Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kreditkartenabfrage nach Online-Banking-Login - Trojan.BTSoft.Gen ? (https://www.trojaner-board.de/118653-kreditkartenabfrage-online-banking-login-trojan-btsoft-gen.html)

frzr 05.07.2012 21:55
Kreditkartenabfrage nach Online-Banking-Login - Trojan.BTSoft.Gen ?
 
Hallo Gemeinde,

ich bin erstmals aufmerksam geworden, dass ich mir wohl einen Trojaner eingefangen habe, als nach dem Online-Banking-Login merkwürdige Abfragen zu Kreditkarten gemacht wurden. (Screenshots siehe hxxp://www7.pic-upload.de/05.07.12/3r8rqq74cniz.jpg sowie hxxp://www7.pic-upload.de/05.07.12/jgk43vvs4bin.jpg )
Nach Rücksprache mit meiner Bank habe ich den Online-Banking-Zugang natürlich unverzüglich sperren lassen.

Zunächst hatte ich versucht mit Antivir den Trojaner zu beseitigen.. dort wurden auch mehrere Infektionen gemeldet und gelöscht. Die Abfrage auf der Sparkassen-Seite war daraufhin (erstmalig) weg. Einen halben Tag später, war sie jedoch wieder da... Antivir hat jedoch keine Viren/Trojaner mehr gefunden.

Nun bin ich auf euer Forum gestoßen und hoffe hier Hilfe zu bekommen.

Anbei die Malwarebytes-Logfile:
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.05.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [Administrator]

Schutz: Aktiviert

05.07.2012 22:44:18
mbam-log-2012-07-05 (22-53-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252858
Laufzeit: 5 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LicenseValidator (Trojan.BTSoft.Gen) -> Daten: C:\Users\Chris\AppData\Roaming\Identities\{41234F4C-B4D3-4634-BA1C-B179B008F792}\LicenseValidator.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Chris\AppData\Roaming\Identities\{41234F4C-B4D3-4634-BA1C-B179B008F792}\LICENSEVALIDATOR.EXE (Trojan.BTSoft.Gen) -> Keine Aktion durchgeführt.

(Ende)
Das hier ist der Auszug eines Quick-Scans.
Davor wurde ein ausführlicher Scan (1,5 Std.) durchgeführt, habe aber vergessen, den Log zu speichern.
Das Resultat war das gleiche.

OTL-Logs folgen in Kürze...

Würde mich über Hilfe freuen - würde gern vermeiden, das System neu aufsetzen zu müssen. Danke schon mal!

Viele Grüße,
Christian

frzr 05.07.2012 22:45
Inhalt OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 05.07.2012 23:34:34 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,59% Memory free
8,00 Gb Paging File | 5,45 Gb Available in Paging File | 68,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110,25 Gb Total Space | 24,47 Gb Free Space | 22,20% Space Free | Partition Type: NTFS
Drive D: | 122,53 Gb Total Space | 64,73 Gb Free Space | 52,83% Space Free | Partition Type: NTFS
Drive E: | 148,50 Gb Total Space | 86,17 Gb Free Space | 58,03% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.05 23:34:08 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2012.07.01 13:58:02 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012.06.19 01:57:47 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.02 00:48:48 | 000,466,896 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avscan.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:22:53 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\avcenter.exe
PRC - [2012.04.06 13:26:08 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2012.04.06 13:26:08 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.01 13:58:02 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.19 01:57:47 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\program files (x86)\avira\antivir desktop\sqlite3.dll
MOD - [2012.04.06 13:26:08 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.07.01 13:58:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 01:57:47 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.19 11:35:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.03 10:58:52 | 000,168,864 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.12 00:40:22 | 002,287,360 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.10.27 10:02:32 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.06.14 18:11:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.06.14 18:11:26 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.04.26 11:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.18 19:34:20 | 000,867,064 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.06.10 11:23:58 | 000,190,504 | ---- | M] (GetData Pty Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MIPFSv364.sys -- (MIPFSv364)
DRV:64bit: - [2010.06.10 11:23:58 | 000,064,040 | --S- | M] (GetData Pty Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MIPv364.sys -- (MIPv364)
DRV:64bit: - [2010.06.07 17:16:24 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:35:58 | 000,047,872 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fet6x64.sys -- (FETNDIS)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 01:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008.06.17 09:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)
DRV - [2011.05.18 20:31:57 | 000,014,544 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Users\Chris\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries25.gadget\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 62 3E 72 13 20 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\..\SearchScopes,DefaultScope = {95289393-33EA-4F8D-B952-483415B9C955}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}: "URL" = hxxp://search.qip.ru/?query={searchTerms}
IE - HKCU\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=1e33c7c8-0a68-49c2-b1b6-d873c034356e&apn_ptnrs=%5EABT&apn_sauid=3117D811-5452-455A-B862-6911C064E0C2&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.http: "157.181.228.181"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 01:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 19:25:33 | 000,000,000 | ---D | M]
 
[2010.06.17 13:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Extensions
[2012.06.16 13:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\sqi7g3h6.default\extensions
[2012.03.29 17:39:59 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\sqi7g3h6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.09.23 18:46:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\sqi7g3h6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.18 14:30:48 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Chris\AppData\Roaming\mozilla\Firefox\Profiles\sqi7g3h6.default\extensions\ich@maltegoetz.de
[2011.07.24 22:41:19 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-1.xml
[2011.07.24 22:41:19 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-2.xml
[2011.07.24 22:41:19 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-3.xml
[2011.07.24 22:41:19 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-4.xml
[2011.07.24 22:41:19 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-6.xml
[2012.02.25 16:41:57 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-7.xml
[2012.02.25 16:41:57 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-8.xml
[2012.02.25 16:41:57 | 000,000,828 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin-9.xml
[2012.02.25 16:41:57 | 000,000,901 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\icqplugin.xml
[2011.07.24 22:41:20 | 000,001,357 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\kikin-search.xml
[2011.07.24 22:41:20 | 000,002,059 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\qip-search.xml
[2012.02.25 16:41:57 | 000,000,901 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\wikipedia-de-1.xml
[2011.07.24 22:41:20 | 000,001,031 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\wikipedia-de.xml
[2012.02.25 16:41:57 | 000,002,168 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\youtube-videosuche-1.xml
[2011.07.24 22:41:20 | 000,002,168 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sqi7g3h6.default\searchplugins\youtube-videosuche.xml
[2012.06.20 19:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.20 19:54:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.25 17:06:44 | 000,767,703 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SQI7G3H6.DEFAULT\EXTENSIONS\{DB981CCA-088E-4731-A4A2-2FE218703C0E}.XPI
[2012.06.16 13:44:06 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SQI7G3H6.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.19 01:57:47 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.06 13:26:08 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 17:43:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.15 17:43:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.15 17:43:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.22 14:17:01 | 000,001,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.15 17:43:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 17:43:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 17:43:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
 
O1 HOSTS File: ([2011.06.17 15:07:36 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (no name) - {EC136321-1AE5-4A7F-B01C-5380D666175B} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\Chris\AppData\Roaming\Identities\{41234F4C-B4D3-4634-BA1C-B179B008F792}\LicenseValidator.exe (Sea3Soft)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program Files (x86)\PokerStars.TEST\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{637FDD7B-006C-43F1-9861-EA24D2265192}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B750C89C-FEF6-4950-9683-79954345716D}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62517c27-7a00-11df-bb93-000f3df6d44d}\Shell - "" = AutoRun
O33 - MountPoints2\{62517c27-7a00-11df-bb93-000f3df6d44d}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{6ea17529-79fc-11df-8b7c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6ea17529-79fc-11df-8b7c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 21:37:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{94488C15-EAC3-47C5-B7AC-58D6CC878C50}
[2012.07.05 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{AE14C2CE-072C-42BF-BB00-68C7C35917D9}
[2012.07.05 21:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.05 21:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.05 21:02:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Simply Super Software
[2012.07.05 21:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.07.05 21:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.07.05 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Simply Super Software
[2012.07.05 21:02:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.07.05 01:58:50 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{A96B02A1-5E40-44CA-9791-18B43F11B635}
[2012.07.05 01:58:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4BB1D66D-2000-4A6D-AB15-D086525B6523}
[2012.07.03 22:02:42 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Help
[2012.07.03 21:56:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2012.07.03 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{926CFEAB-C5B4-441D-8F21-921F4572152F}
[2012.07.03 12:19:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{70826535-A09E-410C-871C-9296637A18C5}
[2012.07.02 13:49:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{CC628E4D-D9CF-45EF-8B3A-8419EA60D740}
[2012.07.02 13:49:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2EAABE8F-BEA9-4DEA-A176-9AE451D931D3}
[2012.07.02 02:46:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{BCEA1AD9-4C72-464B-A75B-8E8014585861}
[2012.07.02 02:46:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{FC66A9B7-8E56-4156-800D-18FB5EE52EDE}
[2012.07.01 13:59:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{323FB250-7629-432E-A993-C23702AB07F9}
[2012.07.01 13:59:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{33D521C3-45B3-43CD-BA14-191CA56A00C5}
[2012.06.30 00:16:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3ECAE304-005B-438E-9417-577DD9FD5506}
[2012.06.30 00:16:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7F53C72E-36C0-4E2E-86B5-DF0E5671F212}
[2012.06.29 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3DC8FF0C-D0A9-4F18-9A88-BF895EF1769B}
[2012.06.29 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{831E7007-EDD9-4CAD-A818-7FECB610DAE9}
[2012.06.28 19:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.06.28 16:07:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7E33FA3A-3384-4063-AB36-92701E561D30}
[2012.06.28 16:07:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2410C684-55E6-4C2C-A373-ECF65FE33CAF}
[2012.06.28 13:02:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Chromium
[2012.06.27 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{994542FA-4E37-49B8-B33F-2B34A4D0228A}
[2012.06.27 16:41:58 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{767F4D55-30CF-4B26-91FC-73B5F3237950}
[2012.06.27 12:39:25 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.27 12:39:25 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.27 12:39:25 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.27 12:39:09 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.27 12:39:09 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.27 12:39:09 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.27 12:38:50 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.27 12:38:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.26 23:27:46 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Zattoo
[2012.06.26 23:27:36 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.06.26 23:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zattoo4
[2012.06.26 23:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zattoo4
[2012.06.26 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{19830088-3A44-444A-820B-77A7AFA46277}
[2012.06.26 15:25:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7AD12DB3-9304-4F85-B547-65C1261599A8}
[2012.06.25 16:28:48 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{26EA958A-324B-4468-87BB-DA988BAD192A}
[2012.06.25 16:28:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{104B1146-F963-4958-B2DE-3ABC4D460D7F}
[2012.06.25 00:55:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{05C73B09-79FE-4B80-B3F2-7DFAE93F50D1}
[2012.06.25 00:54:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{E6464D69-8276-425A-8DDC-82F921C52B24}
[2012.06.24 12:54:14 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{4D4C9CC1-32EF-4BF8-AB8A-0023273F99ED}
[2012.06.24 12:53:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{82EFF304-2C5C-4790-8216-0F73A10F2E89}
[2012.06.23 13:25:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{3D340FD7-A902-4351-A657-83E8819B4F77}
[2012.06.23 13:24:57 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{29AFFE9F-9362-4B89-BCBC-E9D7A4C9E6A2}
[2012.06.22 12:45:26 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\watten
[2012.06.22 12:25:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{9344B216-9873-4136-B514-33AC7BDC3713}
[2012.06.22 12:24:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{7E464F64-BD62-462D-8638-1AEDCE823486}
[2012.06.21 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{2D47C91F-AA99-4825-8E5D-0E050458003E}
[2012.06.21 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\{EC34B7E6-43C1-4B7E-BC10-0DE391FED86D}
[2012.06.21 12:34:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2012.06.21 12:34:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Windows Live Writer
[2012.06.21 11:35:19 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.06.21 11:34:34 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.06.21 11:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.06.21 11:22:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Windows Live
[2012.06.20 19:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.06.20 19:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.06.16 13:44:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2012.06.13 17:13:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 17:13:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 17:13:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 17:13:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 17:13:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 17:13:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 17:13:44 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 17:13:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 17:13:42 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 17:13:42 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 17:13:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 17:13:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 17:13:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 16:57:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 16:57:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 16:57:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 16:57:33 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 16:57:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 16:57:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.13 16:57:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 16:57:23 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 16:57:23 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.10 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Steganos VPN
[2012.06.10 11:09:56 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Steganos
[2012.06.10 11:09:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steganos
[2012.06.07 18:08:12 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Concord Gaming
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[14 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 22:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.05 22:48:04 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:48:04 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.05 22:40:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.05 22:40:34 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 22:40:32 | 001,379,956 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.07.05 22:38:57 | 000,025,855 | ---- | M] () -- C:\Users\Chris\Desktop\adf.jpg
[2012.07.05 21:19:06 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.04 15:09:53 | 000,175,442 | ---- | M] () -- C:\Users\Chris\Desktop\SparkasseTrojaner 2.JPG
[2012.07.04 15:09:08 | 000,147,888 | ---- | M] () -- C:\Users\Chris\Desktop\SparkasseTrojaner 1.JPG
[2012.07.01 13:58:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.01 13:58:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.29 00:16:31 | 000,000,222 | ---- | M] () -- C:\Users\Chris\Desktop\L.A. Noire.url
[2012.06.26 23:28:50 | 000,017,408 | ---- | M] () -- C:\Users\Chris\AppData\Local\WebpageIcons.db
[2012.06.14 15:32:05 | 000,344,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.13 17:21:14 | 001,638,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.13 17:21:14 | 000,698,754 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.13 17:21:14 | 000,652,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.13 17:21:14 | 000,148,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.13 17:21:14 | 000,121,668 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[14 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.05 22:38:57 | 000,025,855 | ---- | C] () -- C:\Users\Chris\Desktop\adf.jpg
[2012.07.05 21:19:06 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.05 21:02:54 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.07.05 21:02:54 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.07.04 13:46:15 | 000,175,442 | ---- | C] () -- C:\Users\Chris\Desktop\SparkasseTrojaner 2.JPG
[2012.07.04 13:45:42 | 000,147,888 | ---- | C] () -- C:\Users\Chris\Desktop\SparkasseTrojaner 1.JPG
[2012.07.01 13:58:04 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.29 00:16:31 | 000,000,222 | ---- | C] () -- C:\Users\Chris\Desktop\L.A. Noire.url
[2012.06.26 23:27:46 | 000,017,408 | ---- | C] () -- C:\Users\Chris\AppData\Local\WebpageIcons.db
[2012.06.21 11:34:24 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.06.21 11:33:51 | 000,001,380 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.06.21 11:33:14 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.06.21 11:32:39 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.23 01:46:11 | 000,004,906 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2012.03.04 15:12:05 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2012.01.23 22:06:20 | 000,052,546 | ---- | C] () -- C:\Users\Chris\.TransferManager.db
[2011.12.26 23:55:06 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Nadeo.ini
[2011.12.25 23:17:50 | 011,779,536 | ---- | C] () -- C:\Users\Chris\mowl.wav
[2011.12.05 21:20:03 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.29 16:19:34 | 002,471,296 | ---- | C] () -- C:\Users\Chris\about.wav
[2011.07.08 22:51:17 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.06.20 15:03:53 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.05.16 20:27:32 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.28 13:06:39 | 000,000,035 | ---- | C] () -- C:\Windows\Worldbuilder.INI
[2011.04.16 14:01:45 | 000,000,099 | ---- | C] () -- C:\Windows\abreg.ini
[2011.03.12 00:49:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.03.02 07:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 07:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 07:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 07:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 07:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.27 22:39:38 | 000,131,116 | ---- | C] () -- C:\Users\Chris\ts3_recording_10_12_27_21_39_34.wav
[2010.11.11 19:06:38 | 000,119,464 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.10.28 17:20:42 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.09 15:12:50 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2010.10.09 15:12:50 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2010.07.27 22:37:55 | 001,594,162 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.11 08:24:39 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
 
========== LOP Check ==========
 
[2011.07.24 22:42:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Amazon
[2012.06.10 12:06:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\autobingooo
[2010.10.06 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\BlackBean
[2011.03.08 15:01:21 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010.09.18 19:44:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Lite
[2010.09.18 19:50:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2011.12.05 21:20:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DesktopIconForAmazon
[2011.09.23 18:47:00 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoft
[2011.09.23 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.10 22:01:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\elsterformular
[2011.03.01 20:46:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FileZilla
[2012.05.20 19:51:46 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Firefly Studios
[2011.06.17 14:59:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Free Audio Editor
[2011.04.21 21:55:09 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2012.02.25 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HEM Data
[2012.06.01 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HLSW
[2012.02.25 16:39:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\HoldemManager
[2012.07.05 22:39:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ICQ
[2011.08.24 20:14:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\kikin
[2010.06.17 17:28:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Leadertech
[2011.05.22 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OCS
[2011.05.29 12:54:57 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\OpenCandy
[2011.05.22 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Opera
[2011.10.19 16:48:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Origin
[2010.12.23 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ProtectDISC
[2010.09.17 18:48:12 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\RigNRoll_usa_ws
[2012.05.22 20:13:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Samsung
[2012.07.05 21:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Simply Super Software
[2012.06.10 11:10:04 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Steganos
[2012.06.10 11:10:34 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Steganos VPN
[2012.07.05 22:02:30 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TeamViewer
[2012.05.22 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Temp
[2012.04.23 13:36:14 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TS3Client
[2012.01.29 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2011.06.14 18:47:11 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Ubisoft
[2010.09.18 20:08:26 | 000,000,000 | --SD | M] -- C:\Users\Chris\AppData\Roaming\Virtual CD v10
[2012.06.21 12:39:49 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Windows Live Writer
[2012.05.31 20:49:19 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\wsIRC
[2012.06.16 13:41:32 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:117E206F

< End of report >
--- --- ---


Inhalt Extra.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 05.07.2012 23:34:34 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,59% Memory free
8,00 Gb Paging File | 5,45 Gb Available in Paging File | 68,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 110,25 Gb Total Space | 24,47 Gb Free Space | 22,20% Space Free | Partition Type: NTFS
Drive D: | 122,53 Gb Total Space | 64,73 Gb Free Space | 52,83% Space Free | Partition Type: NTFS
Drive E: | 148,50 Gb Total Space | 86,17 Gb Free Space | 58,03% Space Free | Partition Type: NTFS
 
Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Chris\Downloads\facebook-pic000934519.exe" = C:\Users\Chris\Downloads\facebook-pic000934519.exe:*:Enabled:Windows Services
"C:\Users\Chris\Downloads\facebook-pic000934519.exe" = C:\Users\Chris\Downloads\facebook-pic000934519.exe:*:Enabled:Windows Services
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00264228-E7C0-4AA0-B95F-A4FFF71BD68F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01312FDA-0159-4FE9-A183-892EB16FEE42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13728E02-66C2-4767-BEB1-B6827CA4867F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1975ADB4-D15C-4B5B-B22A-6BB7EA9EE982}" = rport=445 | protocol=6 | dir=out | app=system |
"{1C55FB4D-6A84-43F4-B86C-CEF831E0C265}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27877871-3409-4861-9415-8B9B02C28874}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3E90D71B-25F5-4F9F-84FD-9E1B65539BD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4D937C36-9DB6-4F6E-9D49-0A824B9C17A4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54FE9152-7528-447E-A8B1-8BFE44BB55E7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{575F749A-A62B-40C3-B1CB-F8AE225CF827}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BB74650-3887-401F-915C-A3F6447D64E2}" = lport=137 | protocol=17 | dir=in | app=system |
"{5C528581-567A-4891-B89D-A67D181F4BB9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5F1997A4-F933-4B7E-B17F-55A3A9D2223B}" = lport=138 | protocol=17 | dir=in | app=system |
"{647B5202-0DEF-4A56-9480-6FF722935FB1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70C5F7A5-A9CB-43D7-A454-003409361697}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{88A50E72-0795-46A7-B512-58216005EF74}" = lport=445 | protocol=6 | dir=in | app=system |
"{9A6603A6-8631-49D6-BDD9-76A4F40BAFE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ADA5675-BBB7-4104-B705-FF72DEFB2953}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AA9CC5A2-72F7-4CAE-937A-06ED25771C19}" = rport=138 | protocol=17 | dir=out | app=system |
"{AB10D9A8-F8B4-4636-BF82-B6BD138397F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF2AC679-D5A2-4D8C-87DC-98BB11F2E70C}" = rport=137 | protocol=17 | dir=out | app=system |
"{B068D944-F76F-4BF5-98BA-0A656533E95E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1F8BDF0-9247-42AA-9A40-395562205F41}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C2D0C2AC-5F17-46AF-9E02-9B1C3791BD12}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C43AE3D8-C193-41D3-99BA-DD26646C0DAC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C51B8268-6AC1-42D7-8AF6-059D0A424D70}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5881B28-72B6-437D-B640-91A56E3189BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6FB24B9-0D35-4114-9833-C22C40DB7D9E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D88080C1-A263-4BE7-AAFF-05A9BB85CDA7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E33B69AD-0840-4CEF-A557-36D057F3484E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{E7FF9CE2-D972-4B9B-ABDA-82AC52A1D7B0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EC3035BE-C0E2-4E51-920C-D209BFF06448}" = lport=139 | protocol=6 | dir=in | app=system |
"{F21A46D8-A4C7-4E00-9C47-AA2DE300D1EC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FC23CA12-9FB9-40CA-A796-EE9B5FA400BF}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{FE7B8D3D-3937-4E6A-953B-C950DEC56474}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF31BCB3-9938-4252-9346-ACBA5AD2D2D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFBD23A7-59FD-4DEF-9542-077EA6A65563}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013E451D-D7CC-4146-AF0A-68DD84C8BF50}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E600420-B552-4A35-9779-431EA7EB1CDF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{143EF6C0-490E-4246-B457-F476A1DDEF16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EA08503-B38E-4338-8E93-099EFCAB212A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20752B04-580E-4E56-A7C3-CFF0BDC229BE}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{32646F63-4562-485D-8C73-94979B6FEF5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{34E94460-0DA1-4612-9505-61E675989A17}" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{37094289-4A20-453B-8332-1EEA003E906C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{383F700C-C3D5-4806-A277-0672CACB93C1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{3A95667D-B410-4BC2-99D9-E8FBE47BDC66}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3F135A9C-87A6-4655-92E5-7E26D0F8FB9A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{3F4E442B-AC21-4718-84C3-DD315C1F63AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\half-life\hl.exe |
"{404DF3E2-4E13-4279-A631-B49480ED9B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{452497FF-F975-492B-89B0-46CA3A91B710}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{4A560B73-CEE1-41B3-B4CB-BCB7E69EB9F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{4B47D284-CE08-448C-8A21-E73E8D695D0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4BB08160-CFA8-4BBC-BCA9-710825899CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4C11A9F4-D527-48DD-BCCE-66D0FCEDC2EC}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4F24ECF6-765B-4FF6-BB98-44C3C9C5FF0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50850C73-916F-47AF-A421-A85D8F1489AB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{53025302-6540-4DB8-B483-258B8A53B7F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55AF43CF-561E-4E79-9EEC-4038189A3CC7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{58A1C422-3678-45F1-BDF9-DC5F768F3D1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5A480B1C-D6B2-465C-8753-8E13B607F42D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike\hl.exe |
"{5A731144-1D85-4B7C-81AA-A528B38D0C5D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DBBF24A-CCD4-4C97-8AAD-2587FEEB14ED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5E3898A7-996E-4DA5-8622-9C1EA3493BD2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{61621D8E-26DD-4672-A741-3779A1B2C6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike source\hl2.exe |
"{63EFA679-E09D-46FD-8482-88EE00C10541}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65193338-FE55-4B27-A693-DDC2AB9586C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{6583236E-A6E7-4936-9079-56A91885FA72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FEA14D3-4448-4F63-99B9-F2EF04DD3A5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike source\hl2.exe |
"{75E31F8D-42A2-4BC4-91CF-824B58D51BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{76551805-D35B-445B-A9C6-B01A32476409}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{775534B7-02F8-4728-B5F2-5DF3EB02333C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{77DD9775-61E0-492E-8CC1-A9CD1CF08BE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{788AE44F-E265-43D2-94E7-C6CDCC09ED26}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{7A2F6BC4-C046-494C-822C-B36801A9BF3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7D4B1C23-57BC-4C2F-BA69-8AF2367F2F09}" = protocol=6 | dir=out | app=system |
"{7ED423D2-D01E-4CB0-AAFB-1783772D2B43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike\hl.exe |
"{808A7378-B29F-4CE8-AE5F-9C90B49486F0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8363C5FD-29C9-481C-9A7A-4B6EBDBB0CF2}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{869E68A8-33E4-4ECB-BF4F-A6A66A3B11EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike source\hl2.exe |
"{8764B08F-1416-4CA2-B4EE-61ADEBE3B233}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |
"{91222277-9928-4753-9051-169B1C1AC90A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9B388383-DB50-4345-A046-975FD90C434E}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii\diablo iii.exe |
"{9C2E83E7-09F7-4E1B-B10A-6AC3AC946B43}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FAB7EBF-96B8-471F-99D0-54DE6C0CEFCE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A66FD47F-341C-4C93-8503-1852551B14F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A6CB03AB-7D55-48C0-B26F-2596C9722788}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{A7D9D4A5-F174-42A7-8827-D485B258D567}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB91A693-E3F9-4323-9C15-6F1EA0C5EA41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe |
"{AD98438F-66BD-4837-AD83-01690CAE9ED8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B35322D8-10BD-4EDF-9916-08E4948A0A7E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{B3EA4C5A-83A8-48C7-9CC3-BA2882006633}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike\hl.exe |
"{B4D7535E-9A1B-4283-9518-FA9C5C1FE15A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B5123FD8-0F62-43A5-BF89-4B57A6EACC7F}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{B588F7D1-6945-4642-A8EA-21F58A15020A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B9FFAB4C-185B-4486-9587-A81701BF021E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike source\hl2.exe |
"{BD1E972A-515A-419E-8B86-31CF30AC9AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{BF4A5F16-EBA1-46A0-B006-C387D5E07215}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CB3ED1EA-23F7-4F39-813E-122BD848C92C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF1D8F0D-00F6-4733-929B-1E5FAA9C17AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D41B96A6-0269-4201-8BD1-6847439D2178}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{D95418E5-5849-4971-9C7E-D1E97F724CB2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF7FA452-5E6D-4010-AF27-865843339671}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E4B04274-1EE6-43C8-B968-FC3058AC80FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E648B817-FA85-41FA-A699-3F81288811E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E650B453-57B9-4C75-9D50-F267CA60A3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\counter-strike\hl.exe |
"{E6D8E6BB-0781-400D-964D-D3BFFB7512FC}" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{E94DAE9C-9291-4236-A137-D73D930486C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\l.a.noire\lanlauncher.exe |
"{E96D6973-4812-4094-B65A-EA4A72749BF2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F3539DEE-88CB-4C61-8D33-537D92F64E73}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4628ECC-9F6F-4ECF-8D50-8E0FF04148D7}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{F9110445-16EA-4B9E-971B-DA5FA68B9F37}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{FDAADAB7-1B39-4EBE-B3F7-FDE9C32D3E24}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\kamikazeflamer\half-life\hl.exe |
"{FF9757C1-DE13-4D18-B227-D205A0B66B12}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{082858D4-6DDF-4D75-A945-C4212428081C}C:\program files (x86)\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
"TCP Query User{0D7E1257-A647-4859-8765-14D72C2C6A9D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{34FEC60A-903E-4934-A785-E9FDEF9D75CE}D:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ea sports\fussball manager 11\manager11.exe |
"TCP Query User{74A666D0-A31E-4D2D-863A-12D870884B6D}D:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\rockstar games\eflc\eflc.exe |
"TCP Query User{7E9E119C-7652-49DB-954C-F7C191BE6744}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{800E7F13-9AE9-4AC5-98C0-239158B4F0F8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{94705DDA-65A4-47EA-B2A5-672001991629}D:\games\cnc tiberium wars kane edition\retailexe\1.9\cnc3game.dat" = protocol=6 | dir=in | app=d:\games\cnc tiberium wars kane edition\retailexe\1.9\cnc3game.dat |
"TCP Query User{9C5F10E3-7108-4187-8481-45C4F063CB16}C:\program files (x86)\qip infium\infium.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"TCP Query User{9EEDBFB9-0E45-4516-81CC-C263C1361DAD}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{B2427541-6C38-4871-944B-07A206C835FC}C:\program files (x86)\steam\gameoverlayui.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\gameoverlayui.exe |
"TCP Query User{B8B04E87-41FA-4896-BD8F-079952F89312}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{CE3B370B-6099-4E09-9A79-58844B657DD0}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{D7F7656A-0A4F-4A7B-A1CC-D841C869DC04}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"TCP Query User{D8FB2768-5A0F-41AF-BD09-5492014BE1CC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{DFF73F80-54BB-4483-9AE3-C07DCCA0C611}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{1D3ECF0A-4309-4FF9-B226-02DF76923D6A}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{32EEA794-4B33-4C46-81D5-36A9F53D551F}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{3A0E7C12-FC31-4D24-B574-21C550BC58E2}D:\program files (x86)\ea sports\fussball manager 11\manager11.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ea sports\fussball manager 11\manager11.exe |
"UDP Query User{48226B3B-DE4B-43BA-93D8-CBC71E212BCF}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{4ACD7F97-9928-4301-8363-20518CF731D3}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe |
"UDP Query User{54E824E1-8982-484C-9832-0513D586C27A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{7B7D1432-CCAA-4B42-9256-8B27146600E4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{9E181C21-DE22-4237-A363-8F2462F2032B}D:\games\cnc tiberium wars kane edition\retailexe\1.9\cnc3game.dat" = protocol=17 | dir=in | app=d:\games\cnc tiberium wars kane edition\retailexe\1.9\cnc3game.dat |
"UDP Query User{A5A0A2CA-13B0-4687-AB80-DDC41E4CE225}C:\program files (x86)\qip infium\infium.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip infium\infium.exe |
"UDP Query User{A5FE43AA-A1E7-41CF-8B66-B38888CE7126}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B434DD9E-9320-4900-8E0D-B8E82FFF2212}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D1078630-4823-4A55-B926-65F8FD575589}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DA0E043A-E8B8-4890-B643-D70CD18CB625}D:\program files (x86)\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\rockstar games\eflc\eflc.exe |
"UDP Query User{DDDAD039-0298-4F8E-AC3A-361544192D6A}C:\program files (x86)\steam\gameoverlayui.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\gameoverlayui.exe |
"UDP Query User{E1D68850-172A-45D9-BE67-AB5153086C5D}C:\program files (x86)\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hlsw\hlsw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{183C740A-0406-380F-A235-2EC2F8A28D13}" = Microsoft Windows SDK MSHelp (30514)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x64
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC84C1E9-F4D4-4B8E-B35C-C88EEA0A5201}" = O&O Defrag Professional
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"DesktopIconAmazon" = Desktop Icon für Amazon
"ESL Wire_is1" = ESL Wire 1.10.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.7 Build #6082 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21000000-0000-0000-0000-000000000000}" = EBA
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EC136321-1AE5-4A7F-B01C-5380D666175B}" = ICQ Sparberater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.70
"AutoBINGOOO_is1" = AutoBINGOOO 3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Electronic Arts Game Updater" = Electronic Arts Game Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Fraps" = Fraps
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"HLSW_is1" = HLSW v1.2.1.2
"InstallShield_{21000000-0000-0000-0000-000000000000}" = BMW EBA
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"mIRC" = mIRC
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PokerStars" = PokerStars
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 10" = Counter-Strike
"Steam App 110800" = L.A. Noire
"Steam App 240" = Counter-Strike: Source
"Steam App 50130" = Mafia II
"TmUnitedForever_is1" = TmUnitedForever Update 2010-03-15
"Trojan Remover_is1" = Trojan Remover 6.8.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"FileZilla Client" = FileZilla Client 3.2.4.1
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 07:50:28 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00164317  ID des fehlerhaften Prozesses: 0x16e4  Startzeit
 der fehlerhaften Anwendung: 0x01cd5848da834678  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 1dbf2e34-c43c-11e1-b440-00ff01000001
 
Error - 02.07.2012 08:04:26 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LANoire.exe, Version: 2613.1.0.0,
 Zeitstempel: 0x4f4771ad  Name des fehlerhaften Moduls: LANoire.exe, Version: 2613.1.0.0,
 Zeitstempel: 0x4f4771ad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00aa82bb  ID des fehlerhaften
 Prozesses: 0x1004  Startzeit der fehlerhaften Anwendung: 0x01cd5848aa66de97  Pfad der
 fehlerhaften Anwendung: C:\program files (x86)\steam\steamapps\common\l.a.noire\LANoire.exe
Pfad
 des fehlerhaften Moduls: C:\program files (x86)\steam\steamapps\common\l.a.noire\LANoire.exe
Berichtskennung:
 11639e72-c43e-11e1-b440-00ff01000001
 
Error - 02.07.2012 08:06:25 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00155813  ID des fehlerhaften Prozesses: 0x15c0  Startzeit
 der fehlerhaften Anwendung: 0x01cd584b188fb814  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 5805e148-c43e-11e1-b440-00ff01000001
 
Error - 02.07.2012 08:06:27 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00164317  ID des fehlerhaften Prozesses: 0x15c0  Startzeit
 der fehlerhaften Anwendung: 0x01cd584b188fb814  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 5965d86e-c43e-11e1-b440-00ff01000001
 
Error - 02.07.2012 14:28:19 | Computer Name = Chris-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in  Manifest- oder
Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 02.07.2012 16:56:01 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00155813  ID des fehlerhaften Prozesses: 0x17d8  Startzeit
 der fehlerhaften Anwendung: 0x01cd589514010f99  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 53f3593b-c488-11e1-b440-00ff01000001
 
Error - 02.07.2012 16:56:07 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00164317  ID des fehlerhaften Prozesses: 0x17d8  Startzeit
 der fehlerhaften Anwendung: 0x01cd589514010f99  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 57cad340-c488-11e1-b440-00ff01000001
 
Error - 03.07.2012 08:51:46 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OkayFreedomClient.exe, Version: 1.0.0.10042,
 Zeitstempel: 0x4fbfc7e1  Name des fehlerhaften Moduls: OkayFreedomClient.exe, Version:
 1.0.0.10042, Zeitstempel: 0x4fbfc7e1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001a0a0
ID
 des fehlerhaften Prozesses: 0x8d4  Startzeit der fehlerhaften Anwendung: 0x01cd591675bd9a08
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\OkayFreedom\OkayFreedomClient.exe
Berichtskennung:
 d8872ff2-c50d-11e1-ac91-00ff01000001
 
Error - 03.07.2012 10:34:38 | Computer Name = Chris-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\Nero\nero toolkit\nero discspeed\DiscSpeed.exe". Fehler in  Manifest- oder
Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 04.07.2012 09:15:21 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00155813  ID des fehlerhaften Prozesses: 0x1838  Startzeit
 der fehlerhaften Anwendung: 0x01cd59e70ed7e9a9  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 4e42271b-c5da-11e1-927f-00ff01000001
 
Error - 04.07.2012 09:15:29 | Computer Name = Chris-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Social Club v1.0.6.1 to v1.0.6.6
Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000  Name des fehlerhaften Moduls:
 Social Club v1.0.6.1 to v1.0.6.6 Updater.exe, Version: 1.0.5.0, Zeitstempel: 0x00000000
Ausnahmecode:
 0xc0000005  Fehleroffset: 0x00164317  ID des fehlerhaften Prozesses: 0x1838  Startzeit
 der fehlerhaften Anwendung: 0x01cd59e70ed7e9a9  Pfad der fehlerhaften Anwendung:
C:\Program Files (x86)\Rockstar Games\Social Club\Social Club v1.0.6.1 to v1.0.6.6
 Updater.exe  Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Rockstar Games\Social
 Club\Social Club v1.0.6.1 to v1.0.6.6 Updater.exe  Berichtskennung: 5332842c-c5da-11e1-927f-00ff01000001
 
[ System Events ]
Error - 05.07.2012 16:40:30 | Computer Name = Chris-PC | Source = Ntfs | ID = 262281
Description = Auf dem Volume "E:" konnte der Transaktionsressourcen-Manager aufgrund
 eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in
 den Daten enthalten.
 
Error - 05.07.2012 16:40:55 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  sptd
 
Error - 05.07.2012 16:42:58 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 05.07.2012 16:42:58 | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 05.07.2012 17:31:30 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 05.07.2012 17:31:34 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 05.07.2012 17:31:39 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 05.07.2012 17:31:45 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 05.07.2012 17:31:50 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 05.07.2012 17:31:54 | Computer Name = Chris-PC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >
--- --- ---


hat sich erledigt - thread kann gelöscht werden, danke!

Da GuRu 11.07.2012 23:17
Hallo,

danke für die Rückmeldung... ich nehme an, Du hast Windows neu aufgesetzt?

Weiterführendes:
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html

frzr 12.07.2012 15:15
Hallo Da Guru,

ja - ich habe mich dann doch relativ schnell dazu entschieden, meinen PC neu aufzusetzen.. sorry. wurde ohnehin wieder mal fällig, nachdem er nicht mehr der schnellste war. :-)
Läuft jetzt wieder ohne Probleme - habe auch danach nochmal Malwarebytes drüberlaufen lassen.

Grüße,


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:50 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132