Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Merkwürdiger/s Virus / Programm

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 31.05.2010, 05:21   #1
Blackcan
 
Merkwürdiger/s Virus / Programm - Standard

Merkwürdiger/s Virus / Programm



Hey. Ich hab mal ein Programm von einem Kumpel bekomme welcher den Router resettet. Heut ist mein Kaspersky abgelaufen also hab ich mit Antivir geholt und schwups wurde was erkannt. Ich war skeptisch als lud ich es mal auf Virustotal hoch und Bäm da waren ein paar Treffer wie "High risk worm" etc.
Also hab ich mal schnell ein HJT und OTL Log gemacht.
BTW: Laut ihm sollte dieses Programm 100% Virenfrei sein. Aber da geh ich lieber auf Nummer sicher.
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:32:11, on 29.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Pivot Stickfigure Animator\pivot.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Windows\SysWOW64\conime.exe
C:\Users\Schulz PC\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVMFBoxMonitor] "C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8647 bytes
         

und um Zeit zu sparen hier gleich mal ein OTL



Wäre sehr dankbar für schnelle Hilfe

Alt 31.05.2010, 05:21   #2
Blackcan
 
Merkwürdiger/s Virus / Programm - Standard

Merkwürdiger/s Virus / Programm



Sorry für Doppelpost, aber laut der Website war er ca. 100 Zeichen zu groß

Also hier die OTL Logs

[CODE]
Code:
ATTFilter
OTL logfile created on: 29.05.2010 23:36:57 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Schulz PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 94,79 Gb Free Space | 40,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 556,13 Gb Total Space | 556,00 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHULZPC-PC
Current User Name: Schulz PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Schulz PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Schulz PC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Xfire\xfire_toucan_42628.dll (Xfire Inc.)
MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\DRIVERS\ATITool64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "dict.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.36.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.09 17:53:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.03 02:31:37 | 000,000,000 | ---D | M]
 
[2009.11.15 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Extensions
[2010.05.28 20:01:30 | 000,000,000 | ---D | M] -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions
[2010.01.19 14:04:48 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.04.08 15:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.05.18 17:29:47 | 000,000,000 | ---D | M] (dict.cc Toolbar) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
[2010.03.18 13:40:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.05.24 20:30:04 | 000,000,000 | ---D | M] (HypreCam Toolbar) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.02.23 00:06:13 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2010.05.01 15:16:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.06 18:41:16 | 000,000,000 | ---D | M] -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\battlefieldheroespatcher@ea.com
[2010.04.20 02:00:11 | 000,000,000 | ---D | M] -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\personas@christopher.beard
[2010.05.22 00:37:26 | 000,000,000 | ---D | M] -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\twitternotifier@naan.net
[2009.12.16 12:04:20 | 000,002,172 | ---- | M] () -- C:\Users\Schulz PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\bing.xml
[2010.04.21 12:12:44 | 000,000,913 | ---- | M] () -- C:\Users\Schulz PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\conduit.xml
[2010.05.29 17:08:17 | 000,000,944 | ---- | M] () -- C:\Users\Schulz PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\icqplugin.xml
[2010.01.19 20:55:27 | 000,001,996 | ---- | M] () -- C:\Users\Schulz PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\suche-in-wikipedia.xml
[2010.05.28 20:01:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.24 19:35:31 | 000,395,319 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13653 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Schulz PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Schulz PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.29 11:07:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.29 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\Schulz PC\AppData\Roaming\Avira
[2010.05.29 10:59:34 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.29 10:59:34 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.29 10:59:34 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.29 10:59:34 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.29 10:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.29 10:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.29 04:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot
[2010.05.29 03:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Stickfigure Animator
[2010.05.27 17:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck
[2010.05.27 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
[2010.05.26 00:40:24 | 000,000,000 | ---D | C] -- C:\Users\Schulz PC\Documents\gegl-0.0
[2010.05.25 15:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2010.05.24 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HypreCam Toolbar
[2010.05.24 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010.05.24 19:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.24 19:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.21 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Schulz PC\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.05.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.05.18 21:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algodoo Phun Edition
[2010.05.09 18:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PrettyMay
[2010.05.08 14:31:45 | 000,000,000 | ---D | C] -- C:\Users\Schulz PC\Documents\ICQ
[2010.05.08 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\Schulz PC\Documents\random
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.29 23:37:01 | 006,553,600 | -HS- | M] () -- C:\Users\Schulz PC\NTUSER.DAT
[2010.05.29 23:30:16 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{685A5B38-4429-4657-8E0D-2C702BBDFDD4}.job
[2010.05.29 22:12:18 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.29 22:12:18 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.29 19:51:38 | 000,105,447 | ---- | M] () -- C:\Users\Schulz PC\Documents\gif xD.gif
[2010.05.29 19:51:07 | 000,003,927 | ---- | M] () -- C:\Users\Schulz PC\Documents\gif xD.piv
[2010.05.29 12:12:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.29 12:12:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.29 11:10:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.29 11:10:44 | 000,524,288 | -HS- | M] () -- C:\Users\Schulz PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.05.29 11:10:44 | 000,065,536 | -HS- | M] () -- C:\Users\Schulz PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.05.29 11:10:09 | 003,952,908 | -H-- | M] () -- C:\Users\Schulz PC\AppData\Local\IconCache.db
[2010.05.29 10:59:50 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.29 10:46:42 | 000,059,120 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.29 10:44:56 | 000,264,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.29 04:53:59 | 000,110,684 | ---- | M] () -- C:\Users\Schulz PC\.recently-used.xbel
[2010.05.29 04:04:38 | 000,005,881 | ---- | M] () -- C:\Users\Schulz PC\Documents\crap.piv
[2010.05.29 03:57:40 | 000,115,355 | ---- | M] () -- C:\Users\Schulz PC\Documents\rofl.gif
[2010.05.29 03:29:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2010.05.27 17:54:12 | 000,018,944 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 17:53:19 | 075,542,034 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0005.avi
[2010.05.27 17:31:20 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.27 16:22:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.26 20:07:34 | 817,101,088 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0004.avi
[2010.05.26 13:06:51 | 000,007,052 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\d3d9caps.dat
[2010.05.25 21:12:22 | 000,000,104 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Internet - Verknüpfung.lnk
[2010.05.25 15:50:26 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010.05.24 19:35:31 | 000,395,319 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.24 19:28:15 | 000,395,319 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100524-193531.backup
[2010.05.20 20:25:31 | 000,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2010.05.19 13:12:22 | 001,447,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.19 13:12:22 | 000,628,672 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.19 13:12:22 | 000,595,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.19 13:12:22 | 000,127,400 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.19 13:12:22 | 000,105,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.18 21:44:01 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Phun.lnk
[2010.05.09 15:07:36 | 000,000,834 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Skype.lnk
[2010.05.08 12:59:38 | 000,000,136 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Operation Flashpoint - Dragon Rising Demo - Verknüpfung.lnk
[2010.05.07 21:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.07 21:52:46 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.04.30 07:55:49 | 000,292,974 | ---- | M] () -- C:\Users\Schulz PC\Desktop\bookmarks-2010-04-30.json
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.29 19:51:32 | 000,105,447 | ---- | C] () -- C:\Users\Schulz PC\Documents\gif xD.gif
[2010.05.29 19:51:07 | 000,003,927 | ---- | C] () -- C:\Users\Schulz PC\Documents\gif xD.piv
[2010.05.29 19:01:01 | 000,822,272 | -H-- | C] () -- C:\Users\Schulz PC\Desktop\Pivot 3.2 Beta Deutsch.exe
[2010.05.29 10:59:50 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.29 04:53:59 | 000,110,684 | ---- | C] () -- C:\Users\Schulz PC\.recently-used.xbel
[2010.05.29 04:04:38 | 000,005,881 | ---- | C] () -- C:\Users\Schulz PC\Documents\crap.piv
[2010.05.29 03:57:40 | 000,115,355 | ---- | C] () -- C:\Users\Schulz PC\Documents\rofl.gif
[2010.05.29 03:29:58 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2010.05.28 00:33:55 | 000,038,924 | ---- | C] () -- C:\Users\Schulz PC\Desktop\FerroRosso.ttf
[2010.05.27 17:51:34 | 075,542,034 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0005.avi
[2010.05.26 18:51:01 | 817,101,088 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0004.avi
[2010.05.25 21:12:22 | 000,000,104 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Internet - Verknüpfung.lnk
[2010.05.25 15:50:26 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010.05.21 19:07:26 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.18 21:44:01 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Phun.lnk
[2010.05.09 18:43:58 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010.05.09 15:07:36 | 000,000,834 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Skype.lnk
[2010.05.08 12:59:38 | 000,000,136 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Operation Flashpoint - Dragon Rising Demo - Verknüpfung.lnk
[2010.05.07 21:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.07 21:52:46 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.04.30 07:55:49 | 000,292,974 | ---- | C] () -- C:\Users\Schulz PC\Desktop\bookmarks-2010-04-30.json
[2009.11.16 19:50:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.16 01:21:33 | 001,475,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.08 04:41:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.11.08 04:41:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Schulz PC\Documents\clip0005.avi:TOC.WMV
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 29.05.2010 23:36:57 - Run 1
OTL by OldTimer - Version 3.2.5.1     Folder = C:\Users\Schulz PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 48,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 94,79 Gb Free Space | 40,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 556,13 Gb Total Space | 556,00 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHULZPC-PC
Current User Name: Schulz PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 1F 9D A4 7B 1F 60 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3301016802-1052793671-704723331-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA12EE5-9421-4A70-8D5F-D5881B69B8F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E9992CB-5B0D-44BB-B3F9-B32241C9B835}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1777C660-6BC7-4D41-9AB4-B18EC6AD4E9E}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{18BD6522-FB3E-449C-BF85-C80BC2377C9E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1936381D-56A3-4057-888A-31D38EE252A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E67520E-FC1B-4A60-9DC6-7E2D410B8443}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{250D026C-2C19-42D4-B31C-FD9B9A94158A}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{3DD3A43C-4A47-48D8-ACD2-BDF271B5FB64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{423220E3-5F59-4765-9DD9-89CA18ECE634}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4A61DB61-3A76-47E0-BB79-04DBDF6A6A3B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C520215-5D30-4143-9447-23D2E532DD31}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{4F166FC4-5433-47B0-BB4A-01785FC81D3B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57C625BC-71D9-454B-9A6C-4E2165365BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{599B6AAF-BEA0-4D8B-B312-8217C3B79F69}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65389325-0A7E-4142-A918-D8E10855F6EE}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{65961C33-DCA3-442F-B375-B91A49B06088}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7029F6CC-411D-499E-B605-D249C6D5052C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{78AE6919-8B6A-4BD7-9566-DC2AF92DE52D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{837D0796-967D-46D5-AF09-E9CEB09631E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8885A92B-9A0A-449E-B7A8-4608D6EC3971}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8DB6DC34-2A55-49C4-8E6B-D895B8E4914E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8F1EFEAB-FE28-49B9-B75E-16F1AE14F44E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FC71FCF-A383-4035-9991-214EC62F3EF4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9234C7B5-228C-4034-A01A-89578451F9C9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9A020E24-3D82-4114-95D9-D8CC66AF31D4}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{A23FDA72-F2E4-4992-BE42-7E08FE659B55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B004C52E-7165-448F-87E2-34EC1010F2F9}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{B1B174C1-95F7-4911-9E13-A20BCA250CA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B227E55B-B104-4C4B-827D-CD90F39B2E7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C41DC9A3-B3D8-4667-97C5-6C27AFDCCC26}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{CDF6559F-5248-4D47-A415-1E3364A23A0D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D7F531FB-3F64-4C21-841E-FA56243B4A77}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E378FCB8-DAA7-4BAF-BDB9-19E4921A8420}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB14E3C6-761B-4ED2-9A35-026D8847B4DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F21EDBB2-A002-4B49-A56E-00CC132A940D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB5576D6-3A38-4102-BDC3-E42D2364DA6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B735FD-4EC7-444B-8372-D7CC6D061C4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{06F2A313-90C6-4AA9-ADF8-2B5EE8E68F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{09420C9D-B50C-4F25-8581-24DE79944DD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{099B6FA8-489B-4EF0-8B0D-16D87AB84036}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{0D281AAE-968F-47C9-B08F-912252702A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{12ECDC6F-0B53-4C30-A9BE-6156675384BB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{163B2B17-FA6E-4181-8935-10DE82F0598B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{17E27D84-805A-46FB-AE6F-9580A271E3A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1A96B60D-4A6A-436E-8831-C7B8D7CC01D3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{1B361B57-FCF0-4209-8BC7-BB81A9A01E84}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{2141F537-C3B0-47CE-AE41-F0588B22E57D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\punny2061\day of defeat source\hl2.exe | 
"{28CEDE76-5BA1-4276-8331-4352D759F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{2B814B16-7FAF-4851-9F98-97370C9DBA97}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2DC03553-C8D9-49CC-8C16-2FB4A001D198}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe | 
"{2F197313-EAA7-486B-93E5-C9CC8D43D08C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{37163A27-ACB1-486B-814A-1D12F0FD181E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{384AFEAD-73CA-40DE-ABA9-16AC036C9DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe | 
"{3CEE9254-FAF8-4728-B1AC-3B08193B428D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{41CE9CBC-E8CD-46E7-BEB0-A98FC61C57C2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{42566566-D454-4B17-A2E0-2B1BD883607B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{434A21D6-1E84-42FE-96E2-8174A4A2A0BD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{46FB15CC-A1A3-4F4C-8FD4-321216232B13}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{49F87B6B-9B0C-4B1C-8A17-FC818A3FE6A2}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe | 
"{50BC4A6E-FD38-4D63-9862-54BE59B87339}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{57107037-E536-49C3-A468-C945FF62FCE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{58F683E2-9012-42A6-9A8D-493AE4AB49B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{6028B5C4-56AF-4AE9-8503-4F2841E8A811}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{6336ACDB-574E-4658-8C33-B40346DF9F60}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{65FB14C3-4914-447F-AF18-C3370558E080}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{66081308-2D9A-488B-A904-30898F4B45A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{66A41707-A02E-4E76-9D8F-4CAF14F0A5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{680D8855-CA07-4CA0-9865-5E2647F5937B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{68E43BA9-48FF-4325-832D-A3C18A8C60D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{7D6E803C-8F72-464D-B032-0B50A93C6A37}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{7EFFF005-517B-46F9-906A-04324CA68141}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{847A9836-0827-4E1A-89AF-9D16629756DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{87A97E7E-CC5F-41AA-A6AE-89FE082D115B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{88AF6F3E-DF05-42A0-9534-2667EC747FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{925B837F-A0F3-4D47-A3A8-7793ED61D0F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{93B6B09A-D0B6-4760-921E-36C9006C5A42}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{980D2E21-7B26-4AD9-8DDA-2E6C3540C0BA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{9B9CF07E-2567-481A-87C9-B0080B09C15E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{9BB0378A-2E7F-4ED8-A62F-066C8D4A4305}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{9F0B09CF-C15A-4051-B221-71D513B23CD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B49CEF5B-AECD-4C80-B80C-2ED225CAFB8D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{B7BAE1D9-5039-4365-9257-611145CA6B96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BD1B6AAA-EF2A-45CC-BA04-A4E4EEC1064B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{C5AA5A57-4E52-4148-AF17-ECDA029CCE14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C8DE7322-AEE5-44F6-9A09-A9C79A620F68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{CDF07E3E-F5F0-4A57-ACFF-B45E1BC46498}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | 
"{D3452B04-0663-425D-B196-8B09719327F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{D3831DE0-A443-4CFC-9F41-86C1CD1FAE8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D59EE67F-89CB-4C55-8DD6-6F47D350A974}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{DAA58A1F-6013-48DC-8A07-BB2282751506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{DAF5B9DA-EB99-40B1-8432-1A56FCA7B8F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{DD2C59A4-CA49-4593-8717-17DB03BE7337}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DE013AB8-CE7A-4E16-902B-81B18B97BDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E0C2493F-58EB-4922-AF42-66D7F1977D12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\punny2061\day of defeat source\hl2.exe | 
"{E16249F4-8CD1-4AAB-87D5-DC8644CC6346}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E3F556B8-9BD3-43B2-80AB-E20742DB78B6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{E8A951D7-ADBA-4922-B4C5-73A7A8B26595}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{E91E794B-6169-44D5-B02B-BC4D3957C017}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe | 
"{EF4A7E45-397D-453D-8799-197451B6A882}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | 
"{F03B3AF6-97F2-4638-9D30-903662813715}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{F5D8516B-5A3C-4E2C-A3AB-237FEFD36B86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{F984D2AE-4E95-4F98-B6E5-4FED1E2BD039}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{FBB50CD6-DA8C-43F8-AEC2-027861299D3A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"TCP Query User{A1075E99-35BB-4CB1-AE56-4831173514B5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{C0282ABF-E83A-4FBC-AA3D-55B0DAE391E4}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{F904B389-EAC0-4C5F-B574-5AEBC3F58B92}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{315BCFEB-1A58-40D7-8D4B-F7DE382AA762}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{68D7A782-1810-4B6E-804E-CD506E2F286A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{AA16D909-33ED-4131-84F0-C17CF45A5839}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E96FD88-FF86-25BB-112E-804C2F1B1128}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07785343-2AA5-5493-2F7E-6828FD1BE825}" = CCC Help Polish
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A9B8C94-2781-4B36-941E-CB37957DE0C0}_is1" = Xross Media Simulator 1.0
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C32C78B-877C-3552-7C8B-0D54EF06BFA3}" = CCC Help Hungarian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{472D4D76-7C80-CADB-A3A4-0914E09F5BE8}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4BD30961-6060-77DF-CA94-5EBB0C52177B}" = CCC Help Greek
"{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CE8DE46-1D95-786A-A666-AAC564BC9200}" = TweetDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{662F7E0F-ED2A-6870-6F6A-EF99F424597C}" = CCC Help Spanish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7BC12B-33DB-728C-E3A6-410E3211E8A3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B68D39D-C167-DA59-587A-5143B0FF3458}" = Catalyst Control Center InstallProxy
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B2585CB-0929-E56A-2508-A15FCEEF8B6B}" = CCC Help Portuguese
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{D70842BC-EDD5-7967-795F-E8CEFA8CC58D}" = CCC Help German
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battleground Europe: WWIIOL" = Battleground Europe: WWIIOL
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"HypreCam Toolbar" = HypreCam Toolbar
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"Phun_is1" = Algodoo Phun edition v5.28
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"Postal 2 Demo" = Postal 2 Demo
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 17330" = Crysis Warhead
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2010 08:53:20 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.05.2010 08:55:28 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 28.05.2010 21:28:51 | Computer Name = SchulzPC-PC | Source = MsiInstaller | ID = 11305
Description = 
 
Error - 28.05.2010 21:28:59 | Computer Name = SchulzPC-PC | Source = MsiInstaller | ID = 11305
Description = 
 
Error - 29.05.2010 04:45:42 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2010 04:46:15 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 04:46:15 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 06:12:39 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2010 06:15:48 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 06:15:49 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
[ Media Center Events ]
Error - 25.11.2009 14:23:32 | Computer Name = SchulzPC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 10.03.2010 08:48:05 | Computer Name = SchulzPC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 10.03.2010 13:53:27 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
Error - 10.03.2010 13:53:27 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 700
Description = 
 
Error - 15.04.2010 06:48:29 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
Error - 15.04.2010 06:48:29 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 700
Description = 
 
Error - 15.04.2010 06:50:28 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
[ System Events ]
Error - 20.04.2010 13:16:32 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 13:16:36 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:53:36 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:53:43 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:53:52 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:53:59 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:54:08 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:54:15 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:54:21 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 22:54:22 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
 
< End of report >
         
__________________


Alt 31.05.2010, 17:45   #3
Blackcan
 
Merkwürdiger/s Virus / Programm - Standard

Merkwürdiger/s Virus / Programm



Hab grad nochmal ein Malwarebyte Scan gemacht

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3539
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

31.05.2010 17:34:23
mbam-log-2010-05-31 (17-34-23).txt

Scan-Methode: Vollständiger Scan (C:\|G:\|)
Durchsuchte Objekte: 270991
Laufzeit: 1 hour(s), 3 minute(s), 33 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files (x86)\HypreCam Toolbar\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
         

Und danach nochmal ein OTL

Code:
ATTFilter
TL logfile created on: 31.05.2010 17:36:23 - Run 2
OTL by OldTimer - Version 3.2.5.1     Folder = c:\Users\Schulz PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 93,31 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 556,13 Gb Total Space | 556,00 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ******PC-PC
Current User Name: ****** PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - c:\Users\***** PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - c:\Users\***** PC\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 15:34:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UMPass) -- C:\Windows\SysNative\DRIVERS\umpass.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys (AMD, Inc.)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\DRIVERS\ATITool64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "dict.cc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.36.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT65619&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.09 17:53:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.03 02:31:37 | 000,000,000 | ---D | M]
 
[2009.11.15 19:51:00 | 000,000,000 | ---D | M] -- C:\Users\***** PC\AppData\Roaming\mozilla\Extensions
[2010.05.31 06:21:05 | 000,000,000 | ---D | M] -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions
[2010.01.19 14:04:48 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.04.08 15:27:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010.05.18 17:29:47 | 000,000,000 | ---D | M] (dict.cc Toolbar) -- C:\Users\****** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
[2010.03.18 13:40:17 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Schulz PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.05.24 20:30:04 | 000,000,000 | ---D | M] (HypreCam Toolbar) -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2010.02.23 00:06:13 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2010.05.01 15:16:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.06 18:41:16 | 000,000,000 | ---D | M] -- C:\Users\* PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\battlefieldheroespatcher@ea.com
[2010.04.20 02:00:11 | 000,000,000 | ---D | M] -- C:\Users\*** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\personas@christopher.beard
[2010.05.22 00:37:26 | 000,000,000 | ---D | M] -- C:\Users\**** PC\AppData\Roaming\mozilla\Firefox\Profiles\saulgl6c.default\extensions\twitternotifier@naan.net
[2009.12.16 12:04:20 | 000,002,172 | ---- | M] () -- C:\Users\***** PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\bing.xml
[2010.04.21 12:12:44 | 000,000,913 | ---- | M] () -- C:\Users\**** PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\conduit.xml
[2010.05.29 17:08:17 | 000,000,944 | ---- | M] () -- C:\Users\**** PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\icqplugin.xml
[2010.01.19 20:55:27 | 000,001,996 | ---- | M] () -- C:\Users\***** PC\AppData\Roaming\Mozilla\FireFox\Profiles\saulgl6c.default\searchplugins\suche-in-wikipedia.xml
[2010.05.31 06:21:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.24 19:35:31 | 000,395,319 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13653 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvSvc] C:\Windows\SysNative\nvsvc64.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMFBoxMonitor] C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe (AVM Berlin)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****** PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***** PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.31 06:21:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.05.31 06:02:53 | 000,000,000 | ---D | C] -- C:\Users\***** PC\Documents\My Games
[2010.05.29 11:01:34 | 000,000,000 | ---D | C] -- C:\Users\****** PC\AppData\Roaming\Avira
[2010.05.29 10:59:34 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.29 10:59:34 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.29 10:59:34 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.29 10:59:34 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.29 10:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.29 10:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.29 04:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot
[2010.05.29 03:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot Stickfigure Animator
[2010.05.27 17:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweetDeck
[2010.05.27 16:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wisdom-soft AutoScreenRecorder 3 Free
[2010.05.26 00:40:24 | 000,000,000 | ---D | C] -- C:\Users\***** PC\Documents\gegl-0.0
[2010.05.25 15:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2010.05.24 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HypreCam Toolbar
[2010.05.24 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2
[2010.05.24 19:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.24 19:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.21 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\****** PC\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.05.21 19:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.05.18 21:43:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algodoo Phun Edition
[2010.05.09 18:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PrettyMay
[2010.05.08 14:31:45 | 000,000,000 | ---D | C] -- C:\Users\***** PC\Documents\ICQ
[2010.05.08 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\***** PC\Documents\random
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.31 17:36:15 | 006,553,600 | -HS- | M] () -- C:\Users\***** PC\NTUSER.DAT
[2010.05.31 17:30:49 | 000,000,446 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{685A5B38-4429-4657-8E0D-2C702BBDFDD4}.job
[2010.05.31 17:28:19 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 17:28:19 | 000,004,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.31 16:37:27 | 000,018,944 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.31 15:28:34 | 000,007,052 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\d3d9caps.dat
[2010.05.31 15:28:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.31 15:28:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.31 06:49:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.31 06:49:30 | 000,524,288 | -HS- | M] () -- C:\Users\Schulz PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.05.31 06:49:30 | 000,065,536 | -HS- | M] () -- C:\Users\Schulz PC\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.05.31 06:49:23 | 003,999,963 | -H-- | M] () -- C:\Users\Schulz PC\AppData\Local\IconCache.db
[2010.05.31 06:21:17 | 000,001,732 | ---- | M] () -- C:\Users\Schulz PC\Desktop\CCleaner.lnk
[2010.05.31 06:02:47 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.31 03:51:35 | 000,113,353 | ---- | M] () -- C:\Users\Schulz PC\.recently-used.xbel
[2010.05.30 22:37:32 | 008,579,810 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0009.avi
[2010.05.30 22:37:28 | 160,042,278 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0008.avi
[2010.05.30 22:36:27 | 128,181,124 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0007.avi
[2010.05.30 22:35:27 | 307,164,284 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0006.avi
[2010.05.29 19:51:38 | 000,105,447 | ---- | M] () -- C:\Users\Schulz PC\Documents\gif xD.gif
[2010.05.29 19:51:07 | 000,003,927 | ---- | M] () -- C:\Users\Schulz PC\Documents\gif xD.piv
[2010.05.29 10:59:50 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.29 10:46:42 | 000,059,120 | ---- | M] () -- C:\Users\Schulz PC\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.29 10:44:56 | 000,264,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.29 04:04:38 | 000,005,881 | ---- | M] () -- C:\Users\Schulz PC\Documents\crap.piv
[2010.05.29 03:57:40 | 000,115,355 | ---- | M] () -- C:\Users\Schulz PC\Documents\rofl.gif
[2010.05.29 03:29:58 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2010.05.27 17:53:19 | 075,542,034 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0005.avi
[2010.05.27 17:31:20 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.27 16:22:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.26 20:07:34 | 817,101,088 | ---- | M] () -- C:\Users\Schulz PC\Documents\clip0004.avi
[2010.05.25 21:12:22 | 000,000,104 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Internet - Verknüpfung.lnk
[2010.05.25 15:50:26 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010.05.24 19:35:31 | 000,395,319 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.24 19:28:15 | 000,395,319 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100524-193531.backup
[2010.05.20 20:25:31 | 000,000,204 | ---- | M] () -- C:\Windows\struct~.ini
[2010.05.19 13:12:22 | 001,447,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.19 13:12:22 | 000,628,672 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.19 13:12:22 | 000,595,748 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.19 13:12:22 | 000,127,400 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.19 13:12:22 | 000,105,078 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.18 21:44:01 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\Phun.lnk
[2010.05.09 15:07:36 | 000,000,834 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Skype.lnk
[2010.05.08 12:59:38 | 000,000,136 | ---- | M] () -- C:\Users\Schulz PC\Desktop\Operation Flashpoint - Dragon Rising Demo - Verknüpfung.lnk
[2010.05.07 21:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.07 21:52:46 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.31 06:21:17 | 000,001,732 | ---- | C] () -- C:\Users\Schulz PC\Desktop\CCleaner.lnk
[2010.05.31 03:51:35 | 000,113,353 | ---- | C] () -- C:\Users\Schulz PC\.recently-used.xbel
[2010.05.30 22:37:28 | 008,579,810 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0009.avi
[2010.05.30 22:36:27 | 160,042,278 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0008.avi
[2010.05.30 22:35:37 | 128,181,124 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0007.avi
[2010.05.30 22:33:24 | 307,164,284 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0006.avi
[2010.05.29 19:51:32 | 000,105,447 | ---- | C] () -- C:\Users\Schulz PC\Documents\gif xD.gif
[2010.05.29 19:51:07 | 000,003,927 | ---- | C] () -- C:\Users\Schulz PC\Documents\gif xD.piv
[2010.05.29 19:01:01 | 000,822,272 | -H-- | C] () -- C:\Users\Schulz PC\Desktop\Pivot 3.2 Beta Deutsch.exe
[2010.05.29 10:59:50 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.29 04:04:38 | 000,005,881 | ---- | C] () -- C:\Users\Schulz PC\Documents\crap.piv
[2010.05.29 03:57:40 | 000,115,355 | ---- | C] () -- C:\Users\Schulz PC\Documents\rofl.gif
[2010.05.29 03:29:58 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\Pivot Stickfigure Animator.lnk
[2010.05.28 00:33:55 | 000,038,924 | ---- | C] () -- C:\Users\Schulz PC\Desktop\FerroRosso.ttf
[2010.05.27 17:51:34 | 075,542,034 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0005.avi
[2010.05.26 18:51:01 | 817,101,088 | ---- | C] () -- C:\Users\Schulz PC\Documents\clip0004.avi
[2010.05.25 21:12:22 | 000,000,104 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Internet - Verknüpfung.lnk
[2010.05.25 15:50:26 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010.05.21 19:07:26 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010.05.18 21:44:01 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\Phun.lnk
[2010.05.09 18:43:58 | 000,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2010.05.09 15:07:36 | 000,000,834 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Skype.lnk
[2010.05.08 12:59:38 | 000,000,136 | ---- | C] () -- C:\Users\Schulz PC\Desktop\Operation Flashpoint - Dragon Rising Demo - Verknüpfung.lnk
[2010.05.07 21:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.07 21:52:46 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2009.11.16 19:50:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.16 01:21:33 | 001,475,582 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.11.08 04:41:57 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.11.08 04:41:40 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Schulz PC\Documents\clip0005.avi:TOC.WMV
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 31.05.2010 17:36:23 - Run 2
OTL by OldTimer - Version 3.2.5.1     Folder = c:\Users\Schulz PC\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 42,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 93,31 Gb Free Space | 40,07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 556,13 Gb Total Space | 556,00 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SCHULZPC-PC
Current User Name: Schulz PC
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 1F 9D A4 7B 1F 60 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3301016802-1052793671-704723331-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AA12EE5-9421-4A70-8D5F-D5881B69B8F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0E9992CB-5B0D-44BB-B3F9-B32241C9B835}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1777C660-6BC7-4D41-9AB4-B18EC6AD4E9E}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{18BD6522-FB3E-449C-BF85-C80BC2377C9E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1936381D-56A3-4057-888A-31D38EE252A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E67520E-FC1B-4A60-9DC6-7E2D410B8443}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{250D026C-2C19-42D4-B31C-FD9B9A94158A}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{3DD3A43C-4A47-48D8-ACD2-BDF271B5FB64}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{423220E3-5F59-4765-9DD9-89CA18ECE634}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4A61DB61-3A76-47E0-BB79-04DBDF6A6A3B}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C520215-5D30-4143-9447-23D2E532DD31}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{4F166FC4-5433-47B0-BB4A-01785FC81D3B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57C625BC-71D9-454B-9A6C-4E2165365BDA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{599B6AAF-BEA0-4D8B-B312-8217C3B79F69}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{65389325-0A7E-4142-A918-D8E10855F6EE}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{65961C33-DCA3-442F-B375-B91A49B06088}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7029F6CC-411D-499E-B605-D249C6D5052C}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{78AE6919-8B6A-4BD7-9566-DC2AF92DE52D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{837D0796-967D-46D5-AF09-E9CEB09631E8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8885A92B-9A0A-449E-B7A8-4608D6EC3971}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8DB6DC34-2A55-49C4-8E6B-D895B8E4914E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8F1EFEAB-FE28-49B9-B75E-16F1AE14F44E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8FC71FCF-A383-4035-9991-214EC62F3EF4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9234C7B5-228C-4034-A01A-89578451F9C9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9A020E24-3D82-4114-95D9-D8CC66AF31D4}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{A23FDA72-F2E4-4992-BE42-7E08FE659B55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B004C52E-7165-448F-87E2-34EC1010F2F9}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{B1B174C1-95F7-4911-9E13-A20BCA250CA8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B227E55B-B104-4C4B-827D-CD90F39B2E7F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C41DC9A3-B3D8-4667-97C5-6C27AFDCCC26}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{CDF6559F-5248-4D47-A415-1E3364A23A0D}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{D7F531FB-3F64-4C21-841E-FA56243B4A77}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E378FCB8-DAA7-4BAF-BDB9-19E4921A8420}" = lport=138 | protocol=17 | dir=in | app=system | 
"{EB14E3C6-761B-4ED2-9A35-026D8847B4DD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F21EDBB2-A002-4B49-A56E-00CC132A940D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB5576D6-3A38-4102-BDC3-E42D2364DA6B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B735FD-4EC7-444B-8372-D7CC6D061C4C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{06F2A313-90C6-4AA9-ADF8-2B5EE8E68F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{09420C9D-B50C-4F25-8581-24DE79944DD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{099B6FA8-489B-4EF0-8B0D-16D87AB84036}" = protocol=17 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{0D281AAE-968F-47C9-B08F-912252702A4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{12ECDC6F-0B53-4C30-A9BE-6156675384BB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{163B2B17-FA6E-4181-8935-10DE82F0598B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{17E27D84-805A-46FB-AE6F-9580A271E3A2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1A96B60D-4A6A-436E-8831-C7B8D7CC01D3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{1C2EC662-5C0A-4831-ABFB-C989C9EF4792}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{2141F537-C3B0-47CE-AE41-F0588B22E57D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\punny2061\day of defeat source\hl2.exe | 
"{28CEDE76-5BA1-4276-8331-4352D759F37E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{2B814B16-7FAF-4851-9F98-97370C9DBA97}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2DC03553-C8D9-49CC-8C16-2FB4A001D198}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe | 
"{2F197313-EAA7-486B-93E5-C9CC8D43D08C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{37163A27-ACB1-486B-814A-1D12F0FD181E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{384AFEAD-73CA-40DE-ABA9-16AC036C9DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe | 
"{3CEE9254-FAF8-4728-B1AC-3B08193B428D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{41CE9CBC-E8CD-46E7-BEB0-A98FC61C57C2}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{42566566-D454-4B17-A2E0-2B1BD883607B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{434A21D6-1E84-42FE-96E2-8174A4A2A0BD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{46FB15CC-A1A3-4F4C-8FD4-321216232B13}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{49F87B6B-9B0C-4B1C-8A17-FC818A3FE6A2}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\of dragon rising demo\ofdr demo.exe | 
"{50BC4A6E-FD38-4D63-9862-54BE59B87339}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{57107037-E536-49C3-A468-C945FF62FCE3}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{58F683E2-9012-42A6-9A8D-493AE4AB49B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{6028B5C4-56AF-4AE9-8503-4F2841E8A811}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{6336ACDB-574E-4658-8C33-B40346DF9F60}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{65FB14C3-4914-447F-AF18-C3370558E080}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{66A41707-A02E-4E76-9D8F-4CAF14F0A5A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{680D8855-CA07-4CA0-9865-5E2647F5937B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{68E43BA9-48FF-4325-832D-A3C18A8C60D9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{7D6E803C-8F72-464D-B032-0B50A93C6A37}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{7EFFF005-517B-46F9-906A-04324CA68141}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{847A9836-0827-4E1A-89AF-9D16629756DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{87A97E7E-CC5F-41AA-A6AE-89FE082D115B}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{88AF6F3E-DF05-42A0-9534-2667EC747FAA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\shattered_horizon\client_exe\shattered_horizon.exe | 
"{8EC0D2FD-94D1-4A69-A3D0-B869626F458F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{925B837F-A0F3-4D47-A3A8-7793ED61D0F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{93B6B09A-D0B6-4760-921E-36C9006C5A42}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{980D2E21-7B26-4AD9-8DDA-2E6C3540C0BA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{9B9CF07E-2567-481A-87C9-B0080B09C15E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{9BB0378A-2E7F-4ED8-A62F-066C8D4A4305}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{9F0B09CF-C15A-4051-B221-71D513B23CD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B49CEF5B-AECD-4C80-B80C-2ED225CAFB8D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{B7BAE1D9-5039-4365-9257-611145CA6B96}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BD1B6AAA-EF2A-45CC-BA04-A4E4EEC1064B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{C5AA5A57-4E52-4148-AF17-ECDA029CCE14}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C8DE7322-AEE5-44F6-9A09-A9C79A620F68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{CDF07E3E-F5F0-4A57-ACFF-B45E1BC46498}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | 
"{D3452B04-0663-425D-B196-8B09719327F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\config.exe | 
"{D3831DE0-A443-4CFC-9F41-86C1CD1FAE8D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D59EE67F-89CB-4C55-8DD6-6F47D350A974}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{DAA58A1F-6013-48DC-8A07-BB2282751506}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\overlord\overlord.exe | 
"{DAF5B9DA-EB99-40B1-8432-1A56FCA7B8F8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{DD2C59A4-CA49-4593-8717-17DB03BE7337}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{DE013AB8-CE7A-4E16-902B-81B18B97BDEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E0C2493F-58EB-4922-AF42-66D7F1977D12}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\punny2061\day of defeat source\hl2.exe | 
"{E16249F4-8CD1-4AAB-87D5-DC8644CC6346}" = protocol=6 | dir=in | app=c:\program files (x86)\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{E3F556B8-9BD3-43B2-80AB-E20742DB78B6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{E8A951D7-ADBA-4922-B4C5-73A7A8B26595}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{E91E794B-6169-44D5-B02B-BC4D3957C017}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2 demo\justcause2.exe | 
"{EF4A7E45-397D-453D-8799-197451B6A882}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt2 demo\dirt2.exe | 
"{F03B3AF6-97F2-4638-9D30-903662813715}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{F5D8516B-5A3C-4E2C-A3AB-237FEFD36B86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{F984D2AE-4E95-4F98-B6E5-4FED1E2BD039}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{FBB50CD6-DA8C-43F8-AEC2-027861299D3A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"TCP Query User{A1075E99-35BB-4CB1-AE56-4831173514B5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{C0282ABF-E83A-4FBC-AA3D-55B0DAE391E4}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{CF02C94B-2AE9-40B0-AF23-1ADCAE096EFA}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"TCP Query User{F904B389-EAC0-4C5F-B574-5AEBC3F58B92}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{1368778F-65F2-4BC8-A693-2C52CD8BCA73}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{315BCFEB-1A58-40D7-8D4B-F7DE382AA762}C:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!box monitor\fritzboxmonitor.exe | 
"UDP Query User{68D7A782-1810-4B6E-804E-CD506E2F286A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{AA16D909-33ED-4131-84F0-C17CF45A5839}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E96FD88-FF86-25BB-112E-804C2F1B1128}" = ATI Catalyst Install Manager
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC2512D4-ED8A-4015-BF87-92478483C171}" = TortoiseSVN 1.6.6.17493 (64 bit)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07785343-2AA5-5493-2F7E-6828FD1BE825}" = CCC Help Polish
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}" = Nero 8 Essentials
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24508D50-EB8F-4FE6-B69D-B4935D8745EF}_is1" = Warsow 0.5
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}" = Microsoft XNA Framework Redistributable 2.0
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A9B8C94-2781-4B36-941E-CB37957DE0C0}_is1" = Xross Media Simulator 1.0
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C32C78B-877C-3552-7C8B-0D54EF06BFA3}" = CCC Help Hungarian
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{472D4D76-7C80-CADB-A3A4-0914E09F5BE8}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4BD30961-6060-77DF-CA94-5EBB0C52177B}" = CCC Help Greek
"{4D3B92CA-7973-4D9E-BB93-52C705A473B6}" = OF Dragon Rising Demo
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CE8DE46-1D95-786A-A666-AAC564BC9200}" = TweetDeck
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{662F7E0F-ED2A-6870-6F6A-EF99F424597C}" = CCC Help Spanish
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F7BC12B-33DB-728C-E3A6-410E3211E8A3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B68D39D-C167-DA59-587A-5143B0FF3458}" = Catalyst Control Center InstallProxy
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B2585CB-0929-E56A-2508-A15FCEEF8B6B}" = CCC Help Portuguese
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C19FFB1-25FC-43FC-AC78-919E5E2A6DD0}" = TortoiseSVN 1.6.6.17493 (32 bit)
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}" = DiRT2 Demo
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{D70842BC-EDD5-7967-795F-E8CEFA8CC58D}" = CCC Help German
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATITool" = ATITool Overclocking Utility
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBoxMonitor" = AVM FRITZ!Box Monitor
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battleground Europe: WWIIOL" = Battleground Europe: WWIIOL
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Fraps" = Fraps (remove only)
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"HypreCam Toolbar" = HypreCam Toolbar
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"Phun_is1" = Algodoo Phun edition v5.28
"Pivot 3.2 Beta Deutsch" = Pivot 3.2 Beta Deutsch
"Postal 2 Demo" = Postal 2 Demo
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"TeamViewer 5" = TeamViewer 5
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.05.2010 04:45:42 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2010 04:46:15 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 04:46:15 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 06:12:39 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.05.2010 06:15:48 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 29.05.2010 06:15:49 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 30.05.2010 10:37:41 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.05.2010 10:40:03 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
Error - 31.05.2010 09:28:42 | Computer Name = SchulzPC-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.05.2010 09:29:33 | Computer Name = SchulzPC-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.
 
[ Media Center Events ]
Error - 25.11.2009 14:23:32 | Computer Name = SchulzPC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 10.03.2010 08:48:05 | Computer Name = SchulzPC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 10.03.2010 13:53:27 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
Error - 10.03.2010 13:53:27 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 700
Description = 
 
Error - 15.04.2010 06:48:29 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
Error - 15.04.2010 06:48:29 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 700
Description = 
 
Error - 15.04.2010 06:50:28 | Computer Name = SchulzPC-PC | Source = ehReplay | ID = 701
Description = 
 
[ System Events ]
Error - 19.04.2010 08:12:40 | Computer Name = SchulzPC-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die Netzwerkkarte mit der Netzwerkadresse 001C4AF92C9C zugeteilt werden. Der
 folgende Fehler ist aufgetreten:   %%1223. Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 19.04.2010 18:47:24 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 19.04.2010 18:47:25 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 08:53:16 | Computer Name = SchulzPC-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 20.04.2010 12:10:58 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 12:11:05 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 12:11:15 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 12:11:16 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 13:16:32 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 20.04.2010 13:16:36 | Computer Name = SchulzPC-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
 
< End of report >
         
__________________

Antwort

Themen zu Merkwürdiger/s Virus / Programm
100%, antivir, antivir guard, avira, bho, desktop, firefox, hijack, hijackthis, internet, internet explorer, kaspersky, logfile, monitor, mozilla, otl log, programm, rundll, safer networking, schnelle hilfe, security, software, stick, system, syswow64, virus, vista, windows



Ähnliche Themen: Merkwürdiger/s Virus / Programm


  1. merkwürdiger startup Eintrag
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (5)
  2. Merkwürdiger Trojaner (Wurm/Virus?)
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (1)
  3. Virenprogramm lief nicht mehr und merkwürdiger Tab im Browser - Virus?
    Log-Analyse und Auswertung - 19.12.2011 (5)
  4. Merkwürdiger, noch nicht verzeichneter Rootkit Virus?
    Plagegeister aller Art und deren Bekämpfung - 26.06.2011 (3)
  5. Merkwürdiger Windows Sound
    Alles rund um Windows - 05.02.2011 (0)
  6. Merkwürdiger Treiber entdeckt...
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (8)
  7. Merkwürdiger Eintrag im eventlog
    Plagegeister aller Art und deren Bekämpfung - 02.09.2009 (3)
  8. merkwürdiger sound
    Netzwerk und Hardware - 23.08.2009 (7)
  9. merkwürdiger HJT-Eintrag
    Log-Analyse und Auswertung - 07.04.2009 (3)
  10. merkwürdiger Quelltext
    Mülltonne - 02.11.2008 (2)
  11. Merkwürdiger Aktivierungsprozess von XP
    Alles rund um Windows - 11.04.2008 (7)
  12. Merkwürdiger Registry Eintrag
    Plagegeister aller Art und deren Bekämpfung - 27.07.2006 (3)
  13. Virus-Alert, Virus getarnt als AntiVir-Programm
    Plagegeister aller Art und deren Bekämpfung - 28.05.2006 (1)
  14. Merkwürdiger Virus?
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2005 (1)
  15. Kann einige Anwendungen nicht öffnen (merkwürdiger virus)
    Plagegeister aller Art und deren Bekämpfung - 13.04.2005 (8)
  16. merkwürdiger Trojaner
    Log-Analyse und Auswertung - 06.09.2004 (9)
  17. Merkwürdiger Warnhinweis
    Plagegeister aller Art und deren Bekämpfung - 26.05.2003 (14)

Zum Thema Merkwürdiger/s Virus / Programm - Hey. Ich hab mal ein Programm von einem Kumpel bekomme welcher den Router resettet. Heut ist mein Kaspersky abgelaufen also hab ich mit Antivir geholt und schwups wurde was erkannt. - Merkwürdiger/s Virus / Programm...
Archiv
Du betrachtest: Merkwürdiger/s Virus / Programm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.