk\dungeon defense\binaries\win32\udk.exe | 
"TCP Query User{B352D297-89C3-408C-A5FC-E3A884011D09}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"TCP Query User{B372DF63-E50C-4323-82A2-BA8EFBAE1826}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"TCP Query User{BA699F29-A8A4-4E82-9A92-9A2C48382995}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"TCP Query User{D60BD14B-A439-4906-B425-F8ABBC846D66}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"TCP Query User{DF6DFBA5-860E-4E72-B931-28D588B2D8AF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{F1D75B63-3FC2-4FA0-8C5B-E30D944F1751}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{02F46B2C-CC8F-4308-8AC2-B3E1766EDCB3}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{17D36062-1FC4-41DB-8067-E953A0591299}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe | 
"UDP Query User{388035D2-AAA5-4C99-808E-E0B8D3FA9C19}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{3C5A91C8-5F25-4A99-B51B-6AA539862257}D:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\related designs\anno 1404\tools\addonweb.exe | 
"UDP Query User{3CAF1693-734E-4D5F-A379-4A3A182F9D70}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"UDP Query User{598155E6-8663-4B3B-882B-AD95C6685283}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{5B56F996-E268-4FF8-9138-87891F726305}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{5F19C4A7-D622-4AC9-BE8F-7BD8B17F87EA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{7479CBA0-A89B-4655-B481-741CFD50B1E0}D:\udk\dungeon defense\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\udk\dungeon defense\binaries\win32\udk.exe | 
"UDP Query User{761FEF01-EB06-40F5-AB35-A18DEB69BBDE}C:\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe | 
"UDP Query User{8AD4BE4B-3C07-41EA-A8AB-B6496ECEBF80}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 
"UDP Query User{8D34FE2D-13AD-4CFA-9CFF-DAC397608957}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{8DED39FD-0CB6-4935-8D5C-BE72CD3838E2}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{B1ED37C8-5DF9-49BC-B4E7-19F2E150AB81}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{C802EAB0-DACB-40AB-84B0-0642628E589C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{D3583856-721C-423B-8A56-B262689E7B86}D:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files (x86)\world of warcraft\launcher.exe | 
"UDP Query User{D3EFABCB-CAC9-4B56-9594-53A974E97B9A}I:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe" = protocol=17 | dir=in | app=i:\portable\lbreakout2portable\app\lbreakout2\lbreakout2.exe | 
"UDP Query User{DAD7B657-8C8D-4DEB-A8DE-DA7CA5E57151}C:\users\andreas\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\andreas\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{F13D1015-FCBC-4EE8-B6CA-9765543D57DE}C:\glassfish3\jdk7\eclipse.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk7\eclipse.exe | 
"UDP Query User{F625C784-0F24-41D2-8FC5-D125E6B03B2E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{270D4D2B-CEB9-C46B-4F17-B1390D450AB1}" = ATI AVIVO64 Codecs
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}" = WMV9/VC-1 Video Playback
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6EC70FBF-7390-74A2-E0A8-8D414F89FE6C}" = ATI Problem Report Wizard
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AE57C044-8912-A181-A0E4-BC2DAB3A092A}" = ATI Catalyst Install Manager
"{B2C5B378-546F-75A7-7757-C1EAAFAF9E33}" = ccc-utility64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"ImageMagick 6.7.0 Q16_is1" = ImageMagick 6.7.0-3 Q16 (2011-06-01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-958c5b1b-20b5-49ce-8190-8e54f1c98a1b" = Dungeon Defense
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0507A8FD-AA20-7691-C2AA-CDE6B5182675}" = Application Profiles
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26B03CED-4E5A-4057-BCF9-EE80B13FCF94}" = Stereoscopic Player
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{2F083216-8203-4E94-8C7C-EDF1C91D037D}" = RealWorld Cursor Editor
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3E082BD8-AC11-450C-A9C6-523DE3FB0213}" = Agama2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{55D39D7E-0475-450B-A7A9-919EBCBC9F53}" = Camera RAW Plug-In for EPSON Creativity Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{664D6E1D-2A6C-D54D-31A5-B6BC30CEB0C6}" = CCC Help English
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7B9F5775-8C8C-2A4E-0CAB-74EA7AF5CB09}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Premium
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.31 Final
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA945C94-285E-DE48-A30F-70105C6580DE}" = Catalyst Control Center Graphics Previews Common
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B725D249-58A9-4579-809E-B9767F363B99}" = Dawn Of Magic 2
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{CC29B835-95A5-3CD9-087B-F94D7B9ECC9B}" = Catalyst Control Center InstallProxy
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E7EE88BF-D287-74E1-EC9C-29746228B0D8}" = HydraVision
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}" = calibre
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akademie der Magie" = Akademie der Magie
"AutoItv3" = AutoIt v3.3.6.1
"AVG Secure Search" = AVG Security Toolbar
"BFG-Drawn - Der Turm" = Drawn: Der Turm ™
"Bricks '2000" = Bricks '2000
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"Deponia" = Deponia
"Diablo III" = Diablo III
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Farm Frenzy 3: Russian Roulette" = Farm Frenzy 3: Russian Roulette
"ffdshow_is1" = ffdshow
"FileZilla Client" = FileZilla Client 3.5.3
"ImgBurn" = ImgBurn
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nebel der Elfen" = Nebel der Elfen
"Neverball" = Neverball 1.5.4
"Neverwinter Nights 2 - Ultimate Edition" = Neverwinter Nights 2 - Ultimate Edition
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PokerStars.net" = PokerStars.net
"Purebreaker 2 - Evolution_is1" = Purebreaker 2 version 1.0
"Steam App 18700" = And Yet It Moves
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 41100" = Hammerfight
"Steam App 48000" = LIMBO
"Steam App 6120" = Shank
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 70300" = VVVVVV
"Steam App 94200" = Jamestown
"Steam App 98600" = Demolition, Inc.
"Steam App 99700" = NightSky
"Trine 2_is1" = Trine 2
"Trine_is1" = Trine
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"World of Warcraft" = World of Warcraft
"X3TerranConflict_is1" = X3 Terran Conflict v2.5
"xampp" = XAMPP 1.7.4
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Play65" = Play65
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.06.2012 18:00:39 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "E:\Downloads\Firefox\SoftonicDownloader_fuer_abbyy-finereader.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:03 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_realworld-cursor-editor.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:03 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_eclipse.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 27.06.2012 15:24:04 | Computer Name = Andreas-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "G:\!Sotfware\SoftonicDownloader_fuer_strata-3d-cx.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 28.06.2012 09:04:12 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DriveDefrag.exe, Version: 12.0.3600.73,
 Zeitstempel: 0x4fc4ae3a  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002dfe4  ID des fehlerhaften
 Prozesses: 0x1880  Startzeit der fehlerhaften Anwendung: 0x01cd54be80ad763a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\TuneUp Utilities 2012\DriveDefrag.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c15aa45d-c121-11e1-a3e2-002215896c43
 
Error - 02.07.2012 10:32:03 | Computer Name = Andreas-PC | Source = MsiInstaller | ID = 11316
Description = 
 
Error - 10.07.2012 19:42:14 | Computer Name = Andreas-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f78    Startzeit: 
01cd5e38de7fb625    Endzeit: 529    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 db11df26-cae8-11e1-9a00-002215896c43  
 
Error - 17.07.2012 11:04:43 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_265.exe,
 Version: 11.3.300.265, Zeitstempel: 0x4febd5ac  Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll,
 Version: 11.3.300.265, Zeitstempel: 0x4febd798  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d1e33  ID des fehlerhaften Prozesses: 0x3398  Startzeit der fehlerhaften Anwendung:
 0x01cd64112686d905  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
Berichtskennung:
 bd109e52-d020-11e1-8ec3-002215896c43
 
Error - 17.07.2012 13:54:57 | Computer Name = Andreas-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d6727a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6fb26c6a  ID des fehlerhaften
 Prozesses: 0x64c  Startzeit der fehlerhaften Anwendung: 0x01cd644546321180  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\explorer.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 84aad8a7-d038-11e1-8bfb-002215896c43
 
Error - 17.07.2012 16:52:28 | Computer Name = Andreas-PC | Source = Application Hang | ID = 1002
Description = Programm vlc.exe, Version 1.1.7.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b38    Startzeit: 
01cd645d58c06fa6    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

Berichts-ID:
   
 
[ Media Center Events ]
Error - 03.03.2010 22:30:59 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:30:59 - Fehler beim Herstellen der Internetverbindung.  03:30:59 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 03.03.2010 22:32:13 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:31:06 - Fehler beim Herstellen der Internetverbindung.  03:31:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.01.2011 14:20:34 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 19:20:34 - Fehler beim Herstellen der Internetverbindung.  19:20:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.01.2011 14:20:46 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 19:20:39 - Fehler beim Herstellen der Internetverbindung.  19:20:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 21:31:48 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 03:31:47 - Fehler beim Herstellen der Internetverbindung.  03:31:47 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 22:31:54 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 04:31:53 - Fehler beim Herstellen der Internetverbindung.  04:31:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 23.05.2011 23:31:59 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 05:31:58 - Fehler beim Herstellen der Internetverbindung.  05:31:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.05.2011 00:32:04 | Computer Name = Andreas-PC | Source = MCUpdate | ID = 0
Description = 06:32:03 - Fehler beim Herstellen der Internetverbindung.  06:32:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 11.07.2012 02:11:43 | Computer Name = Andreas-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 17.07.2012 12:35:40 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 17.07.2012 12:37:02 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.07.2012 12:44:35 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 17.07.2012 12:49:14 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 17.07.2012 12:50:25 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.07.2012 04:25:34 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 18.07.2012 04:27:32 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Aufgabenplanung" ist vom Dienst "Windows-Ereignisprotokoll"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 18.07.2012 06:44:14 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Device Error Recovery Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.07.2012 06:44:15 | Computer Name = Andreas-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "vToolbarUpdater11.2.0" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
[ TuneUp Events ]
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 01.02.2012 18:30:54 | Computer Name = Andreas-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---

[/CODE]



danke und warte auf weitere anweisungen.
__________________
Angehängte Grafiken
Dateityp: png ausgehende verbindungen.PNG (113,0 KB, 753x aufgerufen)

Geändert von Seraphim137 (18.07.2012 um 14:02 Uhr)

Alt 18.07.2012, 16:42   #4
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Sehr gut!

Wie laeuft der Rechner?

1. Schritt

Neue Version! Bitte neu runterladen!
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.07.2012, 16:53   #5
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Der rechner läuft stabiel,
bis auf den Flash-Player in FireFox, aber der ist schon vorher immer Abgekackt.

Anweisungen werden gerade ausgeführt.

Wie Lang bist du heute OnLine?


Alt 18.07.2012, 17:04   #6
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Bis 0 uhr.

Melde dich mit den Logfiles wieder.
__________________
--> Battle.net-Acc wurde gehackt nach Echtgeldeinkauf

Alt 19.07.2012, 02:15   #7
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



sorry, wurde etwas später...

SCHLUCK...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andreas :: ANDREAS-PC [Administrator]

18.07.2012 16:48:47
mbam-log-2012-07-18 (16-48-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 749812
Laufzeit: 2 Stunde(n), 17 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 02:15:59
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Andreas - ANDREAS-PC
# Running from : E:\Eigene Dateien\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Andreas\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Andreas\AppData\Local\Conduit
Folder Found : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Folder Found : C:\Users\Andreas\AppData\Local\OpenCandy
Folder Found : C:\Users\Andreas\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Andreas\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Found : C:\Users\Andreas\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Andreas\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\Conduit
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\ConduitCommon
Folder Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\avg@toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
File Found : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\Conduit.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[x64] Key Found : HKCU\Software\AVG Secure Search
[x64] Key Found : HKCU\Software\Conduit
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[x64] Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[x64] Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
[x64] Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x64] Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x64] Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\prefs.js

Found : user_pref("CT2843456..clientLogIsEnabled", true);
Found : user_pref("CT2843456..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2843456..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2843456.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2843456.AppTrackingLastCheckTime", "Sun Jul 17 2011 13:48:01 GMT+0200");
Found : user_pref("CT2843456.CTID", "CT2843456");
Found : user_pref("CT2843456.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2843456.CurrentServerDate", "13-8-2011");
Found : user_pref("CT2843456.DialogsAlignMode", "LTR");
Found : user_pref("CT2843456.DialogsGetterLastCheckTime", "Sat Aug 13 2011 03:56:50 GMT+0200");
Found : user_pref("CT2843456.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Found : user_pref("CT2843456.FirstServerDate", "9-1-2011");
Found : user_pref("CT2843456.FirstTime", true);
Found : user_pref("CT2843456.FirstTimeFF3", true);
Found : user_pref("CT2843456.FixPageNotFoundErrors", true);
Found : user_pref("CT2843456.GroupingInvalidateCache", false);
Found : user_pref("CT2843456.GroupingLastCheckTime", "0");
Found : user_pref("CT2843456.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2843456.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2843456.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2843456.HasUserGlobalKeys", true);
Found : user_pref("CT2843456.HomePageProtectorEnabled", false);
Found : user_pref("CT2843456.Initialize", true);
Found : user_pref("CT2843456.InitializeCommonPrefs", true);
Found : user_pref("CT2843456.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2843456.InstalledDate", "Sun Jan 09 2011 20:04:15 GMT+0100");
Found : user_pref("CT2843456.InvalidateCache", false);
Found : user_pref("CT2843456.IsAlertDBUpdated", true);
Found : user_pref("CT2843456.IsGrouping", false);
Found : user_pref("CT2843456.IsMulticommunity", false);
Found : user_pref("CT2843456.IsOpenThankYouPage", true);
Found : user_pref("CT2843456.IsOpenUninstallPage", true);
Found : user_pref("CT2843456.LanguagePackLastCheckTime", "Sat Aug 13 2011 15:18:03 GMT+0200");
Found : user_pref("CT2843456.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2843456.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2843456.LastLogin_3.2.5.2", "Mon Mar 28 2011 12:46:30 GMT+0200");
Found : user_pref("CT2843456.LastLogin_3.3.3.2", "Thu Jun 23 2011 22:03:18 GMT+0200");
Found : user_pref("CT2843456.LastLogin_3.5.0.12", "Thu Jul 28 2011 18:00:26 GMT+0200");
Found : user_pref("CT2843456.LastLogin_3.6.0.10", "Sat Aug 13 2011 16:09:06 GMT+0200");
Found : user_pref("CT2843456.LatestVersion", "3.6.0.10");
Found : user_pref("CT2843456.Locale", "de-de");
Found : user_pref("CT2843456.MCDetectTooltipHeight", "83");
Found : user_pref("CT2843456.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2843456.MCDetectTooltipWidth", "295");
Found : user_pref("CT2843456.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2843456.RadioLastCheckTime", "0");
Found : user_pref("CT2843456.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2843456.RadioLastUpdateServer", "0");
Found : user_pref("CT2843456.SearchBoxWidth", 150);
Found : user_pref("CT2843456.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2843456.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2843456.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Found : user_pref("CT2843456.SearchInNewTabEnabled", true);
Found : user_pref("CT2843456.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2843456.SearchInNewTabLastCheckTime", "Sat Aug 13 2011 15:18:02 GMT+0200");
Found : user_pref("CT2843456.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2843456.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2843456.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2843456.SearchProtectorEnabled", false);
Found : user_pref("CT2843456.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2843456.ServiceMapLastCheckTime", "Sat Aug 13 2011 15:18:01 GMT+0200");
Found : user_pref("CT2843456.SettingsLastCheckTime", "Sat Aug 13 2011 08:06:10 GMT+0200");
Found : user_pref("CT2843456.SettingsLastUpdate", "1311168832");
Found : user_pref("CT2843456.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2843456.ThirdPartyComponentsLastCheck", "Sat Aug 13 2011 00:09:05 GMT+0200");
Found : user_pref("CT2843456.ThirdPartyComponentsLastUpdate", "1255348257");
Found : user_pref("CT2843456.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2843456.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2843456");
Found : user_pref("CT2843456.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2843456.UserID", "UN95623316229177470");
Found : user_pref("CT2843456.ValidationData_Search", 0);
Found : user_pref("CT2843456.ValidationData_Toolbar", 2);
Found : user_pref("CT2843456.alertChannelId", "1235508");
Found : user_pref("CT2843456.backendstorage.bigpoint.alertsent", "74727565");
Found : user_pref("CT2843456.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2843456.globalFirstTimeInfoLastCheckTime", "Sat Aug 13 2011 16:09:05 GMT+0200");
Found : user_pref("CT2843456.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2843456.initDone", true);
Found : user_pref("CT2843456.isAppTrackingManagerOn", true);
Found : user_pref("CT2843456.myStuffEnabled", true);
Found : user_pref("CT2843456.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2843456.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2843456.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2843456.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2843456.oldAppsList", "129343781516075326,129343781516387827,111,129343781516544078,129[...]
Found : user_pref("CT2843456.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2843456.searchProtectorEnableByLogin", true);
Found : user_pref("CT2843456.testingCtid", "");
Found : user_pref("CT2843456.toolbarAppMetaDataLastCheckTime", "Sat Aug 13 2011 15:18:02 GMT+0200");
Found : user_pref("CT2843456.toolbarContextMenuLastCheckTime", "Fri Aug 05 2011 14:13:46 GMT+0200");
Found : user_pref("CT2843456.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1235508/1231181/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2843456", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2843456",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2843456&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2843456/CT2843456[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bigpoint_games_de");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2843456");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bigpoint_games_de");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2843456");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2843456");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 16:14:00 GMT+02[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 14:54:04 GMT+0200");
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 14:03:11 GMT+0200");
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "d78846de-145f-4591-9706-24adec4bc0db");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Mar 28 2011 15:34:41 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "37040084-21cf-453b-8719-d44523f90f98");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2843456");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 07 2011 15:18:0[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 13 2011 00:09:14 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 13 2011 03:48:12 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e5a2a5ba-4879-4789-8677-c36687bb901e");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("extensions.4f8550d2151c6.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]
Found : user_pref("extensions.BabylonToolbar.cntry", "DE");
Found : user_pref("extensions.BabylonToolbar.firstRun", false);
Found : user_pref("extensions.BabylonToolbar.hdrMd5", "12D671709F9881D69768C6B92AF0440D");
Found : user_pref("extensions.BabylonToolbar.lastActv", "12");
Found : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"78\": {\"id\": \"78\",[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Found :                "name": "Facemoods",
Found :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Found :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",
Found :          "name": "Winamp Application Detector",
Found :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [24718 octets] - [19/07/2012 02:15:59]

########## EOF - C:\AdwCleaner[R1].txt - [24847 octets] ##########
         

Alt 19.07.2012, 10:15   #8
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 10:35   #9
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Das AdwCleaner-log
Code:
ATTFilter
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 10:29:13
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Andreas - ANDREAS-PC
# Running from : E:\Eigene Dateien\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Andreas\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Andreas\AppData\Local\Conduit
Folder Deleted : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Folder Deleted : C:\Users\Andreas\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andreas\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Andreas\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\Conduit
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\ConduitCommon
Folder Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\extensions\avg@toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\searchplugins\Conduit.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1750559[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DT Soft
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\prefs.js

C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\o5rwwxm5.default\user.js ... Deleted !

Deleted : user_pref("CT2843456..clientLogIsEnabled", true);
Deleted : user_pref("CT2843456..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2843456..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2843456.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2843456.AppTrackingLastCheckTime", "Sun Jul 17 2011 13:48:01 GMT+0200");
Deleted : user_pref("CT2843456.CTID", "CT2843456");
Deleted : user_pref("CT2843456.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2843456.CurrentServerDate", "13-8-2011");
Deleted : user_pref("CT2843456.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2843456.DialogsGetterLastCheckTime", "Sat Aug 13 2011 03:56:50 GMT+0200");
Deleted : user_pref("CT2843456.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2843456.FirstServerDate", "9-1-2011");
Deleted : user_pref("CT2843456.FirstTime", true);
Deleted : user_pref("CT2843456.FirstTimeFF3", true);
Deleted : user_pref("CT2843456.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2843456.GroupingInvalidateCache", false);
Deleted : user_pref("CT2843456.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2843456.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2843456.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2843456.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2843456.HasUserGlobalKeys", true);
Deleted : user_pref("CT2843456.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2843456.Initialize", true);
Deleted : user_pref("CT2843456.InitializeCommonPrefs", true);
Deleted : user_pref("CT2843456.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2843456.InstalledDate", "Sun Jan 09 2011 20:04:15 GMT+0100");
Deleted : user_pref("CT2843456.InvalidateCache", false);
Deleted : user_pref("CT2843456.IsAlertDBUpdated", true);
Deleted : user_pref("CT2843456.IsGrouping", false);
Deleted : user_pref("CT2843456.IsMulticommunity", false);
Deleted : user_pref("CT2843456.IsOpenThankYouPage", true);
Deleted : user_pref("CT2843456.IsOpenUninstallPage", true);
Deleted : user_pref("CT2843456.LanguagePackLastCheckTime", "Sat Aug 13 2011 15:18:03 GMT+0200");
Deleted : user_pref("CT2843456.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2843456.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2843456.LastLogin_3.2.5.2", "Mon Mar 28 2011 12:46:30 GMT+0200");
Deleted : user_pref("CT2843456.LastLogin_3.3.3.2", "Thu Jun 23 2011 22:03:18 GMT+0200");
Deleted : user_pref("CT2843456.LastLogin_3.5.0.12", "Thu Jul 28 2011 18:00:26 GMT+0200");
Deleted : user_pref("CT2843456.LastLogin_3.6.0.10", "Sat Aug 13 2011 16:09:06 GMT+0200");
Deleted : user_pref("CT2843456.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2843456.Locale", "de-de");
Deleted : user_pref("CT2843456.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2843456.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2843456.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2843456.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2843456.RadioLastCheckTime", "0");
Deleted : user_pref("CT2843456.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2843456.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2843456.SearchBoxWidth", 150);
Deleted : user_pref("CT2843456.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2843456.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2843456.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2843456.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2843456.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2843456.SearchInNewTabLastCheckTime", "Sat Aug 13 2011 15:18:02 GMT+0200");
Deleted : user_pref("CT2843456.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2843456.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2843456.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2843456.SearchProtectorEnabled", false);
Deleted : user_pref("CT2843456.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2843456.ServiceMapLastCheckTime", "Sat Aug 13 2011 15:18:01 GMT+0200");
Deleted : user_pref("CT2843456.SettingsLastCheckTime", "Sat Aug 13 2011 08:06:10 GMT+0200");
Deleted : user_pref("CT2843456.SettingsLastUpdate", "1311168832");
Deleted : user_pref("CT2843456.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2843456.ThirdPartyComponentsLastCheck", "Sat Aug 13 2011 00:09:05 GMT+0200");
Deleted : user_pref("CT2843456.ThirdPartyComponentsLastUpdate", "1255348257");
Deleted : user_pref("CT2843456.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2843456.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2843456");
Deleted : user_pref("CT2843456.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2843456.UserID", "UN95623316229177470");
Deleted : user_pref("CT2843456.ValidationData_Search", 0);
Deleted : user_pref("CT2843456.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2843456.alertChannelId", "1235508");
Deleted : user_pref("CT2843456.backendstorage.bigpoint.alertsent", "74727565");
Deleted : user_pref("CT2843456.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2843456.globalFirstTimeInfoLastCheckTime", "Sat Aug 13 2011 16:09:05 GMT+0200");
Deleted : user_pref("CT2843456.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2843456.initDone", true);
Deleted : user_pref("CT2843456.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2843456.myStuffEnabled", true);
Deleted : user_pref("CT2843456.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2843456.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2843456.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2843456.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2843456.oldAppsList", "129343781516075326,129343781516387827,111,129343781516544078,129[...]
Deleted : user_pref("CT2843456.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2843456.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2843456.testingCtid", "");
Deleted : user_pref("CT2843456.toolbarAppMetaDataLastCheckTime", "Sat Aug 13 2011 15:18:02 GMT+0200");
Deleted : user_pref("CT2843456.toolbarContextMenuLastCheckTime", "Fri Aug 05 2011 14:13:46 GMT+0200");
Deleted : user_pref("CT2843456.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1235508/1231181/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2431245", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2843456", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2843456",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2843456&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2431245/CT2431245[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2843456/CT2843456[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "bigpoint_games_de");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andreas\\AppData\\Roaming\\Mozilla\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2843456");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{0e3dbc69-a682-48da-84e1-82c63a5d678e}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bigpoint_games_de");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2843456");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2843456");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 08 2011 16:14:00 GMT+02[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 22 2011 14:54:04 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Jun 23 2011 14:03:11 GMT+0200");
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "d78846de-145f-4591-9706-24adec4bc0db");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Mar 28 2011 15:34:41 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "37040084-21cf-453b-8719-d44523f90f98");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2843456");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Aug 07 2011 15:18:0[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Aug 13 2011 00:09:14 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Aug 13 2011 03:48:12 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "e5a2a5ba-4879-4789-8677-c36687bb901e");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("extensions.4f8550d2151c6.scode", "(function(){try{if('mystart.incredibar.com,premiumrepor[...]
Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "12D671709F9881D69768C6B92AF0440D");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "12");
Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"78\": {\"id\": \"78\",[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :                   "css": [ "style/facemoods_chrome_1.0.1.css" ],
Deleted :                "name": "Facemoods",
Deleted :                "permissions": [ "tabs", "hxxp://igor.facemoods.com/", "hxxp://reports.facemoods.com/[...]
Deleted :                "update_url": "hxxp://facemoods.com/public/download/chrome/update.xml",
Deleted :          "name": "Winamp Application Detector",
Deleted :          "name": "Winamp Application Detector"

*************************

AdwCleaner[R1].txt - [24771 octets] - [19/07/2012 02:15:59]
AdwCleaner[S1].txt - [23285 octets] - [19/07/2012 10:29:13]

########## EOF - C:\AdwCleaner[S1].txt - [23414 octets] ##########
         
der andere scan läuft gleich an

Mit nichts löschen meinst du damit: auch nicht in die Quarantäne verschieben oder is das erlaubt?

Stand 13:15

Fertig!!!

du wirst jetzt erstmal nichts von mir hören, weil ich zur Arbeit muss.
bin um 20:30 wieder OnLine.

viel glück bis dahin

Code:
ATTFilter
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 19.07.2012 10:47:36

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, E:\, F:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	19.07.2012 10:48:10

c:\users\andreas\appdata\roaming\passware 	gefunden: Trace.File.passware kit 9.0!E1
c:\users\andreas\appdata\roaming\passware\passware kit 	gefunden: Trace.File.passware kit 9.0!E1
Value: hkey_classes_root\clsid\{2c704dbb-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_classes_root\clsid\{2c704dbd-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_classes_root\clsid\{389b19b9-9a87-11d1-b77f-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_classes_root\clsid\{2c704dbc-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_classes_root\clsid\{6e29b981-9c50-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_classes_root\clsid\{855c49a7-9c3c-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{2c704dbb-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{2c704dbc-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{2c704dbd-9c46-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{855c49a7-9c3c-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{6e29b981-9c50-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{6e29b982-9c50-11d1-b784-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
Value: hkey_local_machine\software\classes\clsid\{389b19b9-9a87-11d1-b77f-00001c1ad1f8}\inprocserver32 --> threadingmodel 	gefunden: Trace.Registry.find out now spy software!E1
C:\Program Files (x86)\sb3\data\IluPak.exe 	gefunden: Trojan.Win32.Agent!E1
D:\Program Files (x86)\Ubisoft\Die Siedler 7\Data\Base\_Dbg\Bin\Release\1911.dll 	gefunden: Packed.Win32.VMProtect.AAA!E1

Gescannt	977550
Gefunden	17

Scan Ende:	19.07.2012 13:14:40
Scan Zeit:	2:26:30
         

Geändert von Seraphim137 (19.07.2012 um 10:56 Uhr)

Alt 19.07.2012, 15:31   #10
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Du benutzt gecrackte Software (Siedler 7), warum?
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 20:53   #11
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



Weil man mir sagte das "die Siedler 7" oft probleme mit ATI-Grakas hat.
Also habe ich mir das spiel gezogen um zu testen ob es bei mir läuft.

natürlich lief es nicht.

Es wurde auf börse.bz angeboten mit der behauptung es sein Viren-frei.

Da ich noch nie mit viren probleme hatte hab ich das ding einfach vergessen.

ich hab jetzt erst meine Lehre daraus ziehen müssen.

Alt 19.07.2012, 21:52   #12
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



OK,

lass die Funde von Emsisoft entfernen.


danach:





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 09:36   #13
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



vielen dank


eset is durchgelaufen:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=056a622e4476784d880ba7116f27215d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 12:25:26
# local_time=2012-07-20 02:25:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 57560113 57560113 0 0
# compatibility_mode=3073 16777213 80 71 13997 18417992 0 0
# compatibility_mode=5893 16776574 100 94 1566324 94358228 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=558576
# found=2
# cleaned=2
# scan_time=15549
C:\Program Files (x86)\Mozilla Firefox\extensions\{CA60F577-1B28-41D6-8C78-C49E63304FCF}\chrome\findxplorer.jar	Win32/Adware.OneStep application (deleted - quarantined)	00000000000000000000000000000000	C
C:\ProgramData\Codecv\uninstall.exe	Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
         

Alt 20.07.2012, 21:17   #14
t'john
/// Helfer-Team
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 01:21   #15
Seraphim137
 
Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Standard

Battle.net-Acc wurde gehackt nach Echtgeldeinkauf



hab da jetzt ein problem.
zur Check liste:

Zitat:
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
check

Zitat:
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
check

Zitat:
- deaktiviere vorübergehend dein AntiVirus-Programm
check: comodo über die Taskleiste beendet

Zitat:
- Starte die TDSSKiller.exe durch Doppelklick.
check
Zitat:
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
hier taucht das problem auf:

Weder wird mir eun neustart vorgeschlagen noch beendet das programm nachdem durchlauf mit den vorgegebenen Parametern.





Ich habe die parameter verändert und da kam das dabei herraus:





was soll ch tun?

PS:
wenn ich morgen früh nicht antworte liegt das daran das ich über das WE bei meinen eltern bin und meinen PC nicht zur verfühgung habe.

Deine Antwort kannst du aber trotzdem posten den lesen kann ich die nachricht noch.

schönes WE Andy
Angehängte Grafiken
Dateityp: png 1.PNG (145,4 KB, 399x aufgerufen)
Dateityp: jpg 12.jpg (84,3 KB, 387x aufgerufen)
Dateityp: png 123.PNG (123,4 KB, 469x aufgerufen)
Dateityp: png 1234.PNG (112,0 KB, 490x aufgerufen)
Dateityp: jpg 12345.jpg (91,7 KB, 492x aufgerufen)
Dateityp: png 1234567.PNG (126,9 KB, 525x aufgerufen)

Antwort

Themen zu Battle.net-Acc wurde gehackt nach Echtgeldeinkauf
akamai, alternate, avg secure search, avg security toolbar, avp, battle.net, bho, bonjour, browser, codecv, cursor, device driver, document, downloader, error, excel, firefox, flash player, google earth, heuristiks/extra, heuristiks/shuriken, hijackthis, hkus\s-1-5-18, install.exe, jdownloader, kaspersky, langs, logfile, microsoft office word, msiinstaller, ntdll.dll, object, problem, registry, required, richtlinie, searchscopes, secure search, security, senden, software, super, svchost.exe, tastatur, teamspeak, visual studio, vtoolbarupdater, windows



Ähnliche Themen: Battle.net-Acc wurde gehackt nach Echtgeldeinkauf


  1. Battle.net Passwort wurde durch dritte geändert
    Log-Analyse und Auswertung - 17.08.2014 (4)
  2. Wurde gehackt
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (1)
  3. wurde ich gehackt?
    Plagegeister aller Art und deren Bekämpfung - 31.12.2012 (6)
  4. Battle.net Account gehackt; Wurm eingefangen?
    Log-Analyse und Auswertung - 24.08.2012 (5)
  5. Battle.net Account gehackt
    Log-Analyse und Auswertung - 09.07.2011 (13)
  6. Battle.net Account Gehackt-> Pc infiziert?
    Log-Analyse und Auswertung - 01.07.2011 (4)
  7. Ich Wurde gehackt! und nun?
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2011 (4)
  8. battle.net/WoW Account gehackt, Trojaner
    Log-Analyse und Auswertung - 18.02.2011 (5)
  9. Battle.net (wow) Account gehackt - Trotzdem nichts zu finden
    Log-Analyse und Auswertung - 17.01.2011 (9)
  10. PC wurde von profi gehackt, wie weiß ich nach dass er zugriff hatte ? log file ? etc
    Überwachung, Datenschutz und Spam - 05.11.2010 (2)
  11. PC wurde gehackt
    Log-Analyse und Auswertung - 16.06.2010 (2)
  12. ich wurde gehackt in wow
    Plagegeister aller Art und deren Bekämpfung - 21.05.2010 (4)
  13. Ich wurde gehackt
    Plagegeister aller Art und deren Bekämpfung - 28.04.2009 (1)
  14. Wurde gehackt
    Log-Analyse und Auswertung - 09.03.2009 (5)
  15. Acc wurde gehackt.......;-(
    Mülltonne - 12.12.2008 (0)
  16. Ich wurde gehackt ?
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (4)
  17. Wurde gehackt!
    Antiviren-, Firewall- und andere Schutzprogramme - 10.09.2006 (16)

Zum Thema Battle.net-Acc wurde gehackt nach Echtgeldeinkauf - Hi Leute, Ich habe gestern Abend noch ne Runde Diablo3 gespielt und bin dann schlafen gegangen. Hab mich heute Abend wieder rangesetzt und musste einen gesperrten Acc vorfinden. Daraufhin habe - Battle.net-Acc wurde gehackt nach Echtgeldeinkauf...
Archiv
Du betrachtest: Battle.net-Acc wurde gehackt nach Echtgeldeinkauf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.