Liste der Anhänge anzeigen (Anzahl: 1) MBAM Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4245
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
27.06.2010 17:55:30
mbam-log-2010-06-27 (17-55-30).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129356
Laufzeit: 4 Minute(n), 4 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
| OTL Zitat:
PRC - [2009.04.10 19:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2008.10.28 02:01:00 | 001,794,048 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ========== Modules (SafeList) ==========
MOD - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
MOD - [2010.03.07 22:14:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2008.05.02 05:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008.05.02 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx ========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.12.12 17:10:37 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.12.12 17:10:29 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 13:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.28 22:32:15 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 16:53:20 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.12.14 12:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS) ========== Driver Services (SafeList) ==========
DRV:64bit: - [2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymSMR110.SYS -- (SymSMR110)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.04 16:36:26 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV:64bit: - [2009.12.04 16:36:24 | 000,440,520 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.11.18 19:05:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.12 21:32:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.12 21:32:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.29 13:36:16 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.04.13 16:38:06 | 000,147,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv06.sys -- (acedrv06)
DRV:64bit: - [2009.04.13 16:38:06 | 000,132,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrvlg.sys -- (acedrvlg)
DRV:64bit: - [2009.04.13 16:38:06 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.28 02:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.10.28 02:01:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.04.22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 04:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007.03.07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV - [2009.04.13 16:38:06 | 000,089,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\acedrvlg.dll -- (acedrvlg)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv07.dll -- (acedrv07)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv06.dll -- (acedrv06)
DRV - [2008.12.31 02:43:20 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007.10.16 17:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box ========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ogame.de/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 14:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 12:32:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.25 18:19:25 | 000,000,000 | ---D | M]
[2009.10.11 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions
[2010.06.25 17:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.25 17:32:45 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2010.04.28 12:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.27 10:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.19 00:31:24 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.10.13 17:58:59 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010.06.25 17:32:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.04 14:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.28 22:32:54 | 000,001,648 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.28 22:32:54 | 000,002,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.28 22:32:54 | 000,007,015 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.28 22:32:54 | 000,001,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.28 22:32:54 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.06.27 10:05:22 | 000,395,582 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13663 more lines...
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
O4 - HKCU..\RunOnce: [*NMRUI] C:\Users\Rene\Desktop\NPE.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008.08.17 13:39:34 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2008.07.29 12:38:20 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 05:08:35 | 000,000,000 | ---D | M]
CREATERESTOREPOINT
Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ==========
[2010.06.27 17:55:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 16:55:25 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:51:34 | 000,072,240 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.06.27 13:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.27 13:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.27 13:57:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.27 13:56:44 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:16:53 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.27 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\NPE
[2010.06.27 12:08:21 | 005,501,296 | ---- | C] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:04:23 | 000,458,752 | ---- | C] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.27 10:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.02 22:45:59 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Onkelz
[2010.05.20 22:10:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Avira
[2010.05.20 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\ForceField Shared Files
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.05.20 21:53:23 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.05.20 21:53:19 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2010.05.20 21:53:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010.05.20 21:45:47 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.20 21:45:47 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.20 21:45:47 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.20 21:45:47 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.20 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.20 21:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2010.05.14 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Varengold Fox
[2010.05.11 16:22:21 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.04.28 22:32:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Opera
[2010.04.28 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.19 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.04.19 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.12 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\PokerStars.NET
[2010.04.12 23:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ==========
[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.27 17:59:54 | 007,176,192 | ---- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 17:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 16:55:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:53:44 | 000,001,408 | ---- | M] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 16:51:30 | 000,000,184 | ---- | M] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job
[2010.06.27 14:51:08 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.27 14:51:07 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.27 14:50:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 14:50:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 14:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 14:04:12 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 14:04:12 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.06.27 14:04:00 | 001,698,323 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.06.27 13:57:10 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 13:56:53 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 12:16:58 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:12:55 | 000,731,136 | ---- | M] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:08:31 | 005,501,296 | ---- | M] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:05:22 | 000,395,582 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.06.27 10:04:29 | 000,458,752 | ---- | M] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.26 19:37:41 | 000,187,135 | ---- | M] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.26 00:47:15 | 007,036,928 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:39 | 005,462,016 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:54 | 004,931,584 | ---- | M] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:27 | 005,746,688 | ---- | M] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.26 00:28:43 | 000,319,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.26 00:27:33 | 580,749,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 20:10:56 | 000,198,082 | ---- | M] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | M] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | M] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:10 | 000,000,560 | ---- | M] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:52:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:18:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:18:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TM.blf
[2010.05.22 11:41:33 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.20 21:53:48 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:53:20 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 20:13:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.05.18 18:30:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.05.13 16:16:52 | 000,034,304 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.11 16:22:21 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.04 22:33:52 | 001,456,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.04 22:33:52 | 000,632,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.04 22:33:52 | 000,598,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.04 22:33:52 | 000,128,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.04 22:33:52 | 000,105,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.09 13:29:15 | 001,360,575 | ---- | M] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:25 | 001,355,991 | ---- | M] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010.03.30 23:00:19 | 000,000,149 | ---- | M] () -- C:\Users\Rene\Desktop\Goldies.pls
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ==========
[2010.06.27 16:53:36 | 000,601,224 | ---- | C] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:52:24 | 001,545,030 | ---- | C] () -- C:\Info20100627165138.xml
[2010.06.27 16:51:34 | 000,001,408 | ---- | C] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:51:30 | 000,000,184 | ---- | C] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 13:57:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:22:18 | 001,538,775 | ---- | C] () -- C:\Info20100627122128.xml
[2010.06.27 12:12:53 | 000,731,136 | ---- | C] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:10:33 | 001,541,269 | ---- | C] () -- C:\Info20100627120944.xml
[2010.06.26 19:37:29 | 000,187,135 | ---- | C] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 00:47:04 | 007,036,928 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:28 | 005,462,016 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:43 | 004,931,584 | ---- | C] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:15 | 005,746,688 | ---- | C] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.25 20:10:55 | 000,198,082 | ---- | C] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | C] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | C] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:08 | 000,000,560 | ---- | C] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:36:26 | 000,228,606 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924MSI02F6.txt
[2010.05.22 12:36:26 | 000,011,780 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924UI02F6.txt
[2010.05.22 12:35:39 | 000,536,588 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923MSI0259.txt
[2010.05.22 12:35:38 | 000,011,684 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923UI0259.txt
[2010.05.22 12:19:59 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:19:58 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:19:58 | 000,065,536 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.05.20 21:53:20 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 21:53:11 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:45:05 | 000,435,038 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistMSI0A9E.txt
[2010.05.20 21:45:05 | 000,011,594 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistUI0A9E.txt
[2010.05.18 18:30:23 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.04.09 13:29:12 | 001,360,575 | ---- | C] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:23 | 001,355,991 | ---- | C] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.30 23:00:18 | 000,000,149 | ---- | C] () -- C:\Users\Rene\Desktop\Goldies.pls
[2009.06.13 00:16:23 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.05.27 14:57:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.27 14:56:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.15 19:47:20 | 000,002,371 | ---- | C] () -- C:\Windows\WinRos.ini
[2009.05.15 19:47:19 | 000,003,868 | ---- | C] () -- C:\Windows\WinSig.ini
[2009.04.22 19:51:45 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\Imncb.dll
[2009.04.22 19:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Urncbc.dll
[2009.04.13 16:38:06 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrvlg.dll
[2009.04.13 16:38:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.04.13 14:54:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll
[2009.04.13 14:23:37 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.04.05 14:31:43 | 001,484,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.03.24 16:31:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.16 20:34:26 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\wk32.dll
[2009.02.16 20:34:26 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ic32.dll
[2008.12.28 23:40:23 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.28 23:40:23 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.12.19 03:06:28 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.12.18 22:12:20 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.12.18 13:46:50 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ==========
[2009.05.02 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\apsec
[2009.07.30 23:12:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Atari
[2009.07.26 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\BOM
[2009.02.16 18:24:11 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Canneverbe_Limited
[2010.05.20 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.02.05 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.05.15 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\counters
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools
[2009.11.18 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Lite
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Pro
[2009.05.15 19:46:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\eSignal
[2010.06.27 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ
[2009.05.16 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Leadertech
[2010.04.28 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.28 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera
[2009.10.10 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\PeerNetworking
[2009.01.10 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Red Alert 3
[2009.11.11 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Saxo Bank
[2009.11.09 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\tradesignal
[2010.06.24 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client
[2008.12.18 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TuneUp Software
[2009.08.13 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Ubisoft
[2009.03.28 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\WordToPDF
[2009.03.26 23:50:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\xproj
[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.06.27 14:04:03 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* >
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.18 20:28:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008.12.18 13:57:59 | 000,000,237 | ---- | M] () -- C:\csb.log
[2010.06.27 12:17:46 | 000,000,444 | ---- | M] () -- C:\ietgq.txt
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 14:50:25 | 312,037,375 | -HS- | M] () -- C:\pagefile.sys
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2008.12.18 13:55:17 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2008.12.31 02:21:06 | 000,000,122 | ---- | M] () -- C:\service.log < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys < %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
< End of report >
| Extras
OTL EXTRAS Logfile: Code:
OTL Extras logfile created on: 27.06.2010 18:00:39 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Rene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,76 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 7,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 154,76 Gb Total Space | 38,92 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Value error. File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2F FD A9 51 D3 DE C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2289016777-2642048843-1374912535-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EBEA59-494C-4C76-8103-D16EBA2D2BE0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{03642776-A8C6-42CC-8BA4-32554EDE52ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0769B0DD-DAE7-4E64-A2F0-6749E7CB00FF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0BE276F3-ABAB-490C-926D-60F2B810BAB8}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{10B0FFD3-F78D-4D19-A4E6-0F05D4785A4F}" = rport=5358 | protocol=6 | dir=out | app=system |
"{10E86EA8-C6C9-497A-A5F7-54DBF63FA63C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16B9D022-ED7B-4042-AA7B-0209ED39F766}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{18AC25A3-A05D-4670-90A8-8AE0D4A66ABB}" = lport=445 | protocol=6 | dir=in | app=system |
"{18FD29FE-44ED-428D-82A7-C77A09379578}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{28253E7F-008A-4AC6-B0A0-090F292EEC00}" = lport=5357 | protocol=6 | dir=in | app=system |
"{2E278437-869D-41C7-B00B-CDA36AFA384A}" = rport=5357 | protocol=6 | dir=out | app=system |
"{30C40839-892E-4D8E-B49B-EC190B970412}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{456C7CB1-2750-4E74-8F19-B4C56BA1643A}" = lport=139 | protocol=6 | dir=in | app=system |
"{48083F25-40A2-442F-A15F-2EA6C57E1EFE}" = rport=139 | protocol=6 | dir=out | app=system |
"{499312D4-56F1-43AE-B350-7032806477C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{54FA5F95-FAAA-4769-B274-886E3422DFC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55022EDF-17D2-4ADB-9CA4-77BA33C7649F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5837E6FE-F796-4468-AA0F-E72BA045B7E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59252E3C-8BCF-43AF-A2B0-C408BE1078E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5DF7C210-4EB1-4540-8E49-CA0BEFB9E958}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{61D95C2C-6CA5-4320-BB71-05760BA7451F}" = lport=5358 | protocol=6 | dir=in | app=system |
"{65500DCC-0ADE-47A9-B159-CA32E0BFC134}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{657F8427-F48F-42C1-961D-B3798A04EF0F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{692F2B17-F8CF-4990-B670-4E15E5A50ADE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{6EFE22CC-753C-4609-9789-5ECB76799107}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{77E64315-DAD0-4F2C-AE1F-E52275A9D1CA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{7D4CD38A-E8BC-4D82-AF7B-4B456B8FA30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{87429994-2C34-4154-9909-A8C9EB942C7B}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D44D8C3-FCCF-48C2-AFE0-DE63AE4A4883}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F8C0CA5-6ED5-4D1D-9194-C5A2458573A5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{94A11F46-1C2E-48D9-B212-919D4777938D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{9610002F-71E4-4DB3-BEE0-9D8CAFD9A46D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9735E09F-BD4E-4FBB-B48F-D00540C16A2A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{9B2616CE-237E-460E-AFE0-8DDFE798FD92}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D7C5A3D-05B8-4C49-B57E-DAF3BDBE09E8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{A16DD12E-B645-4CDF-8B89-96694991206B}" = rport=137 | protocol=17 | dir=out | app=system |
"{A53C7984-9FF4-49D3-9B5E-80B3608AD7C6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AB40776B-A403-43AD-8AA0-4AFFC07E92B8}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{AC040F5E-9415-441C-9A2E-EF1DBB4B97B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{C161AAF6-94FF-4696-867F-8D4D321F3F75}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{C3A53FE1-49EC-4394-8769-9525423B5211}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{CB4CEA05-54E1-424F-8596-5DCF1EC279DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D4ABDED5-9010-4C4F-9CBB-2E163A4825A5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{E16D30D6-6765-49ED-95A9-9D396575A103}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EDF16B7C-1455-4BDB-A3D3-AC90F0236804}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{EF5E0984-346F-49B2-9F9C-5991F4C6736E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03210A6A-9865-4AE5-B716-B56BE09FF6BD}" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe |
"{04AADD9E-2B8A-46DF-815A-B9587E610225}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{07B922F7-6F98-49FC-9EBD-C62990803FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{09C23078-6379-480D-AED0-125E79990A9C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{0A1E1029-52F3-4BFD-93FC-A13743FBF581}" = protocol=17 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe |
"{0B5CACB7-0E62-4F84-9A28-675D6930414D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D010D21-EE44-4884-93F9-18AC4C8FCE19}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{0FAFE8D1-276B-4CE7-BC05-690ABDC6CFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{151F9508-CCFC-4B4F-A9C9-97812748FFBC}" = protocol=6 | dir=in | app=e:\cod world at war\codwaw.exe |
"{1A9C789E-E98B-4FB6-B70B-2DB45B1E3E53}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{20686F00-AF35-4F0E-A800-3D1A3A09E71B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{25802063-48BB-467F-8B62-D1638EED46D7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{2B35A30F-E478-4514-BB68-6DE616997264}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DA3DD04-3476-4CA5-BECF-BB225F3CC723}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{309750BD-5B83-4108-984F-C79A79E00E3C}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe |
"{32281C68-56CE-4C58-9C6D-61252E0B0BE2}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{3B236773-4AA0-48BB-AEA8-E5902247DBD7}" = protocol=6 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe |
"{3BF12050-978A-403B-854E-6644457A6415}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3C328BAA-6ED5-4680-BB6B-B0D4F030AC98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe |
"{3EE35AD7-D4E4-4032-85D5-6B7F5B8049F2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"{3EF49AB1-F066-47F5-9DE8-7320A4225A90}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe |
"{4039DE82-DF4E-4AD4-B907-66E074E6C1C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{4485E66F-1FC8-45AA-BC8B-F81308E6FA33}" = protocol=17 | dir=in | app=e:\cod world at war\codwawmp.exe |
"{4655FC37-9712-4A6A-B6BD-E65377D70CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{47FD0414-E079-4C29-9BB1-479A07AAA296}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{49070DED-6DED-495A-9AE5-AC2A1735E3C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{4CF4B22E-7FB7-45ED-B6A7-FE7227F60F4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{55584D5D-5E52-4BAE-80A5-FD6EEBB48442}" = protocol=17 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe |
"{5DCDFCE3-D89A-48D1-A8EA-8AAA94E741AE}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe |
"{61CE42C2-D7E6-4CA2-8060-49D4DC2E8DAA}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{66F4FA82-EE05-4FCE-9D9F-1C8485297B76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6BE67594-10E9-4829-A1D7-70D0DB2D795F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{70780BF9-178E-4B8E-8BCA-F42A3C63C151}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{71ED77E4-F442-4D60-A416-AAA0103A397C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{75C74060-95D8-4243-938C-F1026A7A73F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7902A92F-835A-43D5-902F-A530F1AFAEB8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{7EBEFD8A-EA00-4018-8021-50E2C5CCE858}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe |
"{8163645F-8030-4B7A-ABA1-BC207F7AB096}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{84EC53EA-A929-4AE3-9403-043AE2502FF2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{86357A2C-6688-4DDF-B0CE-77B0A7B3BE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{8D5ED9FF-EBFE-4667-8CDF-F38126B2C442}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe |
"{8F00B418-487D-4E29-9CB1-8230BB014A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{914C7114-25D8-4E08-9F10-9787D7912BCE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{94D51E09-0B10-44DC-9872-C6BC6CAAD15B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{95619472-42E5-4E9D-9C2B-0C82AA7B45BD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{99F8985C-3F71-40E1-A9D3-A5A5C0879016}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9A71ED3E-A461-42D3-ADBB-1965F30EECB1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe |
"{9B81BB3F-DAD4-40A9-80CC-F3D608D2BA89}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{9D5C2826-BBB6-4980-AB4E-DEB952EE12D9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{A097EADB-14A4-4D88-ABE0-C793B536A7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe |
"{A1B9B5E1-1DD7-4EA4-ABC2-9314AD111B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{A7EAD8C0-0141-4C29-BCE8-F2670DBCDC42}" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe |
"{AAB81A5E-3F6C-452A-820A-F08C1E8FDF55}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{B1050F42-28B3-49E0-916F-E155E88C125A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{B1ED48C5-3988-4053-A167-421974B673F5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{B49B0BCB-CAA5-4C0B-8456-E07AE68B2C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B53A8159-4C71-4433-8DEC-F740304CA99F}" = protocol=6 | dir=in | app=e:\cod world at war\codwawmp.exe |
"{B748BB51-740E-4D19-90EB-AE23579D2369}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe |
"{C035CF1E-5610-4853-B3D6-9A987B03117B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C3E066FE-AEDA-48FE-B942-1168B32C8E35}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe |
"{CB13451F-840E-4CEC-9363-ACD8FB2F275A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe |
"{CF6A45CB-EE69-4064-B15D-A2FD837306E2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{D93F204F-A8DC-4344-ABF4-C8099FB9E9D8}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{E2BEE8E3-9819-46FF-98EE-2B6D482C83BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{E5E4106D-0CA3-40CD-8AEB-95D3A3F2E931}" = protocol=6 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe |
"{F237DAC3-5281-4025-B76A-327C562F4B00}" = protocol=17 | dir=in | app=e:\cod world at war\codwaw.exe |
"{F55C145B-F9CD-4C4C-9241-A0BAF034609A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F92C67C0-F532-485D-9B53-2782331948C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FAD1F8D0-A8B5-4567-8FCD-627C57B23482}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"TCP Query User{015D51E9-1141-48D0-AD80-D6B7E80FEF15}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe |
"TCP Query User{2537371B-F767-46C0-93BC-FD17792168B5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{4D4468C5-583E-4F77-AC4E-31AEFC7E6CD4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{70012A36-95B6-4BFB-AE2E-9175BC28B594}E:\warcraft 3 1.16\war3.exe" = protocol=6 | dir=in | app=e:\warcraft 3 1.16\war3.exe |
"TCP Query User{7B8D5C31-731F-4ABB-91CA-A1E6CC94BC66}E:\programme\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe |
"TCP Query User{81403C92-3E43-4A32-AF53-74878DFEF932}E:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe |
"TCP Query User{8AC64030-10B2-4405-91BD-BEDD71FD86D3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{8BC64F52-DCA2-4087-9D7F-81F07CCB86D0}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"TCP Query User{93467EC8-D9C5-4BF3-BD78-F0ACCEF19741}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"TCP Query User{A94C503E-B0BA-49A3-BD6C-7E9390A59C46}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{C0BB8EF6-363F-41D9-AAD8-B652053067FB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{0F270C8E-EA37-4DFD-AB4A-55A6DB5AEE87}E:\warcraft 3 1.16\war3.exe" = protocol=17 | dir=in | app=e:\warcraft 3 1.16\war3.exe |
"UDP Query User{110C3843-EA2B-40DA-BA81-51523E26D8F4}E:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe |
"UDP Query User{22ACF218-0CF3-4239-A187-95BE70C783C1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{2739792A-0EA6-498C-BBD7-AB9C2F8D0C43}E:\programme\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe |
"UDP Query User{56DA3E2A-A15E-4B92-B20B-1108D5E867CB}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{6DFB35FE-0E92-4159-8D7A-16C70EB48831}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe |
"UDP Query User{7186BADA-A952-4DB1-87E7-2FBF3E2C33F7}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"UDP Query User{76B25B5D-38F8-489E-9069-26B4F4DF5A03}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe |
"UDP Query User{C93880FB-C5FA-4DA4-A27A-72C198D6083E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{CE36E0C9-6980-4B6C-8865-CAB299B89D1D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{DA4C820A-6ED6-41CE-8B41-1B671515879C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DivX Setup.divx.com" = DivX-Setup
"EXPERTool_is1" = EXPERTool 6.7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FXCM Trading Station" = FXCM Trading Station
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Steam App 24960" = Battlefield: Bad Company 2
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"flatex-Trader" = flatex-Trader
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report > --- --- ---
Villt noch als zusätzliche Info:
Antivir meldete bei beiden Programmausführungen folgendes: |