Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Virus 100 Euro

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.06.2013, 14:03   #1
Lacki7
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Hallo,

ich habe mir soeben den Trojaner eingefangen, bei dem ich via Paysafecard 100Euro zahlen soll, andernfalls würde mein Computer nicht mehr entsperrt werden.
Die GVU droht aufgrund von Urheberrechtsverletzungen auf diesem Standbild. Das es sich hierbei um einen Trojaner handelt der den Bildschirm sperrt ist mir bewusst. Gezahlt wird an diese Betrüger sowieso nicht!

Jetzt habe ich gelesen man hat bei diesem Viech keine große Chance ausser neu aufsetzen, da er sich rasch verbreitet?
Ich schreibe hier grad im abgesicherten Modus, dieser funktioniert also noch...

Ein OTL-Scan ist im Gange, jedoch habe ich den Haken bei "Scanne alle Benutzer" vergessen, wäre dies fatal? (/E: Der Scan lässt sich nicht abbrechen und schliessen. Es macht den Anschein, als würde er nicht agieren...)

Ich bin echt ein wenig ratlos zurzeit und habe Bedenken,dass ich den Computer so nicht mehr verwenden kann, da immer etwas im Hintergrund aktiv bleiben wird. Liege ich da - bitte bitte - falsch?


Liebe Grüße,
Adrian

Alt 26.06.2013, 14:10   #2
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Hallo Adrian,

Zitat:
Jetzt habe ich gelesen man hat bei diesem Viech keine große Chance ausser neu aufsetzen, da er sich rasch verbreitet?
Das stimmt nicht, da verbreitet sich nichts..

Poste einfach das OTL-Log, wenn der Scan durch ist, dann schau ich mir die Sache mal an.
(Und wenn OTL sich aufgehängt hat, dann schiess es über den Taskmanager ab und starte den Scan neu. Am besten für "alle Benutzer", aber sonst ist auch nicht so tragisch.)
__________________

__________________

Alt 26.06.2013, 14:18   #3
Lacki7
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Siehe da, die Logfiles sind endlich da.

Vielen Dank schonmal für deine Zeit, ich hoffe du kannst mit diesen Files hier mehr anfangen als ich

Liebe Grüße
__________________

Alt 26.06.2013, 14:28   #4
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Danke.
__________________
cheers,
Leo

Alt 26.06.2013, 14:33   #5
Lacki7
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Code:
ATTFilter
 Computer Name: ADRIAN-PC | User Name: Adrian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.26 13:28:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Downloads\OTL.exe
PRC - [2013.06.26 12:27:25 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.06.13 08:30:28 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013.05.15 12:08:46 | 002,255,184 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.07 16:18:50 | 006,425,984 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2009.12.20 16:56:11 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.26 12:27:25 | 003,285,912 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.06.13 08:30:27 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2009.12.12 16:12:03 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.26 12:27:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.13 08:30:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.03.26 19:58:34 | 004,561,152 | ---- | M] () [Auto | Stopped] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.27 01:44:13 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Stopped] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.25 05:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.10.21 19:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Stopped] -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2008.02.27 14:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.19 23:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp60.sys -- (ZDPSp60)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Adrian\AppData\Local\Temp\stijt4pzq.sys -- (guardian)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.05.22 16:10:12 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130625.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.05.22 16:10:11 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130625.023\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.26 20:13:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.03.23 01:59:58 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130625.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 10:44:08 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 19:13:57 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.19 11:11:18 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.01.18 16:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 16:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011.11.16 21:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2011.11.16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2011.08.03 10:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.03.08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.01.03 10:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.09.02 20:01:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.09.02 20:01:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.11.25 05:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.11.16 04:13:14 | 000,216,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.15 19:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009.10.15 19:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Home\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.11.02 14:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 14:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.05.23 05:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.05.23 05:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.03.27 17:30:00 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2007.03.27 17:30:00 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmcam323av.sys -- (vmcam325av)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2005.10.28 05:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: %7B8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}:0.9.7.13
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.12.29 12:44:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.05.19 11:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013.06.26 10:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 12:27:22 | 000,000,000 | ---D | M]
 
[2009.12.20 15:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions
[2009.12.20 15:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013.05.23 19:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions
[2010.06.09 20:37:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.11 07:27:32 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010.10.01 19:19:50 | 000,000,000 | ---D | M] ("Travissimo") -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions\{c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}
[2013.05.09 19:46:38 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\client@anonymox.net.xpi
[2011.09.13 20:36:19 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013.05.23 19:11:09 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.11 10:16:49 | 000,000,911 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\11-suche.xml
[2009.10.25 13:33:18 | 000,000,886 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\conduit.xml
[2012.10.11 10:16:49 | 000,002,273 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\englische-ergebnisse.xml
[2012.10.11 10:16:49 | 000,010,563 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\gmx-suche.xml
[2012.10.11 10:16:49 | 000,002,432 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\lastminute.xml
[2011.11.23 20:34:11 | 000,001,565 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\web-search.xml
[2012.10.11 10:16:49 | 000,005,545 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\webde-suche.xml
[2013.06.26 12:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.26 12:27:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2010.11.03 14:04:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.27 22:51:30 | 000,184,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Akamai NetSession Interface] C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Vidalia] C:\Program Files\Vidalia Bridge Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D21DC6-CF25-40F6-9FC8-7094BC5D260D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8E66AAE-86E7-4CE4-ABB2-72352DC127A6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000 Winlogon: Shell - (C:\Users\Adrian\AppData\Roaming\skype.dat) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{98449c43-c531-11e1-b14b-90e6bacb6774}\Shell - "" = AutoRun
O33 - MountPoints2\{98449c43-c531-11e1-b14b-90e6bacb6774}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.26 12:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.24 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013.06.24 12:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.24 12:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013.06.21 18:57:34 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Genetikk - D.N.A [320]
[2013.05.27 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Herr Sorge - Verschwörungstheorien mit Schönen Melodien (Deluxe Edition) (2012)
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 14:17:42 | 000,031,779 | ---- | M] () -- C:\Users\Adrian\Desktop\Desktop.rar
[2013.06.26 12:46:17 | 000,617,444 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.26 12:46:17 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.26 12:46:17 | 000,122,064 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.26 12:46:17 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.26 12:45:51 | 000,002,079 | ---- | M] () -- C:\Users\Adrian\Desktop\SpyHunter.lnk
[2013.06.26 12:41:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.26 12:40:17 | 000,000,004 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\skype.ini
[2013.06.26 12:39:39 | 000,007,512 | ---- | M] () -- C:\Users\Adrian\AppData\Local\d3d9caps.dat
[2013.06.26 12:39:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.06.26 12:37:31 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 12:37:31 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 12:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 12:00:00 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.06.26 10:37:34 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.06.25 20:18:37 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2012871-ADE0-4913-B409-1478C45E3F90}.job
[2013.06.24 12:58:11 | 000,054,784 | ---- | M] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.24 12:45:19 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.06.13 08:30:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.13 08:30:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.26 14:17:42 | 000,031,779 | ---- | C] () -- C:\Users\Adrian\Desktop\Desktop.rar
[2013.06.26 12:45:51 | 000,002,079 | ---- | C] () -- C:\Users\Adrian\Desktop\SpyHunter.lnk
[2013.06.26 12:35:49 | 000,000,004 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\skype.ini
[2013.06.24 12:45:19 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.03 20:19:10 | 000,819,200 | -HS- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.07.03 20:19:10 | 000,180,224 | -HS- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.03.01 17:45:35 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.03.01 17:45:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.03.01 17:45:33 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.07.05 13:20:27 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.19 11:44:05 | 000,001,940 | ---- | C] () -- C:\Users\Adrian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.04.17 12:31:17 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.03.08 18:07:02 | 000,022,328 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\PnkBstrK.sys
[2011.02.11 16:40:37 | 000,000,132 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.11.21 14:22:25 | 000,002,138 | ---- | C] () -- C:\Users\Adrian\.recently-used.xbel
[2010.01.15 12:59:57 | 000,000,372 | ---- | C] () -- C:\Users\Adrian\Dokumente - Verknüpfung.lnk
[2009.12.25 12:13:41 | 000,054,784 | ---- | C] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 14:17:04 | 000,007,512 | ---- | C] () -- C:\Users\Adrian\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.12.20 16:49:33 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 00:36:50 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:5F91AB27

< End of report >
         
und hier die Extras.txt:

Code:
ATTFilter
Computer Name: ADRIAN-PC | User Name: Adrian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-974515316-1955410149-2348617307-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054061FC-A48E-4787-B0A7-8363F00B5815}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{0AAE6061-B07A-4385-B9F1-26FA5A6E3358}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{13562C88-EE39-4242-84BB-7A3347FDCAD0}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{14AEFB0D-5970-4498-981B-94E783A3EC45}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{15FDC790-A1F6-43F4-AB57-5E7127D15D4E}" = lport=6907 | protocol=6 | dir=in | name=league of legends launcher | 
"{1A162533-47F7-414E-8851-130E85D30C65}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 
"{270D499E-057C-4E9F-8CBA-BC3CD5B77818}" = lport=6907 | protocol=17 | dir=in | name=league of legends launcher | 
"{28AE7A09-E74F-41E7-945D-8242A9A14242}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{35554C81-DCF5-4092-BADD-D225226A31CF}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{428E4AE4-59BB-422E-8733-F240ADC6653D}" = lport=6909 | protocol=17 | dir=in | name=league of legends launcher | 
"{43404E0B-EE88-49A0-B3A6-D0DABBD11EB1}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{497711F2-C04C-4BC1-ACB1-50E74FF5DB60}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | 
"{4C28A622-EF36-4F43-8FEC-5105C0A59058}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{52177C4E-A50B-4F8C-833C-3210F52A9E16}" = lport=6881 | protocol=6 | dir=in | name=league of legends launcher | 
"{5876E3DB-4A28-4834-A77E-EAF58891C301}" = lport=6909 | protocol=6 | dir=in | name=league of legends launcher | 
"{5CF8A4F1-B1D4-4F9B-82BF-8462C1F2DB32}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 
"{5D85AA70-E6A6-44CE-BC54-F352617F02C0}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{638A956F-B0BC-4596-B6E7-5B3CFE9B826B}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{68459A4E-EAEF-4B32-B07A-60209F7AC663}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{6947D078-DF0C-4A0C-9ECB-D1A75C550DC5}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 
"{6BEC6259-9015-4024-8BEB-E83770588246}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{6F512780-4647-4D04-A885-5D49DE71F0D0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{7211772F-35C0-43B2-9259-1E6F642D312F}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{726DB242-65B6-4CF6-B10E-7C04C4B3420F}" = lport=6964 | protocol=6 | dir=in | name=league of legends launcher | 
"{747AACEF-0CED-4911-A2CC-A1AC219CBBE9}" = lport=6917 | protocol=6 | dir=in | name=league of legends launcher | 
"{764BB4BB-DE9B-42BB-B5B9-86C7AFCF5C71}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{7DFC09F0-5253-4646-A0EB-90C4B0CA30CA}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{7F723D56-8132-4734-A19C-0B9D1BFD7FA4}" = lport=6881 | protocol=17 | dir=in | name=league of legends launcher | 
"{87FDB6C7-0E5E-479F-8043-C42AC3D48F9F}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{9211D125-6A7E-4308-8EEB-C3BDE5BF2CB0}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{964EEC76-806E-4A2D-8ED1-B49DE787ECEE}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | 
"{9671C075-9EDF-4A2F-94D2-5321E87EA731}" = lport=6917 | protocol=17 | dir=in | name=league of legends launcher | 
"{A0B31868-75E3-41E6-BBFA-3050937450E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{A714F43B-1E08-4FE8-B46A-8FEF0E376F90}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AA37CF0F-6AB1-407E-8D3C-3E58B9790344}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{AC2908ED-C3C6-443C-969C-B96085F7EC14}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 
"{ADEB951F-5D63-4750-83A3-9DCA67A5A502}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B068F5FA-469F-4738-9A32-1CA2B7BE98F1}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{B4BB8709-2EE8-44F0-B71C-6BAFA171281F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{B8267228-AA90-4951-BD4E-8FD9F73A0F13}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{BC06C093-B82B-4E83-8CBE-655FA03CE6CF}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{BC40D4B8-D7CB-47B4-BC1A-B0DB884424B5}" = lport=6972 | protocol=17 | dir=in | name=league of legends launcher | 
"{BC81E221-0129-44E5-A791-772B0BFB6FB6}" = lport=6956 | protocol=6 | dir=in | name=league of legends launcher | 
"{BCAB0E86-47AA-41D8-917D-DD008E35A9E4}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{C389D91E-2BEC-43F5-B51D-4C4CAE855D52}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher | 
"{D49BE34D-9435-4E18-8B2F-B066C0A1A778}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{D7C04679-C330-4780-AAAE-65E311AC772A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{D8F4C355-2FF7-4B25-B381-702875BF612D}" = lport=49165 | protocol=6 | dir=in | name=akamai netsession interface | 
"{D9089A3E-B5A8-4ADA-B253-54EECBAAEE90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | 
"{DABA1136-530A-4E3B-B8DB-B80E53FBEBC6}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher | 
"{EB94502B-648E-4DEA-ADB7-F1169D22E9CB}" = lport=6956 | protocol=17 | dir=in | name=league of legends launcher | 
"{ED9DB16A-1C92-49F1-BECC-C588F9272FCB}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{EFF75446-2806-41F9-B6DA-ABA776EEE166}" = lport=6972 | protocol=6 | dir=in | name=league of legends launcher | 
"{F2103CA1-F6A8-4339-ABF4-E734098FD09A}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher | 
"{FA9B908D-39F5-4452-BFA9-563FDDF923F6}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher | 
"{FB36E707-AB65-4B29-A7F2-3BD577EC03B9}" = lport=6964 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00941A9D-B4C2-40F1-8E60-3DD61A90B11A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01025BA7-1998-4C39-A932-741270B9957A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{018C866B-440E-482F-8302-6C467F055F33}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{01AF823C-1026-4689-8955-B6D8CD35F82A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{021FB2F1-CE3E-4482-A57D-E4659316C33F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0295E190-049A-458D-857F-CE0A2613AECA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0328FCF6-CB05-40D0-9780-A26AA7838FA2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\freshiii\counter-strike source\hl2.exe | 
"{034CFF77-FA5D-456F-A6C3-7B5CEFAEE1E6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{0468212D-AA14-4761-AC9E-F9830435C301}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{055C155E-6626-4C01-9731-170D778FA29C}" = protocol=17 | dir=in | app=c:\users\adrian\appdata\local\akamai\netsession_win.exe | 
"{059AFA8B-3A72-47CB-B511-89AA328974EF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{05E395C9-4428-4681-8DBD-5F4A5260A198}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{07E25D41-E22B-4B0E-9B7D-DE486B24F2F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{080C29F5-BEE6-4FB0-8334-F4C60EF083F2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{08F97B10-CF7C-45BA-8AA4-A2228675787A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{091E510F-2D2D-406D-A5B4-2CE236494CA7}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{0A5C033B-63E2-470C-A4C0-27D7FD409D8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0B0FF84B-7ECD-4EB2-BB35-6A8B2CC03BD9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0BEDA984-10FE-4F26-8526-BA23927D72FB}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{0EBA62B8-F116-47D6-8D88-A208F3E8A189}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F8026A0-CDB3-4528-ADF6-239E3C6AFB10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1048696D-7A2F-46CD-9460-D8C333BB0341}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1059E16A-414E-4603-8959-1D05D2C0A696}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{11E15EDB-A032-4BFD-A7B3-FBAAC3C67763}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{126E1595-5E85-4D71-AADD-DED74BB64C10}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1309D0AC-1716-4A1C-8171-4DDBABB0C491}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{14E186EF-CC42-4AC0-9546-4D7A7B26346F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15663B23-A95B-4432-B643-001D08E6D05F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15BEE1D4-84BA-40BC-B74F-9B4531379D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{179E6614-6245-4E5A-BD90-846651586AB5}" = protocol=6 | dir=out | app=system | 
"{17BC66AA-F9E3-4484-B1A6-A913046487BE}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{17D37648-57A7-47C1-AEC3-1AE8C4EA687B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{1868D6E8-F380-4F10-B039-E118E71E1FDF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1870D5E4-C2AC-4B1E-9F2B-88DA19168C4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{18C74814-DD8B-4961-811D-AC9ADBDAC4BC}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{18D910AF-67F1-4E9C-8D78-A4ABAB2D5427}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{1982BB0D-3BEE-4E8A-A9D0-54BA8A71C594}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A0A9E4B-3DB9-43FD-951A-C46C2377C5A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B74659A-2584-418B-A75A-D4E79051B28C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1BFEF433-C511-473B-9120-506DD6ABC2F0}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{1CCB432A-C956-49A9-9AC7-53D01E13FF7B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1E0229D6-C1DD-45B6-B92C-19B7ED0C2180}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{1ED68E75-F349-49EA-B159-D82F704BAEE9}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{1F7CD3A3-32A6-4596-B2BC-42E7E3EF78D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1FDE075B-5652-4377-BEDA-1C8ACA30A1A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{20B11C92-DD29-4864-B0A0-CA4B63DAD8A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{22E94CC6-564E-4EA6-A092-0722BC2F6A08}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{237047BF-321A-44C1-8DD9-D5DDE1DA9611}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{238052F7-EF52-459C-ABBC-E42644F6A682}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{23EF5498-88A4-48DD-8C6D-82CCCCDB4A31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{242CE9BE-04C9-4A9F-A97C-4A89F59819F6}" = protocol=6 | dir=in | app=c:\users\adrian\appdata\local\temp\blizzard installer bootstrap - 01601f59\installer.exe | 
"{2550AF3D-0EFB-4424-AB1A-EF7660DEFBB5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25559F5D-8B21-4ABD-BDE7-77EEF3AC7BB6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{25BDD5E3-FBCE-47F9-9B09-EB3B8167C7A5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{2726DBE5-3DC3-4056-B1F8-52658B99929A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2885B49D-9D83-446F-88D9-62F69256CC22}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{29CD1E58-E278-4F2D-BBC9-499520E57E84}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{2A3779D0-276E-4814-BCA1-F5A97B937D85}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2B871441-76B6-4A67-9E74-66776A802CB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2CDF6D0A-20F3-4BE7-97C6-C32CB2DA1EBC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2D98493E-6D68-4499-91C9-24E87FBC0C67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2E2C2890-CDC0-495A-BA48-10AE5E439F69}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{2FA958B8-90E8-4AC4-821F-2554E51B6F90}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{30F830B5-9F47-4BE8-8979-21C33F657FC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{31A33E60-4A98-4748-A491-4974B22E319C}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{31EFED26-7798-42EF-B7A7-66748E6D6F8B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{323E80D3-9C8B-4FEF-8E48-146D8D193753}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{346B8333-EA51-4672-A449-5BFCA1A3509E}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{3744E21D-CFCA-48C3-9C42-11A32AE3C036}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{374669AE-3613-4DBA-8ACD-3CBE799BAB4A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37D276DE-1160-455C-9800-76EEA083133C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3828C8F9-E750-4403-8F1C-F9AE4D9D751D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{383E230B-6070-4F10-A1F5-A5C78C547105}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{383E9198-497D-4B03-ABB7-FEECC6196236}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38C3F07B-E36C-497C-8173-B36CD5A8448E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{38DDF80E-EF80-4571-BF18-9355E430A65C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3C8F7D7C-C1A3-45C0-A1B2-278491B157E0}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{3CC61779-D593-4D64-A3D1-4E85F5AE3932}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3D325685-5CAB-4F6F-A7FB-C39EDAB69338}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\freshiii\counter-strike source\hl2.exe | 
"{3D472C1C-4084-4C97-A484-1AC9D14E7B1E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{3DAF10E9-D1B1-417B-AEE8-74F16A572EA7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3EFA4742-764E-4071-AD1C-D147E31D2D56}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\freshiii\counter-strike source\hl2.exe | 
"{409C9698-8401-4E6E-9CA1-E13125DFD071}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4207741D-3E4C-43FD-AA1C-F3068F6EFB9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42886C98-5A1C-4FE8-9863-7BE91C43B8DA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42FA54AA-DE56-4A30-A261-80555E1C448D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{44A58A89-4300-4BD7-A1D1-0CDB437F29E7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4520B643-9C3D-4907-A589-EEC2206603AA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{45B81946-C59D-4ACA-8DE7-2B17540667E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{460B5B6B-0914-4598-AA20-4CF3AE7AA139}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{462A3606-8412-4BF1-AD4B-0381A2FE2C3C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{46468C94-6373-4F4E-9021-25620F0BB943}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{467D3242-206F-47B3-AB20-97034E327FCF}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4791AFB3-5635-4F41-A278-6675E5D5AA4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48A49C3A-0AE8-4115-99A2-2C8B7766E059}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{49B36150-A1C7-491E-BE85-50B59DA0C684}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4AC67D8D-479D-4E97-9039-937007FA8260}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4B9BFD62-E392-4134-B3A5-48E9128188AE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4CC22B90-D794-40BE-B4B6-8354A06AD3B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4CDF3880-E685-449B-97CA-E84517AB915E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\freshiii\counter-strike source\hl2.exe | 
"{4D4EAFAA-AE06-4888-ADB3-0309068C7C78}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4DF9C283-5ED8-4D00-BAE2-4F67B9F09DFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{530B5754-33CF-4F66-9B8B-E3CA68DDAECE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{53957F56-29EA-461B-84F4-49BFA9672E7E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54337C45-69AA-4DE3-AF06-E703EAFE8762}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54CCC114-F129-49DA-86B4-A6DB1C5F1874}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{558CE9C4-7D40-4473-AFE1-953B30BEE236}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{560323D6-F5C7-4148-A86F-6BA52A554441}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{56B8214D-1079-437F-BE79-14E037247122}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{572829F1-E995-4FA7-ADDF-7E815335899D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57B85026-85D7-4AC9-B647-0535A5655BE6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5868136E-0A97-451B-B1FC-2F5E92841F82}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{59291494-6314-4828-AA45-29FD0262DB4C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{5BAF12DE-7AEF-436B-9CF7-B48DDC7723E4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5C1D4849-244C-4D72-8BE3-8A9B623F6EBA}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5D0A30E8-5AE1-4863-A55B-BCAC40D372D5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6084F842-080A-4309-B13A-BF0764EDC0FD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{60B42C20-1EC8-479F-8332-94334C9B71A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{61A8EF9D-6183-4FE5-9FBD-B1961F71111C}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | 
"{631F06D6-FC3D-4850-A3ED-14A710D8645B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63AA7293-186B-42C6-A731-136B676D5850}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{63F8330E-68E0-44F1-A5BA-0C53196E1346}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{6416820B-D45B-4225-B19F-F2974313AFDE}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{6442CA04-3739-41A9-863E-5FD7B2B34DA1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{6634AA4B-7962-4355-A1DD-2C4AF1E8D136}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{66B4FFE4-005C-47AC-A0CC-62827B9D1C11}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | 
"{66FB4F5F-3BE8-4CD1-83A0-314DF5417E8B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{672AD11B-FDF0-4ED7-A62F-9D1241485DD0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{67AF9B44-47C5-4772-9DCF-A411D4A8DCA2}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{6858ED61-EC3C-4D48-AC0E-658731567E5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68A77F96-AD70-44EF-98B5-46D033E8BB92}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{68E81C39-3C41-4FB7-B1A3-3BF7F559BEBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{690FF796-1DDA-476C-B19C-6191957BA96D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6A3092B4-532D-48C6-AFEE-5B87CA0A9924}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B8DB57E-1874-4A85-B438-D406C06AF888}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{6BF0ADDA-B680-4D5E-A1C4-969E423A5960}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6C9AF1A9-A7C9-4029-A281-409505AA2C12}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{6E331B67-5DF0-4322-9434-3438C2BA7B71}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{6EA3F787-8DA2-49A1-B41E-8AFA1E6893C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{710BD9CB-89F7-4CB4-BFC3-90F757C0A506}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{73BAB23B-6176-4944-8AFE-A2DFEB5A3BA9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{75827212-EFD7-4D15-A005-BA449B554270}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{76CBF135-6DF6-4CBD-B8D7-CE3AC3AABA1D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{780B0427-2435-47A5-B8E3-3B78E9CE0999}" = protocol=6 | dir=in | app=c:\users\adrian\appdata\local\akamai\netsession_win.exe | 
"{789920D2-B7E2-4805-9500-2CC0C6F6B9AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{789B9B13-58DD-4592-BEE5-A7D0854390FC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79B68FDB-CF82-4A41-8F42-0B8696B799E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{79E6A88E-7BC9-47CA-8E9D-AF96B2969CAE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7BAC7AFB-9D99-43BE-A30D-113F7DC56A7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7C2B5ECC-B512-4001-ADB8-60DF5E071A69}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D4E5581-26C9-4C74-B5E2-EB3F0ABBEBC2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7D5E68A9-9EA5-4B06-8955-375A7EDE6710}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7E786B87-DC34-4B67-8C5A-7AB3EB3AD629}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7F561CD2-2DF5-426B-8DFF-483AF5A2FB6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7FCD04E3-9CE6-49E6-97B5-A0848736A747}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\freshboy737\counter-strike source\hl2.exe | 
"{8114411E-50D9-4C71-9438-05064D2E560F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{81BA75CE-8512-47F1-9A9D-EE27CA20C8AC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82303628-50BE-4A99-9CE4-B77F78281E65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{82569862-8714-493C-9C71-5AA99A7CE745}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8372D5AC-453A-40BB-83BB-18E15B72E2B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{83B2F51A-0C14-4CEC-A388-BA5FC47A4868}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{860682D3-B6BD-4AF8-89B1-3E59A6612C3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{862E114C-1F8B-44BF-94B0-2E273B652DE1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{868C0527-477E-47EE-9671-7449520FFE9B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{884A5015-E78C-4ABE-AB1A-DEBFA0EE9C70}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{88689730-9B7A-44C3-92B2-BA25DBE21A99}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8879A814-9450-4FF9-95E3-9428079FB3B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8BED9DFE-919F-4981-BE56-524377946481}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8C7BC9EF-DAF0-451B-A345-769ADDC72F41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8DF258DF-6B33-41AD-86C4-4F087C0390DE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{8F6215BF-A5DF-47D2-B5A9-E88EA78F7B56}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{8FA76890-A7F0-4033-AFCC-4CC5D66275D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{913C6423-944C-4B78-95C9-6963483DA195}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9164CA0B-6093-49EE-B668-721531D613F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91933E3F-CC2E-4651-8EC4-85352BB05B3D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{91E4979A-6BB8-414C-BFED-A1812D5D24DA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darkspore\darksporebin\darkspore.exe | 
"{92A24004-2B5D-4C2D-AEE7-16646FB06230}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93932D72-5831-40C7-8567-9CFD554B490F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{93AD2B67-7C78-4DE2-91EE-CFFD2BA59541}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{93B8F959-D6A8-4602-98AD-367773D06F6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{940AEC64-B00B-40DD-8B1D-C2EF9E6A410E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{941468D3-6FD4-4286-80CE-DD9182401E05}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94D5C023-5AA0-4A76-96C5-E0932DF9A96F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{94DA23E5-A2D1-4A0B-897F-AE5883A28A87}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{963F1D48-CB07-4AE6-AD9D-6B66FC3385C3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9838A317-DEC3-40FC-B9B5-E8C20099C597}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98E8E17F-2CB3-4885-88AB-E670664C334D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{9A63ACC0-7901-414F-AE1E-79C36BEC4177}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A6AA97C-C3AC-4C7D-BB12-16DC98916F3C}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{9AC498E0-BAF2-4894-B176-5597DCDAC5F3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9B44FD19-E043-4331-AF6B-9D305E97DB2D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C90CF74-111B-4AE9-93BC-E47B035B289C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D615203-6058-454E-A30E-82A593057525}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9E2A0F69-C854-4DA0-A5E7-CD24159BF628}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{9E6DF53D-FD66-4828-8175-33E4A78475A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9EB9217D-06CC-4B3D-8B9B-C05EE097D328}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F2DD844-2756-43CD-BD33-D4734139C6F4}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{9F40C600-9C1F-41FA-A80B-FDCB09F0BDF3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9F7F47F7-542D-4199-B906-6FB6E7F3B3C2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A09F3988-10F2-4DA1-AB28-174239957F0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A1F1C5BA-CC52-40BB-8BD0-58EA5BA9C584}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A313EED5-4837-4EA9-9841-0E90B02B8E46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A411DC7A-59F5-4D82-B377-8D3E06DB9A6F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A4427A65-369C-4C5E-AF56-46AD569E5356}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A4967C7B-F830-471F-882F-652D5307BEA5}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{A4EBB42A-190E-4AC4-ACFF-3C988437DBF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A59D24DE-4CC6-47B7-BECC-DF3D27E3BBAB}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{A60E9CCC-0321-4BC0-92C5-FF6E8DD3574D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A69316DC-9A04-4219-B067-23340C776F7E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{A77C1677-6D98-4B24-B79C-F16DBCFB3C70}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A8DBD466-E85F-4752-AFF5-A7616C11FDA3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A91E5B3B-5231-4866-8C21-657151B1DF4C}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A9BA6026-16DE-4F84-B9DB-272C36CACDB8}" = protocol=17 | dir=in | app=c:\users\adrian\appdata\local\temp\blizzard installer bootstrap - 01601f59\installer.exe | 
"{AAF536F7-09A1-494F-B8C8-3943A228CDB8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB6B1DFF-0B28-4472-AD06-057451DE8C1F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ABDBF895-E546-49BE-85A5-6522C5CACD58}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AC944575-5708-4E9C-BFEB-49BC6867761E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ACCDFCDB-A848-48E6-AE1D-8BD063E486C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD54045A-1A95-40DF-9D48-F5D4EC4D392A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AD7DD956-9AF5-4BB1-A051-E6B9C28AB5C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ADE607E1-EFBD-4D1A-B8CE-BF33BCE4E4C7}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darkspore\darksporebin\darkspore.exe | 
"{AE31437E-BDA7-4BC0-A570-3D3A1D46858D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AED2BFB6-D5B0-4B3D-AC8B-9F77745BC5BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AED45129-5301-4675-BF12-BF3B7407264D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0BE91B7-00C4-4048-8BA8-2649C27183E9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B1B91AC4-73B5-41F4-9793-56A91C75418A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B35D16A5-D79E-4700-9FA9-4E622872862B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B36117FC-7FA3-48B3-8F61-7F7EAC6E705D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5CD2D27-C66E-47FE-932A-8D4EFBFE6A09}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B61F8BD2-35D7-443A-9BFA-82ED63DEB066}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B6A16DBF-C048-4E02-BFE9-CEB4562D6DB2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7CF905A-99CD-4772-BCF0-7DA54D869852}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B7FCC655-6D21-4CF4-8CD5-E4772EFE0ECE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B81103C4-2F65-447F-87D7-82BAD8FBEE68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9053E18-DC84-4DB7-8191-293C8B6BCCFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B9680053-B319-4CDD-9399-BA4C468CC2EE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{B9EEFFCF-BEE1-435E-A0DE-F56C5F55F616}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA3D121F-56C1-47A9-A948-388463D46B28}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{BAD0C38A-5760-48FB-BEE0-5C6521585992}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BB44F30D-4D9F-496B-9626-C239A52A9F17}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\freshboy737\counter-strike source\hl2.exe | 
"{BD11168D-265F-4011-9894-24861B604B34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BD9162D3-8CB5-4525-978E-57268CE1B660}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BE559CE5-0F6E-4459-8CE1-52EAC121A614}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BF676A35-CE1C-42B5-A4DB-798B8E5F6ABC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BFC995D5-23BC-4008-933D-25B24F43BB8E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C30532F8-DE39-4D5A-9671-67A895C64CE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3DFAF77-7159-476C-8E01-95CB06B5C17C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C3FCF821-0D56-4106-83BE-DAF3A58FA4C4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C40E0001-DF0F-4567-816A-6F1A43D20A44}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C45F5159-1179-40D5-91C5-54B3F1BB57B7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4D6140E-D02B-409C-BEA1-418419B7C432}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4DAF614-7BFB-43A8-B0C8-517CC413067D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C768239C-75A8-42EC-9DAC-EDC8CAA709BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C80E3368-1D73-4A8E-AF68-600CE874322A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C847EC95-4201-4EBA-8636-0F3390DC784C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C87B9FA0-BE64-4B65-86EB-0D7A4D74BDFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C8E3A3E9-483A-44A5-BA27-4BAEC16A2C68}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CA021E24-5473-447C-AE2E-78BD9DE2835F}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{CA48611F-8EFD-478B-B3FC-ED574F297B96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CAA7F590-6C9B-4580-953C-17774375E9E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB38BE7F-19F5-4861-A863-B38BEB9FB5F6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB7B1B4C-B6A8-4E5A-806B-5A41AA4FCE9D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | 
"{CBB62C42-5707-490C-A171-440DEDFD6243}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CC0C610E-92D7-4735-B4AA-69134944824B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CD2B8E36-D0E5-48C1-B624-E073517F48E0}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{CE2A4645-BF8C-4416-BDBF-7310789A8C79}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CE460F90-E6A2-40DC-B055-556CBB9F29B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF090A45-0B48-4712-8990-A95D8F8C753C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CF247DAF-379B-444D-B87F-EBA733E6E640}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D0933128-7677-4B36-9BAD-000F2E11A5A7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D0C33EEC-DFCE-45C6-8F4B-6296477A2846}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D13CE402-7894-4C3B-8573-0D59DC5DFFC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D36820E3-CB37-431A-A46E-A665B58D9C9B}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil.exe | 
"{D4B66D26-B60A-42C9-B2A7-467D29787518}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5372178-F910-496A-AFAD-7D149DA515A2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D5FC8076-1E58-4285-ABA9-2A95C6FC09F9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6709D52-D891-4D84-BB64-3105077B730B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6BA05B3-9E47-4034-9194-8B4B0EFA632B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D7E3B670-8D91-43FC-A1AE-E30D752F67F4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D8B147A8-32E7-4D11-A7E5-33E592DC4B27}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm | 
"{D94D859A-57B8-439A-8FB4-C9D3F008B337}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D980F6E9-2B78-4C0A-9781-FECCD0FA73F3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{D9B0500F-C0AD-4D51-BCFD-A4C557641326}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9EBC887-5E65-4167-8DDA-D7E5565501E2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA2A427C-DB42-478A-822B-1C766226AD30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DA64B659-8C3E-45CB-9A2E-077F856646A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DB7A3FD4-6AB4-44B4-ABA3-62144F61D983}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DBEDC3FD-89D9-48A4-8DBC-AF95417F2CCC}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{DC21C409-856B-40DC-9340-4EE18D80CBF8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD63E015-433C-48F0-AEFE-8802231AEC01}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DD960515-9013-4F74-9B84-3DFC3BC8D5BD}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{DDFA5A0E-8199-4B29-8114-DA2F6711BF4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DE51208F-807F-4E72-9880-ADCBC5DE733A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DEB1E145-6AE2-487A-B42B-59F4874AF7E0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DEFD66AC-169C-435B-807A-CD64A7B65A42}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{DF798597-26AF-4DC4-81DB-993F4FAEA566}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{E11DACF3-06FF-4BA2-BAA8-2A44EC04F493}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E26F0839-5C7C-4B8B-8ABC-88034460CF3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E33CFA1F-2562-4E07-B317-F61314E20926}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E39A73A3-9A24-4E38-B6BD-4DDB13EC9071}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E47D2A00-FEF9-4825-8532-624F7E0A6FCD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm | 
"{E7B7AA97-F904-4D28-BAC6-B9F1D68FBBE1}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{E86B4012-E33F-4A2E-B214-A9D4E6C35F60}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9416D30-D695-424C-9B80-1B5AC33071A4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E9941D17-178E-421F-883E-9B5BFD01E815}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{EA17FE89-6476-410D-A192-3A5619CAAE95}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EAA73BB0-43AF-46BC-8533-1E1A34BCD650}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB1900EB-C357-4061-87D2-407EDCE4A812}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | 
"{EB228A4D-C7E4-4C71-852A-8B1C662DB5B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB39F413-30DC-49A2-A280-5A1E0D866133}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EB6037EF-6A82-4818-8A31-058BF160C65C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBE6ECD4-14F2-40D6-9497-F11789F1F74C}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{EC8636D9-26D9-47BF-A32B-1CFEA6B0C4AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ECC09D5F-284C-4B56-A52B-B87A17104278}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED05A251-A251-4451-A848-2AAA20591788}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{ED62028B-B941-402D-A90B-57D1C4E6DEFC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{ED6248D8-1BC4-4975-A666-7A7155A19A5A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{EE1228E2-38B4-4BF9-9207-33EC68B07383}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF3CE161-11C2-4B76-A176-7852E579397E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EF60C694-64A8-49DF-887F-3843BC479534}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F16C70CB-F7F1-4F39-AE1F-8AF1CCED112D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{F190CD73-6D2D-48C4-9F1B-E4CDEAD8B128}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F26FFED6-2912-4FEB-B0CD-05B9E949CA96}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F42788A8-D1AE-4503-8543-765486E77896}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F5D8D29D-9F84-4AED-A5A1-5F063A378734}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F71CDE13-1B6B-454D-8947-66F12723A344}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F7C284F0-92E0-4461-BE68-06516FA23EE4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F8272236-380D-4373-9771-80B1FF3BE633}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F897EF72-878D-4FC7-9715-B9F4A0BB46B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F98A9F3F-931B-4DD3-BD43-32C9C295EBF5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9EEC347-BC87-4ECF-908A-CA59D7A953D6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FA0D65CB-BF4D-486B-82A8-EC2FF7DF23C7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FCF2D8F5-3033-4C1D-A402-E48E003E250F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FE0BA6D4-4674-42CB-906A-6945D5763635}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FF3AA4E2-599E-435B-85AB-3E11D59648C4}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | 
"{FF8BCEFF-F063-475E-B391-90D05C5702AF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FFA6F9DA-5F94-4E32-BAE5-A864841FF4B3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{08DF9AD1-2C6F-434A-AED4-B0E067747D24}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{23597230-C433-4C49-B959-C000DE00D8DD}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{26D78276-CFCB-4293-AB73-13B1ACC425EE}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{2D21329E-9874-4393-96E2-1C0FBE1328B2}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe | 
"TCP Query User{4C80A37C-7126-4895-B66C-C4D428DE08DD}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe | 
"TCP Query User{7CB7A383-8E34-45A2-B8C5-CC46F071A985}C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"TCP Query User{7D4851A1-83AB-4EFD-9FC3-F20CA5110C38}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"TCP Query User{A5D0A10C-B76A-4B0C-ABDF-AF430C52EDC1}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"TCP Query User{A81BA2A9-1A50-4F9D-87D9-6880B654EEDB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{AFA4F9E7-963F-4F7C-883D-37DCE40331C1}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{B2443FBE-674A-4372-A856-563772CA352D}C:\program files\gps\pcgps.exe" = protocol=6 | dir=in | app=c:\program files\gps\pcgps.exe | 
"TCP Query User{B2E43139-CA24-4FA4-89BA-A1328DAFF206}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{C9E849CD-17A4-4613-94A1-E9C14F22D8B2}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{D7BC4638-60C6-4B40-8668-7CEEC97F5D67}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"TCP Query User{D91F0D16-0928-44ED-AE2D-6CEF313278EB}C:\program files\sierra\empire earth ii\ee2.exe" = protocol=6 | dir=in | app=c:\program files\sierra\empire earth ii\ee2.exe | 
"TCP Query User{DB3BEBCC-A48E-435D-A297-9F77F801F2A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{DFA74FCE-2E38-4A84-823C-5F4403111644}E:\save\warcraft iii + frozen throne 2\war3.exe" = protocol=6 | dir=in | app=e:\save\warcraft iii + frozen throne 2\war3.exe | 
"TCP Query User{EB3A9598-0573-4A43-90A7-2F19F1D4B951}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{F02ADEC1-93DA-4C2A-B6DE-6E333D49436D}E:\wow portable\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\wow portable\world of warcraft\launcher.exe | 
"TCP Query User{F5089CD0-62DB-4F30-AAA9-0921B4A81831}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1207B141-7643-46A3-B626-9EA33FDEE609}C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"UDP Query User{2568365D-C7CF-4B73-B02A-1AA8D9E37666}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{3588D94B-A364-424C-9087-FB335A4010A8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{3F715054-6024-4C84-AEBE-F0FA141266A7}C:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\patchget.dat | 
"UDP Query User{46CD856C-83D3-44B7-8FBD-40D703047B03}C:\program files\sierra\empire earth ii\ee2.exe" = protocol=17 | dir=in | app=c:\program files\sierra\empire earth ii\ee2.exe | 
"UDP Query User{663AA4E0-93E7-4D91-89AF-A41C4938159F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6A2AFE33-5A3E-4B46-BEA9-5F9B63182617}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"UDP Query User{6AE6DCAF-222B-4C41-8B3A-3B9DACEAE865}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{6F8F76EA-4FA8-4C2C-8F83-EE19D6126A37}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"UDP Query User{83330FB3-1A83-4247-9AF9-042980B305AC}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{8B7DD92B-A2FE-4A42-9A8B-F2B29D83E6EC}C:\program files\gps\pcgps.exe" = protocol=17 | dir=in | app=c:\program files\gps\pcgps.exe | 
"UDP Query User{8BD45936-60DC-44BB-A662-FAB9F700DC0E}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe | 
"UDP Query User{8D7391CB-CC91-45EE-B9A4-B478F2E11130}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{96355B7C-73E7-4574-B384-92D35E2C8D27}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{A15C6F52-927B-46EA-A779-EA8AA427BD68}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{AC4FB1F2-19DD-42FA-8BB1-F34BF8ADA145}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"UDP Query User{BDD307C4-A8D0-4E09-A57C-31ED8B3609C6}E:\wow portable\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\wow portable\world of warcraft\launcher.exe | 
"UDP Query User{D7495B76-50D4-4CE5-9DF6-5D9786C047B3}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{E90CC8CE-8C63-4778-8B1C-DFAA5319E93F}E:\save\warcraft iii + frozen throne 2\war3.exe" = protocol=17 | dir=in | app=e:\save\warcraft iii + frozen throne 2\war3.exe | 
"UDP Query User{EB79EDD9-060C-40A1-BA17-4B46CDDA8228}C:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdppswx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0BB72566-0D4C-7200-2CE7-02F298B49C88}" = CCC Help English
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{110AD51E-D0E0-49B1-52FD-291373BA62EA}" = Catalyst Control Center Graphics Full New
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{31557F4F-7D10-D32E-4B70-237A09FCC31B}" = Catalyst Control Center Graphics Previews Common
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{36820BCA-FC55-452E-9085-6E6F1F55508D}" = Vimicro USB PC Camera(VC0323)
"{3C175604-F026-5D79-BBD8-F626AE10B3EF}" = Catalyst Control Center Graphics Full Existing
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4941BFEB-62C0-47A2-801E-998FC469CC2C}" = SpyHunter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{567C9882-843D-4188-A181-00E2CC3E1031}" = LG Burning Tools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{581CE7EA-A30D-0000-1211-088635773309}" = MSI US54SE 802.11 b+g USB Stick
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62C2067E-5851-BD4C-98E0-5C4D5E155A5B}" = Catalyst Control Center Core Implementation
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{639673E9-D53F-44F4-A046-485C8A6ADA15}" = Paint.NET v3.5.6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = LG CyberLink PowerDVD 7.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{846AC73B-9394-48B9-B941-8F7F472F0047}" = Bluesoleil2.6.0.9 Release 070606
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92D6A585-2790-40AA-AEA7-D8D954E7E808}" = WinExpert
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A292C05C-840A-9D47-5350-EF39ECC7629E}" = Catalyst Control Center HydraVision Full
"{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}" = Catalyst Control Center InstallProxy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AD17676C-5065-E427-130B-21CE713F93E7}" = Catalyst Control Center Graphics Light
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2C54124-0A2A-4E4E-B7B6-46E46D38C2F9}" = Sinus 1054 data
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B970700B-E49F-ECEF-4ADB-0F3E1AFEDE91}" = ccc-core-static
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C5A31DDC-157A-4DD7-9B5C-C692A06F61FD}" = Prison Break
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E8C5BD56-F5D8-41D3-8A71-273468FE256A}" = T-Home Dialerschutz-Software
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F9706A8C-D740-42CA-8703-E08EDD0F0778}" = LogMeIn Hamachi
"{F9726DDC-D7B5-BF1F-5626-EA467FEEBC52}" = ccc-utility
"{F9F13FEA-D51E-A1C3-4EDC-D04A91B62C93}" = Catalyst Control Center Graphics Previews Vista
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"Drumaxx" = Drumaxx
"FL Studio 9" = FL Studio 9
"Glary Utilities_is1" = Glary Utilities 2.18.0.786
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Minecraft (Beta v1.3) Beta v1.3" = Minecraft (Beta v1.3)
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"PhotoScape" = PhotoScape
"PhotoWipe_is1" = PhotoWipe 1.0
"PoiZone" = PoiZone
"SopCast" = SopCast 3.3.2
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.09.2011 07:11:47 | Computer Name = Adrian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 11.09.2011 10:23:34 | Computer Name = Adrian-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel
 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 
0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0f15,  Prozess-ID 0x98c, Anwendungsstartzeit
 01cc708d61100fc0.
 
Error - 13.09.2011 09:54:34 | Computer Name = Adrian-PC | Source = VSS | ID = 8194
Description = 
 
Error - 16.09.2011 08:12:41 | Computer Name = Adrian-PC | Source = Application Error | ID = 1000
Error - 17.09.2011 19:45:53 | Computer Name = Adrian-PC | Source = Application Error
 | ID = 1000
 
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0f15,
Prozess-ID 0x19d8, Anwendungsstartzeit 01cc7593ec94f680.
Error - 17.09.2011 20:06:06 | Computer Name = Adrian-PC | Source = EventSystem |
 ID = 4609
 
Description = 
Error - 18.09.2011 06:12:12 | Computer Name = Adrian-PC | Source = VSS | ID = 8194
 
Description = 
Error - 19.09.2011 11:08:54 | Computer Name = Adrian-PC | Source = Application Error
 | ID = 1000
 
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19088, Zeitstempel 0x4de07b1b, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.19088, Zeitstempel 0x4de090ed, Ausnahmecode 0xc0000005, Fehleroffset 0x000a0f15,
Prozess-ID 0xb7c, Anwendungsstartzeit 01cc76dd03d2540f.
Error - 19.09.2011 12:23:25 | Computer Name = Adrian-PC | Source = VSS | ID = 8194
 
Description = 
Error - 21.09.2011 08:16:03 | Computer Name = Adrian-PC | Source = Application Error
 | ID = 1000
 
Description = Fehlerhafte Anwendung KiesPDLR.exe, Version 1.0.0.0, Zeitstempel 0x4db3ea05, fehlerhaftes Modul CliSecureRT.dll, Version 5.2.0.2, Zeitstempel 0x4c492bfd, Ausnahmecode 0xc0000005, Fehleroffset 0x00001296,
Prozess-ID 0x¬®´¬®´, Anwendungsstartzeit ¬®´¬®´.
Error - 23.09.2011 13:36:12 | Computer Name = Adrian-PC | Source = VSS | ID = 8194
 
Description = 
 
Error encountered while reading event logs.
 
< End of report >
         
Liebe Grüße


Alt 26.06.2013, 14:43   #6
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Ok, dann mach folgenden Fix und starte dann den Rechner wieder in den normalen Modus. (Du solltest eigentlich jetzt schon wieder ungestört in den normalen Modus kommen..)
Klappt das?


Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O20 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000 Winlogon: Shell - (C:\Users\Adrian\AppData\Roaming\skype.dat) -  File not found
[2013.06.26 12:35:49 | 000,000,004 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\skype.ini

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> GVU Virus 100 Euro

Alt 26.06.2013, 15:19   #7
Lacki7
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Code:
ATTFilter
 All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Adrian\AppData\Roaming\skype.dat deleted successfully.
C:\Users\Adrian\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Adrian
->Temp folder emptied: 56681869 bytes
->Temporary Internet Files folder emptied: 43922358 bytes
->Java cache emptied: 67794489 bytes
->FireFox cache emptied: 66178305 bytes
->Flash cache emptied: 14153 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 180905 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 8171 bytes
RecycleBin emptied: 54509518 bytes
 
Total Files Cleaned = 276,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06262013_151318

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Das kam jetzt dabei raus. Danke, also auf meinen Bildschirm kann ich wieder zugreifen, aber ist dieses Scheusal jetzt entfernt oder nur provisorisch eliminiert?
Mein Firefox ist jetzt z.B. nichtmehr in der Lage sich mit dem Internet zu verbinden, da keine Internetverbindung hergestellt ist - angeblich. Denn es ist eine vorhanden, sonst könnte ich diesen Text grad nicht im Internet Explorer verfassen...

Danke schonmal für deine investierte Zeit, aber ganz weg ist der nicht,oder? :/

Liebe Grüße!

Alt 26.06.2013, 15:26   #8
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Wir sind auch noch nicht fertig.


Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 2

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von Adwcleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 26.06.2013, 16:10   #9
Lacki7
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Da ich nicht weiß, wie du es gern hättest, ob Datei oder Code, hier die einzelnen Codes :-)

Der Bericht vom AdCleaner:
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.303 - Datei am 26/06/2013 um 15:30:44 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Adrian - ADRIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Adrian\Downloads\adwcleaner2303.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\searchplugins\web-search.xml
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\Conduit
Ordner Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\ConduitCommon
Ordner Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\CT2260173
Ordner Gelöscht : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\softonic-de3 Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\prefs.js

Gelöscht : user_pref("CT2260173..clientLogIsEnabled", false);
Gelöscht : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Gelöscht : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2260173.AppTrackingLastCheckTime", "Mon Nov 05 2012 14:35:49 GMT+0100");
Gelöscht : user_pref("CT2260173.CTID", "CT2260173");
Gelöscht : user_pref("CT2260173.CurrentServerDate", "26-6-2013");
Gelöscht : user_pref("CT2260173.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2260173.DialogsGetterLastCheckTime", "Wed Jun 19 2013 20:34:24 GMT+0200");
Gelöscht : user_pref("CT2260173.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Gelöscht : user_pref("CT2260173.EnableSearchHistory", false);
Gelöscht : user_pref("CT2260173.EnableSearchSuggest", false);
Gelöscht : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Gelöscht : user_pref("CT2260173.FeedLastCount128962387092725141", 3);
Gelöscht : user_pref("CT2260173.FeedPollDate128940659196275477", "Fri Dec 14 2012 14:21:49 GMT+0100");
Gelöscht : user_pref("CT2260173.FeedPollDate128940659574712536", "Fri Dec 14 2012 14:21:49 GMT+0100");
Gelöscht : user_pref("CT2260173.FeedPollDate128962387092725141", "Thu Mar 10 2011 07:32:03 GMT+0100");
Gelöscht : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Gelöscht : user_pref("CT2260173.FirstServerDate", "4-2-2011");
Gelöscht : user_pref("CT2260173.FirstTime", true);
Gelöscht : user_pref("CT2260173.FirstTimeFF3", true);
Gelöscht : user_pref("CT2260173.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2260173.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2260173.HomePageProtectorEnabled", false);
Gelöscht : user_pref("CT2260173.Initialize", true);
Gelöscht : user_pref("CT2260173.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2260173.InstalledDate", "Thu Feb 03 2011 23:03:33 GMT+0100");
Gelöscht : user_pref("CT2260173.IsAlertDBUpdated", true);
Gelöscht : user_pref("CT2260173.IsGrouping", false);
Gelöscht : user_pref("CT2260173.IsMulticommunity", false);
Gelöscht : user_pref("CT2260173.IsOpenThankYouPage", true);
Gelöscht : user_pref("CT2260173.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2260173.LanguagePackLastCheckTime", "Tue Jun 25 2013 17:42:07 GMT+0200");
Gelöscht : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2260173.LastLogin_3.10.0.1", "Tue Apr 17 2012 20:01:25 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:36:48 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.12.2.3", "Thu May 31 2012 16:42:40 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.13.0.6", "Mon Jul 16 2012 13:27:03 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.14.1.0", "Tue Aug 21 2012 15:14:46 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.15.1.0", "Thu Nov 08 2012 09:22:08 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.16.0.3", "Sun Feb 10 2013 18:53:07 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.18.0.7", "Wed Jun 26 2013 14:41:55 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.2.5.2", "Mon Mar 21 2011 19:13:57 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.3.3.2", "Thu May 12 2011 20:56:28 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.3.5.1", "Sat Jun 25 2011 00:20:41 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Aug 15 2011 15:16:39 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.6.0.10", "Tue Sep 27 2011 21:55:17 GMT+0200");
Gelöscht : user_pref("CT2260173.LastLogin_3.7.0.6", "Mon Nov 07 2011 16:23:10 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.8.0.8", "Mon Dec 05 2011 19:07:32 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.8.1.0", "Mon Jan 09 2012 12:45:28 GMT+0100");
Gelöscht : user_pref("CT2260173.LastLogin_3.9.0.3", "Tue Mar 06 2012 19:52:36 GMT+0100");
Gelöscht : user_pref("CT2260173.LatestVersion", "3.18.0.7");
Gelöscht : user_pref("CT2260173.Locale", "en");
Gelöscht : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2260173.MCDetectTooltipShow", false);
Gelöscht : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Gelöscht : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
Gelöscht : user_pref("CT2260173.SearchBoxWidth", 118);
Gelöscht : user_pref("CT2260173.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Gelöscht : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2260173.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Tue Jun 25 2013 17:42:07 GMT+0200");
Gelöscht : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2260173.SearchProtectorEnabled", false);
Gelöscht : user_pref("CT2260173.SearchProtectorToolbarDisabled", false);
Gelöscht : user_pref("CT2260173.ServiceMapLastCheckTime", "Tue Jun 25 2013 17:42:07 GMT+0200");
Gelöscht : user_pref("CT2260173.SettingsLastCheckTime", "Wed Jun 26 2013 15:15:51 GMT+0200");
Gelöscht : user_pref("CT2260173.SettingsLastUpdate", "1372230493");
Gelöscht : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Sun Apr 28 2013 01:10:33 GMT+0200");
Gelöscht : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Gelöscht : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Gelöscht : user_pref("CT2260173.UserID", "UN80112866776683598");
Gelöscht : user_pref("CT2260173.ValidationData_Search", 2);
Gelöscht : user_pref("CT2260173.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2260173.alertChannelId", "657446");
Gelöscht : user_pref("CT2260173.approveUntrustedApps", false);
Gelöscht : user_pref("CT2260173.backendstorage.forcb_aoi", "31333131373038323031");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_ccid", "48616E6F766572");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_cdtr5", "31333131373038323031");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_cid", "4445");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_ip", "37392E3233372E3234302E313335");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_lcut", "31333131373038323031");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_rid", "3036");
Gelöscht : user_pref("CT2260173.backendstorage.forcb_zoneid", "3130303636");
Gelöscht : user_pref("CT2260173.backendstorage.url_history", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F3[...]
Gelöscht : user_pref("CT2260173.backendstorage.url_history_time", "31333131373237303736303330");
Gelöscht : user_pref("CT2260173.components.1000034", false);
Gelöscht : user_pref("CT2260173.components.1000082", false);
Gelöscht : user_pref("CT2260173.components.1000234", false);
Gelöscht : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Gelöscht : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Fri Apr 26 2013 18:36:13 GMT+0200");
Gelöscht : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2260173.initDone", true);
Gelöscht : user_pref("CT2260173.isAppTrackingManagerOn", false);
Gelöscht : user_pref("CT2260173.myStuffEnabled", true);
Gelöscht : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
Gelöscht : user_pref("CT2260173.revertSettingsEnabled", false);
Gelöscht : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Gelöscht : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Gelöscht : user_pref("CT2260173.testingCtid", "");
Gelöscht : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Tue Jun 25 2013 17:42:07 GMT+0200");
Gelöscht : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Sat Apr 27 2013 16:24:42 GMT+0200");
Gelöscht : user_pref("CT2260173.undefined", "Thu Feb 03 2011 23:03:33 GMT+0100");
Gelöscht : user_pref("CT2260173.usagesFlag", 2);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2260173&octid=[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"fbc[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "swag_bucks");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", true);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Adrian\\AppData\\Roaming\\Mozilla\\[...]
Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://toolbartv.swagbucks.com", "400x744");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2260173");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "swag_bucks");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 01 2011 21:39:51 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 17:05:09 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 17:05:01 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "33928b26-9769-4a1b-88eb-a3bc9ccce2e5");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jul 10 2012 12:31:21 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "267d77ef-de2c-4d62-b598-501f49ad364b");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.killedEngine", true);
Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 24 2013 17:02:1[...]
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri May 03 2013 14:36:25 GMT+020[...]
Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri May 03 2013 14:36:17 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.notifications.userId", "49eea50a-3b74-4bff-9209-93993a85a2fe");
Gelöscht : user_pref("CommunityToolbar.undefined", "");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "softonic-de3 Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&Sea[...]
Gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Gelöscht : user_pref("vshare.install.date", "1315939019");
Gelöscht : user_pref("vshare.install.finished", "1.0.0");
Gelöscht : user_pref("vshare.install.fresh", "false");
Gelöscht : user_pref("vshare.install.guid", "{aaaf7129-932c-4bdd-b7a5-6ab1811edfc8}");
Gelöscht : user_pref("vshare.install.istoolbarhp", true);
Gelöscht : user_pref("vshare.install.istoolbarsearch", true);
Gelöscht : user_pref("vshare.install.newtab", false);

*************************

AdwCleaner[S1].txt - [21542 octets] - [26/06/2013 15:30:44]

########## EOF - C:\AdwCleaner[S1].txt - [21603 octets] ##########
         
--- --- ---



Der Logbericht von Combofix:

Code:
ATTFilter
ComboFix 13-06-25.01 - Adrian 26.06.2013  15:49:09.1.3 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3326.2337 [GMT 2:00]
ausgeführt von:: c:\users\Adrian\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPLD114.tmp
c:\programdata\SPLE48A.tmp
c:\users\Adrian\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
c:\windows\system32\DEBUG.log
c:\windows\system32\frapsvid.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-26 bis 2013-06-26  ))))))))))))))))))))))))))))))
.
.
2013-06-26 13:13 . 2013-06-26 13:13	--------	d-----w-	C:\_OTL
2013-06-26 10:45 . 2013-06-26 10:45	110080	----a-r-	c:\users\Adrian\AppData\Roaming\Microsoft\Installer\{4941BFEB-62C0-47A2-801E-998FC469CC2C}\IconF7A21AF7.exe
2013-06-26 10:45 . 2013-06-26 10:45	110080	----a-r-	c:\users\Adrian\AppData\Roaming\Microsoft\Installer\{4941BFEB-62C0-47A2-801E-998FC469CC2C}\IconD7F16134.exe
2013-06-26 10:45 . 2013-06-26 10:45	110080	----a-r-	c:\users\Adrian\AppData\Roaming\Microsoft\Installer\{4941BFEB-62C0-47A2-801E-998FC469CC2C}\IconCF33A0CE.exe
2013-06-26 10:45 . 2013-06-26 10:46	--------	d-----w-	C:\sh4ldr
2013-06-26 10:45 . 2013-06-26 10:45	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-24 10:45 . 2013-06-24 10:45	--------	d-----w-	c:\program files\dumps
2013-06-24 10:45 . 2013-06-26 13:56	--------	d-----w-	c:\program files\Steam
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 06:30 . 2012-03-29 21:16	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-13 06:30 . 2011-05-25 05:38	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2006-05-03 10:06	163328	--sha-r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
2010-08-03 09:11	819200	--sha-w-	c:\windows\System32\xvidcore.dll
2010-08-03 09:11	180224	--sha-w-	c:\windows\System32\xvidvfw.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-04-28 19856]
"Akamai NetSession Interface"="c:\users\Adrian\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Vidalia"="c:\program files\Vidalia Bridge Bundle\Vidalia\vidalia.exe" [2012-12-02 6239727]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Steam"="c:\program files\Steam\Steam.exe" [2013-06-06 1641896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"T-Home Dialerschutz-Software"="c:\program files\T-Home\Dialerschutz-Software\Defender.exe" [2010-03-29 1411720]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.de/de.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0ANAAzADgAOQAxADQAOQA3ADMALQBCAEEAUgA5AEcAKwAxAC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA&prod=90&ver=9.0.872" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Sinus 1054 data WLAN Manager.lnk - c:\program files\DT\Sinus 1054 data\Wifiusb.exe [2005-11-23 1024000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"HydraVisionMDEngine"="c:\program files\ATI Technologies\HydraVision\HydraMD.exe"
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.0"
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe"
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-974515316-1955410149-2348617307-1000]
"EnableNotificationsRef"=dword:00000003
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - DFInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-01-27 21:28	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-26 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2010-11-26 08:58]
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:30]
.
2013-06-26 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-20 11:09]
.
2013-06-25 c:\windows\Tasks\User_Feed_Synchronization-{B2012871-ADE0-4913-B409-1478C45E3F90}.job
- c:\windows\system32\msfeedssync.exe [2011-06-25 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
FF - ProfilePath - c:\users\Adrian\AppData\Roaming\Mozilla\Firefox\Profiles\gojx4agv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: !HIDDEN! 2009-12-29 11:44; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-06-26 15:57
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
c:\program files\T-Home\Dialerschutz-Software\Defender.exe [284]
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\windows\system32\atiesrxx.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\T-Home\Dialerschutz-Software\DFInject.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\LogMeIn Hamachi\hamachi-2.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxdpcoms.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-26  16:02:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-26 14:02
.
Vor Suchlauf: 13 Verzeichnis(se), 147.223.187.456 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 147.040.555.008 Bytes frei
.
- - End Of File - - FED4EA69ADE5708DE6389A35EC5E8939
5C616939100B85E558DA92B899A0FC36
         
Da muss ich dazu sagen; Combofix meinte Norton sei an, dabei war dieser deaktiviert...

Und zuletzt die OTL.txt:

Code:
ATTFilter
OTL logfile created on: 26.06.2013 16:05:31 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Adrian\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 58,52% Memory free
6,69 Gb Paging File | 5,45 Gb Available in Paging File | 81,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 351,56 Gb Total Space | 137,00 Gb Free Space | 38,97% Space Free | Partition Type: NTFS
Drive G: | 596,17 Gb Total Space | 468,59 Gb Free Space | 78,60% Space Free | Partition Type: NTFS
 
Computer Name: ADRIAN-PC | User Name: Adrian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.26 13:28:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adrian\Downloads\OTL.exe
PRC - [2013.06.26 12:27:25 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.12.02 21:19:54 | 006,239,727 | ---- | M] () -- C:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton 360\Engine\6.4.1.14\ccsvchst.exe
PRC - [2011.04.28 18:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.12.20 16:56:11 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.11.25 05:17:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.11.25 05:17:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.10.21 19:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe
PRC - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.19 00:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.11.19 23:05:32 | 000,589,824 | ---- | M] ( ) -- C:\Windows\System32\lxdpcoms.exe
PRC - [2005.11.23 13:59:18 | 001,024,000 | ---- | M] (TECOM) -- C:\Programme\DT\Sinus 1054 data\Wifiusb.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.26 15:57:18 | 000,055,816 | ---- | M] () -- C:\Users\Adrian\AppData\Local\Temp\9b93aee4-5d0f-43c6-98ae-ec0b1e7534ab\CliSecureRT.dll
MOD - [2013.06.26 12:27:25 | 003,285,912 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.12.02 21:19:54 | 006,239,727 | ---- | M] () -- C:\Programme\Vidalia Bridge Bundle\Vidalia\vidalia.exe
MOD - [2011.10.01 11:20:46 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.10.01 11:18:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.10.01 11:18:25 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f4767076b1a225e440db402bbabf5a14\System.Core.ni.dll
MOD - [2011.10.01 11:16:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.10.01 11:16:01 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.10.01 11:15:48 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.10.01 11:15:38 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.10.01 11:15:34 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.10.01 11:15:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011.08.24 00:59:50 | 000,047,972 | ---- | M] () -- C:\Programme\Vidalia Bridge Bundle\Vidalia\mingwm10.dll
MOD - [2011.04.28 18:24:18 | 000,019,856 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.04.27 07:19:38 | 000,588,800 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2011.04.27 07:19:38 | 000,360,960 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2011.04.27 07:19:38 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2011.04.27 07:19:38 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2009.12.20 16:35:38 | 001,736,528 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll
MOD - [2009.06.23 04:42:42 | 000,043,008 | ---- | M] () -- C:\Programme\Vidalia Bridge Bundle\Vidalia\libgcc_s_dw2-1.dll
MOD - [2005.07.15 12:23:42 | 000,028,672 | ---- | M] () -- C:\Programme\DT\Sinus 1054 data\MHDLL.dll
MOD - [2003.04.09 12:23:14 | 000,028,672 | ---- | M] () -- C:\Programme\DT\Sinus 1054 data\WmiIndic.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.06.26 12:27:25 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.13 08:30:29 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 12:08:44 | 001,435,984 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.03.26 19:58:34 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.11.27 01:44:13 | 000,307,968 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.25 05:17:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.10.21 19:15:38 | 000,288,768 | ---- | M] (T-Systems International GmbH) [Auto | Running] -- C:\Programme\T-Home\Dialerschutz-Software\DFInject.exe -- (DFSVC)
SRV - [2008.02.27 14:15:14 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.19 23:05:32 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdpcoms.exe -- (lxdp_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ZDPSp60.sys -- (ZDPSp60)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Adrian\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Adrian\AppData\Local\Temp\stijt4pzq.sys -- (guardian)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.05.31 18:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20130620.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013.05.22 16:10:12 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130625.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.05.22 16:10:11 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20130625.023\NAVENG.SYS -- (NAVENG)
DRV - [2013.03.26 20:13:54 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013.03.23 01:59:58 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20130625.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.08.09 10:44:08 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.06 04:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012.07.06 04:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012.07.03 19:13:57 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012.06.07 06:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012.05.22 03:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012.05.19 11:11:18 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.01.18 16:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 16:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2011.11.16 21:38:00 | 000,345,208 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symtdiv.sys -- (SYMTDIv)
DRV - [2011.11.16 21:17:48 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011.08.16 00:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2011.08.03 10:58:14 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.03.08 14:40:58 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.01.03 10:38:36 | 000,136,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.01.03 10:38:36 | 000,121,192 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.01.03 10:38:36 | 000,114,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.01.03 10:38:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.09.02 20:01:35 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.09.02 20:01:35 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.11.25 05:51:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.11.16 04:13:14 | 000,216,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.10.15 19:14:38 | 000,024,352 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SipIMNDI.sys -- (SipIMNDI)
DRV - [2009.10.15 19:14:38 | 000,014,624 | ---- | M] (T-Systems International GmbH) [Kernel | On_Demand | Running] -- C:\Programme\T-Home\Dialerschutz-Software\DFSYS.sys -- (DFSYS)
DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.07.29 05:45:00 | 000,904,192 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2007.11.02 14:22:38 | 000,105,896 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217unic.sys -- (s217unic)
DRV - [2007.11.02 14:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s217bus.sys -- (s217bus)
DRV - [2007.05.23 05:21:12 | 000,016,272 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2007.05.23 05:20:58 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2007.03.27 17:30:00 | 000,475,136 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav323.sys -- (vvftav323)
DRV - [2007.03.27 17:30:00 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmcam323av.sys -- (vmcam325av)
DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2007.03.05 06:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BtHidMgr.sys -- (BTHidMgr)
DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\VBTEnum.sys -- (BTHidEnum)
DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2005.10.28 05:38:18 | 000,402,432 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1211BU.sys -- (ZD1211BU(ZyDAS)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}:0.9.7.13
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFFPlgn\ [2012.05.19 11:15:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ [2013.06.26 15:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 12:27:22 | 000,000,000 | ---D | M]
 
[2009.12.20 15:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Extensions
[2013.06.26 15:31:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions
[2010.06.09 20:37:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.01 19:19:50 | 000,000,000 | ---D | M] ("Travissimo") -- C:\Users\Adrian\AppData\Roaming\mozilla\Firefox\Profiles\gojx4agv.default\extensions\{c8810cc9-0aaa-4aed-8c67-b2b1918c1e08}
[2013.05.09 19:46:38 | 000,363,920 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\client@anonymox.net.xpi
[2011.09.13 20:36:19 | 000,087,923 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
[2013.05.23 19:11:09 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.11 10:16:49 | 000,002,273 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\englische-ergebnisse.xml
[2012.10.11 10:16:49 | 000,010,563 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\gmx-suche.xml
[2012.10.11 10:16:49 | 000,002,432 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\lastminute.xml
[2012.10.11 10:16:49 | 000,005,545 | ---- | M] () -- C:\Users\Adrian\AppData\Roaming\mozilla\firefox\profiles\gojx4agv.default\searchplugins\webde-suche.xml
[2013.06.26 12:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.26 12:27:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.11.03 14:04:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013.06.26 15:56:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [T-Home Dialerschutz-Software] C:\Program Files\T-Home\Dialerschutz-Software\Defender.exe (T-Systems International GmbH)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Akamai NetSession Interface] C:\Users\Adrian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [Vidalia] C:\Program Files\Vidalia Bridge Bundle\Vidalia\vidalia.exe ()
O4 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81D21DC6-CF25-40F6-9FC8-7094BC5D260D}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8E66AAE-86E7-4CE4-ABB2-72352DC127A6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Adrian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 16:02:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.26 15:56:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.06.26 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Local\temp
[2013.06.26 15:44:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.26 15:44:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.26 15:44:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.26 15:44:49 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.26 15:40:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.26 15:39:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.26 15:35:47 | 005,082,915 | R--- | C] (Swearware) -- C:\Users\Adrian\Desktop\ComboFix.exe
[2013.06.26 15:13:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.26 12:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.26 12:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.06.24 12:45:46 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013.06.24 12:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.06.24 12:45:10 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013.06.21 18:57:34 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Genetikk - D.N.A [320]
[2013.05.27 19:40:19 | 000,000,000 | ---D | C] -- C:\Users\Adrian\Desktop\Herr Sorge - Verschwörungstheorien mit Schönen Melodien (Deluxe Edition) (2012)
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 16:04:01 | 000,618,192 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.26 16:04:01 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.26 16:04:01 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.26 16:04:01 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.26 16:00:17 | 000,000,502 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2013.06.26 15:56:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.26 15:56:43 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 15:56:42 | 000,004,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.26 15:56:40 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013.06.26 15:56:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.26 15:36:50 | 005,082,915 | R--- | M] (Swearware) -- C:\Users\Adrian\Desktop\ComboFix.exe
[2013.06.26 15:30:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.26 14:17:42 | 000,031,779 | ---- | M] () -- C:\Users\Adrian\Desktop\Desktop.rar
[2013.06.26 12:45:51 | 000,002,079 | ---- | M] () -- C:\Users\Adrian\Desktop\SpyHunter.lnk
[2013.06.26 12:39:39 | 000,007,512 | ---- | M] () -- C:\Users\Adrian\AppData\Local\d3d9caps.dat
[2013.06.26 12:39:20 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.06.25 20:18:37 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B2012871-ADE0-4913-B409-1478C45E3F90}.job
[2013.06.24 12:58:11 | 000,054,784 | ---- | M] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.24 12:45:19 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.26 15:44:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.26 15:44:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.26 15:44:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.26 15:44:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.26 15:44:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.26 14:17:42 | 000,031,779 | ---- | C] () -- C:\Users\Adrian\Desktop\Desktop.rar
[2013.06.26 12:45:51 | 000,002,079 | ---- | C] () -- C:\Users\Adrian\Desktop\SpyHunter.lnk
[2013.06.24 12:45:19 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.07.03 20:19:10 | 000,819,200 | -HS- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.07.03 20:19:10 | 000,180,224 | -HS- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.03.01 17:45:35 | 000,922,184 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.03.01 17:45:35 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.03.01 17:45:33 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.07.05 13:20:27 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.04.19 11:44:05 | 000,001,940 | ---- | C] () -- C:\Users\Adrian\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011.04.17 12:31:17 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.03.08 18:07:02 | 000,022,328 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\PnkBstrK.sys
[2011.02.11 16:40:37 | 000,000,132 | ---- | C] () -- C:\Users\Adrian\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010.11.21 14:22:25 | 000,002,138 | ---- | C] () -- C:\Users\Adrian\.recently-used.xbel
[2010.01.15 12:59:57 | 000,000,372 | ---- | C] () -- C:\Users\Adrian\Dokumente - Verknüpfung.lnk
[2009.12.25 12:13:41 | 000,054,784 | ---- | C] () -- C:\Users\Adrian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.20 14:17:04 | 000,007,512 | ---- | C] () -- C:\Users\Adrian\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.12.20 16:49:33 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.19 00:36:50 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.04 03:10:30 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\.minecraft
[2011.12.18 01:43:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Ableton
[2012.07.04 15:51:25 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DAEMON Tools Lite
[2011.03.30 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\DarksporeData
[2011.04.17 12:30:07 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Degener
[2010.05.09 18:36:14 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\FileZilla
[2011.02.22 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\GetRightToGo
[2010.01.31 15:12:31 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\GlarySoft
[2010.11.21 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\gtk-2.0
[2010.09.28 22:13:53 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Hardcore
[2013.02.02 17:24:51 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\ICQ
[2009.12.20 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\IrfanView
[2012.11.14 17:09:47 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\kock
[2010.12.23 15:59:31 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\LolClient
[2012.05.25 23:46:55 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\LolClient2
[2010.02.16 20:10:36 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.02.13 16:44:43 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.01.28 21:02:21 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\OpenOffice.org
[2010.02.13 21:32:34 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Paltalk
[2011.03.27 16:08:08 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\PhotoScape
[2011.06.26 19:49:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Prison Break
[2010.03.21 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Publish Providers
[2010.12.26 22:52:15 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\QuickScan
[2010.11.27 01:49:20 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Sakura
[2010.12.24 23:40:42 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Samsung
[2010.11.27 01:50:12 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Sawer
[2010.02.06 13:42:33 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\SharePod
[2011.02.08 17:54:46 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Sierra
[2011.07.11 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Simfy
[2011.04.06 21:14:02 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Softpark
[2010.03.25 20:00:05 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\Sony
[2010.11.06 13:51:39 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\streamripper
[2013.04.02 19:41:06 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TeamViewer
[2013.05.10 10:28:31 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TS3Client
[2010.01.07 18:48:03 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:5F91AB27

< End of report >
         

Hoffe jetzt sieht es besser aus... ?

Liebe Grüße

Alt 26.06.2013, 21:05   #10
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Hallo,

ja sieht schon besser auf. Funktionieren die Browser wieder der bestehen dort immer noch Probleme?


Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012.11.14 17:09:47 | 000,000,000 | ---D | M] -- C:\Users\Adrian\AppData\Roaming\kock
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
IE - HKU\S-1-5-21-974515316-1955410149-2348617307-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

:commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Schritt 4

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
__________________
cheers,
Leo

Alt 03.07.2013, 02:43   #11
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________
cheers,
Leo

Alt 05.07.2013, 01:35   #12
aharonov
/// TB-Ausbilder
 
GVU Virus 100 Euro - Standard

GVU Virus 100 Euro



Fehlende Rückmeldung
Dieses Thema wurde aus meinen Abos gelöscht. Somit bekomme ich keine Benachrichtigung mehr über neue Antworten.
Schreib mir eine PM, falls du das Thema doch wieder fortsetzen möchtest. Dann machen wir hier weiter.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass dein Rechner schon sauber ist.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu GVU Virus 100 Euro
abgesicherten, aktiv, aufsetzen, benutzer, bildschirm, bleibe, computer, eingefangen, euro, falsch, funktioniert, gen, gezahlt, hintergrund, modus, neu, nicht mehr, ratlos, scanne, sperrt, trojaner, verbreitet, virus, virus 100€ zahlen, zahlen, zunge



Ähnliche Themen: GVU Virus 100 Euro


  1. 100 Euro Virus / IDP.Trojan.4724C1BC / AVG Anti-Virus nicht aktivierbar
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (18)
  2. AKM-Virus/50 Euro
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  3. Virus blockiert PC! Gema Bundestrojaner Virus - 50 euro Ukash?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (4)
  4. 50 Euro Virus
    Log-Analyse und Auswertung - 03.04.2012 (10)
  5. GVU-50-Euro-Virus auf PC
    Log-Analyse und Auswertung - 28.03.2012 (15)
  6. AKM 50-Euro Virus
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (5)
  7. 50-Euro-Virus
    Plagegeister aller Art und deren Bekämpfung - 19.02.2012 (17)
  8. 50 Euro Virus auf Win XP
    Log-Analyse und Auswertung - 15.02.2012 (21)
  9. 50 euro virus, Otl wurde angewendet! ist der Virus weg? -.-
    Log-Analyse und Auswertung - 15.02.2012 (33)
  10. 50 Euro Virus
    Log-Analyse und Auswertung - 14.02.2012 (14)
  11. 50 Euro Sperre, 50 Euro Virus
    Log-Analyse und Auswertung - 12.02.2012 (14)
  12. Der 50 Euro Virus
    Log-Analyse und Auswertung - 08.02.2012 (3)
  13. 50 euro virus
    Log-Analyse und Auswertung - 06.02.2012 (7)
  14. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  15. HARTNÄCKIGER 50 Euro Virus / GEMA Virus
    Log-Analyse und Auswertung - 10.01.2012 (10)
  16. 50 Euro Virus
    Plagegeister aller Art und deren Bekämpfung - 02.01.2012 (5)
  17. 50 euro Virus
    Plagegeister aller Art und deren Bekämpfung - 27.12.2011 (3)

Zum Thema GVU Virus 100 Euro - Hallo, ich habe mir soeben den Trojaner eingefangen, bei dem ich via Paysafecard 100Euro zahlen soll, andernfalls würde mein Computer nicht mehr entsperrt werden. Die GVU droht aufgrund von Urheberrechtsverletzungen - GVU Virus 100 Euro...
Archiv
Du betrachtest: GVU Virus 100 Euro auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.