Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


Log-Analyse und Auswertung: Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 01.12.2011, 23:39   #1
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


Hallo,

ich habe leider seit längerem schon den Bundespolizeitrojaner auf meinem Rechner. Habe es zwar soweit hinbekommen, dass er sich nicht aktiviert, aber er ist ja noch da. Ebenso meldet sich seit 3 Tagen mein Antivir und postet mir ständig Nachrichten über einen Spy.Banker.Gen2-Trojaner und andere Freunde.

OTL-File:

Code:
ATTFilter
OTL logfile created on: 01.12.2011 22:42:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 37,26% Memory free
6,19 Gb Paging File | 4,14 Gb Available in Paging File | 66,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 166,85 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\Temp\gis127e14\GoogleUpdater.exe (Google)
PRC - C:\Programme\FSP\FspUip.exe (Sentelic Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Roaming\5052\components\AcroFF052.dll ()
MOD - C:\Users\***\AppData\Roaming\5051\components\AcroFF051.dll ()
MOD - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}\components\RadioWMPCoreGecko5.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Programme\K-Lite Codec Pack\ffdshow\ffdshow.ax ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\FSP\FspLib.dll ()
MOD - C:\Programme\FSP\KbdHook.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (PCD65X2) -- C:\Users\***\AppData\Local\Temp\PCD65X2.sys ()
DRV - (SSHDRV65) -- C:\Windows\System32\drivers\SSHDRV65.sys ()
DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                           )
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.jetztspielen.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677}:3.2.5.2
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 16:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.12 18:52:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5052 [2011.12.01 22:15:09 | 000,000,000 | ---D | M]
 
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.18 06:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions
[2010.06.14 06:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.13 10:52:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.18 06:11:34 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2011.11.18 06:11:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.29 16:12:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\vshare@toolbar
[2011.10.19 07:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.11 23:04:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.07 07:21:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.18 15:37:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.18 15:37:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.11.26 15:21:44 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5050
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMKHP7PM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011.07.02 16:17:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.06 16:07:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.06 16:07:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.06 16:07:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 16:07:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.06 16:07:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.06 16:07:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.gif
[2010.01.15 17:59:44 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.src
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Userinit] C:\Users\***\AppData\Roaming\appconf32.exe ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF1B4EB-1134-4AB9-8FBB-CEE5E3C3499A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.01 22:24:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.01 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5052
[2011.11.30 20:28:21 | 000,000,000 | ---D | C] -- C:\avrescue
[2011.11.30 00:51:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5051
[2011.11.26 15:21:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5050
[2011.11.24 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5049
[2011.11.24 00:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5048
[2011.11.23 08:51:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5047
[2011.11.23 08:51:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.11.23 08:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.11.18 03:04:21 | 000,000,000 | -HSD | C] -- C:\found.001
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.01 22:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.01 22:22:25 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.01 22:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.01 22:14:11 | 000,000,072 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.12.01 22:09:52 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.01 22:09:51 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.12.01 22:08:54 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.01 22:08:28 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.01 22:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.01 22:08:26 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 19:44:19 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.29 19:44:19 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.29 19:44:19 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.29 19:44:19 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.29 19:36:16 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.24 00:11:02 | 000,016,693 | ---- | M] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:47 | 000,016,083 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:31 | 000,044,392 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.24 00:11:01 | 000,016,693 | ---- | C] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:46 | 000,016,083 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:27 | 000,044,392 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[2011.11.23 08:51:30 | 000,000,072 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.04.25 13:23:20 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.04.25 13:23:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.09.16 11:33:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.08.02 10:47:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 12:41:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.08 12:41:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.08 12:41:54 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.07.08 12:41:54 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.08 12:41:53 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.28 16:22:39 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 16:25:33 | 000,120,320 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV65.sys
[2009.12.17 19:07:22 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.17 16:50:02 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\C4ADB889A8.sys
[2009.12.17 16:49:58 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.17 16:46:29 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.13 09:37:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009.11.12 22:29:19 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.12.09 16:23:13 | 000,050,744 | RHS- | C] () -- C:\Users\***\AppData\Roaming\appconf32.exe
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,355,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
 
========== LOP Check ==========
 
[2011.11.23 08:51:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5047
[2011.11.24 00:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5048
[2011.11.24 19:18:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5049
[2011.11.26 15:21:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5050
[2011.11.30 00:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5051
[2011.12.01 22:15:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5052
[2011.08.05 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.14 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.24 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeDoko
[2011.11.18 06:10:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.04.25 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2011.11.23 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.06.24 13:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.20 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2009.11.12 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.11.30 00:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011.11.29 19:35:27 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.01 22:09:51 | 000,000,242 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.11.11 21:56:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.26 17:23:51 | 000,000,000 | ---D | M] -- C:\7a8ebb5e513f4f390465e6
[2011.11.30 20:28:21 | 000,000,000 | ---D | M] -- C:\avrescue
[2009.06.09 12:51:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.11 21:53:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.10 10:55:43 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.11.18 03:04:21 | 000,000,000 | -HSD | M] -- C:\found.001
[2010.05.04 20:07:50 | 000,000,000 | ---D | M] -- C:\games
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010.10.22 15:46:46 | 000,000,000 | ---D | M] -- C:\LEMMINGS
[2009.06.10 16:02:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.01 22:33:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.26 08:19:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.11 21:53:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.19 17:03:37 | 000,000,000 | ---D | M] -- C:\Programs
[2011.12.01 22:46:19 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.11 21:56:37 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.13 10:52:24 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.17 08:46:06 | 000,000,000 | ---D | M] -- C:\wlbinaries
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-22 18:52:03
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F34C507

< End of report >
OTLextra-File:

Code:
ATTFilter
OTL Extras logfile created on: 01.12.2011 22:42:57 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 37,26% Memory free
6,19 Gb Paging File | 4,14 Gb Available in Paging File | 66,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 166,85 Gb Free Space | 62,07% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25BB81FC-75E2-4E56-A0EA-B1643D692DCC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{275ED65C-AE13-4CF2-96B4-4A274E95B3DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B48F475-A803-4B8F-AEA9-DD423944564D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{30C30EB7-E32F-4097-B5FC-9B5B97BD506A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3BCC61EB-058B-4ACA-A405-FDE6BD6925C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{666D244B-2C97-4E7B-AB7B-80BEF4E62BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{703215FF-949F-4934-8A67-65B91014FB53}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7DE4E2E5-1EDF-4C9B-8D62-1AFFD74BF96F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F33350C-96F1-4E59-BC83-3C2DE6D05EC7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F48D5AD-7C2F-4372-A1A3-FADC27893253}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F0CC9D3-C245-4E37-9828-FC65DEFFA336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E0B6DA0F-F178-4DE7-AD91-4D83E92D9AA0}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15841BA2-6374-490E-8586-98061B9A1302}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2AC38F36-C224-41ED-94BC-96FC0F7ED8C3}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{31252298-13B4-4297-814A-6E31B4E954D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{360D637E-ECC6-49B3-B941-A264E2A414F3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{40BDB3C5-6A3C-4898-AC2D-373135F0B38D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{43AC1576-A8F3-462D-A4AB-6C956748518A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{48151DDE-2F0B-4D8A-BB9F-51CC411CC9E9}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{5EEC18E1-09A0-4335-BC95-A9B702AE2243}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6B262047-757D-4D6D-AC28-1D986C5B6351}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{77C12342-483E-439E-B6DE-A14AB9D7FCA8}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{7F078B1E-866E-4DE2-838F-D6F27DEBA8A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8ADDF7A0-43C9-40AF-B8B8-2AD411D999C0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{8EE6521A-D7A7-4C8C-BC70-3E2B20F80856}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{98A2211D-00DB-4B27-B899-1B5218BA0B97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1044F6C-AF40-40F4-96CE-FF7DA8A4D8AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA5FD6A2-EA19-4BC3-95E4-C8A62BB712F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB19793B-DBE2-4286-86D1-535D15AB4061}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{ADEFCE19-888F-4656-9FA1-F5358FBDC5BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B4987823-A19C-40C1-B8DE-91B0E720FF7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B5E5CCE0-8B4E-482A-B488-99C97960DF3C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C43DEB87-3C56-4EAE-95C3-633782272201}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CC2D2524-E6D7-4CA4-9972-C4B263407A86}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{D27030F1-E046-40B3-9BCE-A3A7252E2DCD}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{D37868C5-1B8E-4496-BFAC-DB707B0C2446}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7420CC6-93CD-4ABD-A698-4FA54B3D556F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5278594-E4D5-49E7-9731-8BFEBA3277CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E82C1168-4844-4D34-8517-D5C8C9E389B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EEB2134F-1C31-422D-A961-41D0BA4743CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{280AC6F6-CEFF-42BD-8044-FC8536FC30FD}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{5148B8B5-A462-4CA1-BB01-72AF7CB21692}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{55804B15-69C7-4E74-8E72-162219CD3004}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{66DF4831-7135-44AB-8AA3-B807D5CF1E4F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{739A78C0-FE3A-4BF5-A2C2-27BCA058A7F2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{8EF2DF35-5EE1-4A5F-AB0C-E56758841E8E}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{E4752B4C-3F59-400B-BCEE-9ED5A691F0C4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{EF153DF2-1B8E-4A66-A6DB-3E223E0082BB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{2272DA4F-A629-4837-9671-D4BDBB6011BB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2FD01AC9-1FB7-4E05-95D1-E1524A1E66E3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{52672968-F11E-4D2F-8109-11C7B66B3900}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{5402C549-952D-4A18-B983-A0269B79EDF1}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{A3791961-1C8B-4524-8094-1E845A3414EC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{CAA2BC11-7CD5-42EA-AD40-34AE78B99560}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{D3474C55-46A0-45F9-BCD2-CBD3E2956E3D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{DE2BD5BD-6D37-49B1-8985-F0F06717124B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.56
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.56
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Cinderella 2.0" = Cinderella 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IsoBuster_is1" = IsoBuster 2.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"RTPatch_is1" = RTPatch Update
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ws4.webspeech" = G DATA WebSpeech 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2011 10:51:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.06.2011 06:02:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.06.2011 06:02:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.06.2011 06:03:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2011 06:23:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.06.2011 06:23:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.06.2011 06:24:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.06.2011 02:33:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.06.2011 02:33:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.06.2011 02:34:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 27.11.2011 05:32:07 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.11.2011 um 10:18:46 unerwartet heruntergefahren.
 
Error - 27.11.2011 05:33:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 27.11.2011 05:34:58 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 29.11.2011 13:54:49 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 29.11.2011 14:38:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 29.11.2011 14:38:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 29.11.2011 14:39:35 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 29.11.2011 14:42:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.11.2011 14:18:06 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 01.12.2011 17:09:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
 
< End of report >

Alt 02.12.2011, 09:41   #2
kira
/// Helfer-Team
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Windows Defender:
Parallel zu ein AV-Programm nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
Windows Defender komplett deaktivieren

Start => Systemsteuerung => Klassische Ansicht => Windows Defender oder
Windows Defender starten (C:\Programme\Windows Defender\MSASCui.exe)

Extras => Optionen => Automatische Überprüfung => Haken bei "Computer automatisch überprüfen" entfernen.
Extras => Optionen => Echtzeitschutz => Haken bei "Echtzeitschutz aktivieren" entfernen.
Extras => Optionen => Administrator => Haken bei "Dieses Programm verwenden" entfernen.

Start => services.msc ins Suchfeld eingeben.
Es öffnet sich das Fenster der Dienste
Doppelklick auf den Dienst "Windows Defender"
Starttyp auf "Manuell" umstellen.
Dienststatus beenden, falls der Dienst noch gestartet ist.
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> "Stop" -> Starttyp "Deaktiviert" auswählen

2.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
  • - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
    - starte gmer.exe
    - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
    - bitte nichts am Pc machen während der Scan läuft!
    - klicke auf "Scan", um das Tool zu starten
    - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
    - mit "Ok" wird GMER beendet.
    - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

3.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
  • Downloade die MBR.exe von Gmer und
    kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
    Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  • Start => ausführen => cmd (da reinschreiben) => OK
    es öffnet sich eine Eingabeaufforderung.

    Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  • Nach dem Prompt (>_) folgenden

    aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
    Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.

    Code:
    ATTFilter
    mbr.exe -t > C:\mbr.log & C:\mbr.log
    (Enter drücken)
  • Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
    Bitte kopiere den Inhalt hier in Deinen Thread.

4.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

5.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.


  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________
Alt 02.12.2011, 14:03   #3
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


Danke für die schnelle Antwort

Werde die Schritte morgen durchgehen und alles posten, bin heute durch die Arbeit etc. verhindert.
__________________
Alt 03.12.2011, 14:28   #4
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


2. funktionierte nicht richtig, da pprogramm stürzte ab

3.
Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD32 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x82062912] -> \Device\Harddisk0\DR0[0x8677F1D8]
3 CLASSPNP[0x8A7AB8B3] -> ntkrnlpa!IofCallDriver[0x82062912] -> \Device\Ide\IAAStorageDevice-1[0x8552B028]
kernel: MBR read successfully
user & kernel MBR OK

Alt 03.12.2011, 19:33   #5
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


4.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8297

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8080.16413

03.12.2011 19:32:35
mbam-log-2011-12-03 (19-32-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 848181
Laufzeit: 4 Stunde(n), 16 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\KCSCPW1HKH (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Malware.Gen) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Kai\AppData\Roaming\appconf32.exe (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\Kai\AppData\Local\Temp\jar_cache622885384975678287.tmp (Trojan.Ransom.BP) -> Quarantined and deleted successfully.
c:\Users\Kai\AppData\Local\Temp\jar_cache8570973935034226122.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\Users\Kai\AppData\Roaming\5050\components\acroff0506.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Users\Kai\AppData\Roaming\5050\components\acroff0507.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Users\Kai\AppData\Roaming\5051\components\acroff0515.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Alt 04.12.2011, 00:15   #6
kira
/// Helfer-Team
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


die Schritte - 5. und 6. bitte noch erledigen!
__________________
--> Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden

Alt 04.12.2011, 15:31   #7
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


5.

OTL:

Code:
ATTFilter
OTL logfile created on: 03.12.2011 19:43:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,92% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 167,32 Gb Free Space | 62,25% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.01 22:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.30 15:47:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 11:04:04 | 002,978,720 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.04.28 17:36:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.11.07 12:59:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.07.28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010.07.28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010.04.12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.07 14:41:38 | 000,745,472 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.07.28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.07.28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010.06.23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010.06.23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010.06.23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010.06.23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010.06.23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010.04.12 23:46:46 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.04.12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.23 14:29:46 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.02.17 11:26:36 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2008.08.28 14:03:22 | 000,233,472 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 15:47:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.09 11:04:04 | 002,978,720 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.04.28 17:36:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 15:47:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 15:47:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.09.05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010.05.27 16:26:13 | 000,124,416 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\PCD65X2.sys -- (PCD65X2)
DRV - [2010.05.27 16:25:33 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2010.05.05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009.11.13 09:37:14 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2009.05.25 07:50:44 | 000,164,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.08 21:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.08 18:02:48 | 000,498,176 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.05.07 16:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.05.01 09:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.12.29 17:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.jetztspielen.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677}:3.2.5.2
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 16:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.12 18:52:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5052 [2011.12.01 22:15:09 | 000,000,000 | ---D | M]
 
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.18 06:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions
[2010.06.14 06:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.13 10:52:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.18 06:11:34 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2011.11.18 06:11:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.29 16:12:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\vshare@toolbar
[2011.10.19 07:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.11 23:04:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.07 07:21:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.04.18 15:37:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.18 15:37:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.12.01 22:15:09 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5052
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMKHP7PM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011.07.02 16:17:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.06 16:07:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.06 16:07:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.06 16:07:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 16:07:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.06 16:07:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.06 16:07:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.gif
[2010.01.15 17:59:44 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.src
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF1B4EB-1134-4AB9-8FBB-CEE5E3C3499A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.03 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.03 14:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.03 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.03 14:31:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.03 14:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 22:24:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.01 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5052
[2011.11.30 00:51:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5051
[2011.11.26 15:21:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5050
[2011.11.24 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5049
[2011.11.24 00:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5048
[2011.11.23 08:51:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5047
[2011.11.23 08:51:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.11.23 08:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.11.18 03:04:21 | 000,000,000 | -HSD | C] -- C:\found.001
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.03 19:41:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.03 19:41:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.03 19:41:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.03 19:41:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.03 19:37:55 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.03 19:36:02 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.03 19:35:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.03 19:35:27 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 19:35:27 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 19:35:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.03 19:35:15 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.03 19:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.03 14:31:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.03 14:22:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.12.03 13:59:01 | 317,344,931 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.02 14:19:44 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\fux2mkuk.exe
[2011.12.01 22:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.24 00:11:02 | 000,016,693 | ---- | M] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:47 | 000,016,083 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:31 | 000,044,392 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.03 14:31:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.03 14:23:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.12.02 14:19:44 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\fux2mkuk.exe
[2011.11.24 00:11:01 | 000,016,693 | ---- | C] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:46 | 000,016,083 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:27 | 000,044,392 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[2011.04.25 13:23:20 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.04.25 13:23:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.09.16 11:33:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.08.02 10:47:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 12:41:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.08 12:41:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.08 12:41:54 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.07.08 12:41:54 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.08 12:41:53 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.28 16:22:39 | 000,014,848 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 16:25:33 | 000,120,320 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV65.sys
[2009.12.17 19:07:22 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.17 16:50:02 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\C4ADB889A8.sys
[2009.12.17 16:49:58 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.17 16:46:29 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.13 09:37:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009.11.12 22:29:19 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,355,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
 
========== LOP Check ==========
 
[2011.11.23 08:51:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5047
[2011.11.24 00:52:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5048
[2011.11.24 19:18:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5049
[2011.11.26 15:21:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5050
[2011.11.30 00:51:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5051
[2011.12.01 22:15:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5052
[2011.10.18 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.08.05 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.14 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.24 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeDoko
[2011.12.01 23:49:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.04.25 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2011.11.23 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.02.19 10:34:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LimeWire
[2011.06.24 13:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.20 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2009.11.12 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.11.30 00:56:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.03 19:34:29 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.11.11 21:56:56 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.26 17:23:51 | 000,000,000 | ---D | M] -- C:\7a8ebb5e513f4f390465e6
[2009.06.09 12:51:36 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.06.10 14:45:20 | 000,000,000 | ---D | M] -- C:\CabLogs
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.11 21:53:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.10 10:55:43 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.11.18 03:04:21 | 000,000,000 | -HSD | M] -- C:\found.001
[2010.05.04 20:07:50 | 000,000,000 | ---D | M] -- C:\games
[2009.06.10 11:10:38 | 000,000,000 | ---D | M] -- C:\Intel
[2010.10.22 15:46:46 | 000,000,000 | ---D | M] -- C:\LEMMINGS
[2009.06.10 16:02:17 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.03 14:31:02 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.03 14:31:08 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.11.11 21:53:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.19 17:03:37 | 000,000,000 | ---D | M] -- C:\Programs
[2011.12.03 19:46:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.11.11 21:56:37 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.03 13:59:01 | 000,000,000 | ---D | M] -- C:\Windows
[2009.06.17 08:46:06 | 000,000,000 | ---D | M] -- C:\wlbinaries
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
[2011.04.21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
[2011.04.21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
[2011.04.21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
[2008.01.21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
[2009.04.10 20:47:04 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
[2011.04.21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.03.11 15:41:13 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.03.11 15:41:12 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.03.11 15:41:13 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 03:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-22 18:52:03
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F34C507

< End of report >
OTLExtra:

Code:
ATTFilter
OTL Extras logfile created on: 03.12.2011 19:43:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 57,92% Memory free
6,19 Gb Paging File | 4,77 Gb Available in Paging File | 77,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 167,32 Gb Free Space | 62,25% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25BB81FC-75E2-4E56-A0EA-B1643D692DCC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{275ED65C-AE13-4CF2-96B4-4A274E95B3DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B48F475-A803-4B8F-AEA9-DD423944564D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{30C30EB7-E32F-4097-B5FC-9B5B97BD506A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3BCC61EB-058B-4ACA-A405-FDE6BD6925C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{666D244B-2C97-4E7B-AB7B-80BEF4E62BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{703215FF-949F-4934-8A67-65B91014FB53}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7DE4E2E5-1EDF-4C9B-8D62-1AFFD74BF96F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F33350C-96F1-4E59-BC83-3C2DE6D05EC7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F48D5AD-7C2F-4372-A1A3-FADC27893253}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F0CC9D3-C245-4E37-9828-FC65DEFFA336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E0B6DA0F-F178-4DE7-AD91-4D83E92D9AA0}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15841BA2-6374-490E-8586-98061B9A1302}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2AC38F36-C224-41ED-94BC-96FC0F7ED8C3}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{31252298-13B4-4297-814A-6E31B4E954D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{360D637E-ECC6-49B3-B941-A264E2A414F3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{40BDB3C5-6A3C-4898-AC2D-373135F0B38D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{43AC1576-A8F3-462D-A4AB-6C956748518A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{48151DDE-2F0B-4D8A-BB9F-51CC411CC9E9}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{5EEC18E1-09A0-4335-BC95-A9B702AE2243}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6B262047-757D-4D6D-AC28-1D986C5B6351}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{77C12342-483E-439E-B6DE-A14AB9D7FCA8}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{7F078B1E-866E-4DE2-838F-D6F27DEBA8A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8ADDF7A0-43C9-40AF-B8B8-2AD411D999C0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{8EE6521A-D7A7-4C8C-BC70-3E2B20F80856}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{98A2211D-00DB-4B27-B899-1B5218BA0B97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1044F6C-AF40-40F4-96CE-FF7DA8A4D8AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA5FD6A2-EA19-4BC3-95E4-C8A62BB712F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB19793B-DBE2-4286-86D1-535D15AB4061}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{ADEFCE19-888F-4656-9FA1-F5358FBDC5BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B4987823-A19C-40C1-B8DE-91B0E720FF7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B5E5CCE0-8B4E-482A-B488-99C97960DF3C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C43DEB87-3C56-4EAE-95C3-633782272201}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CC2D2524-E6D7-4CA4-9972-C4B263407A86}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{D27030F1-E046-40B3-9BCE-A3A7252E2DCD}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{D37868C5-1B8E-4496-BFAC-DB707B0C2446}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7420CC6-93CD-4ABD-A698-4FA54B3D556F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5278594-E4D5-49E7-9731-8BFEBA3277CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E82C1168-4844-4D34-8517-D5C8C9E389B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EEB2134F-1C31-422D-A961-41D0BA4743CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{280AC6F6-CEFF-42BD-8044-FC8536FC30FD}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{5148B8B5-A462-4CA1-BB01-72AF7CB21692}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{55804B15-69C7-4E74-8E72-162219CD3004}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{66DF4831-7135-44AB-8AA3-B807D5CF1E4F}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{739A78C0-FE3A-4BF5-A2C2-27BCA058A7F2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{8EF2DF35-5EE1-4A5F-AB0C-E56758841E8E}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{E4752B4C-3F59-400B-BCEE-9ED5A691F0C4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{EF153DF2-1B8E-4A66-A6DB-3E223E0082BB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{2272DA4F-A629-4837-9671-D4BDBB6011BB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2FD01AC9-1FB7-4E05-95D1-E1524A1E66E3}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{52672968-F11E-4D2F-8109-11C7B66B3900}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{5402C549-952D-4A18-B983-A0269B79EDF1}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{A3791961-1C8B-4524-8094-1E845A3414EC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{CAA2BC11-7CD5-42EA-AD40-34AE78B99560}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{D3474C55-46A0-45F9-BCD2-CBD3E2956E3D}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{DE2BD5BD-6D37-49B1-8985-F0F06717124B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.56
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.56
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Cinderella 2.0" = Cinderella 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IsoBuster_is1" = IsoBuster 2.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"RTPatch_is1" = RTPatch Update
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ws4.webspeech" = G DATA WebSpeech 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2011 02:33:40 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.06.2011 02:34:33 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2011 05:38:04 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.06.2011 05:38:04 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.06.2011 05:39:07 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.06.2011 09:49:03 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung a2service.exe, Version 5.1.0.20, Zeitstempel
 0x4def8b3e, fehlerhaftes Modul engine.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4de8fc78, Ausnahmecode 0xc0000005, Fehleroffset 0x04474b3c,  Prozess-ID 0x398, 
Anwendungsstartzeit 01cc28e458c9e01d.
 
Error - 12.06.2011 13:54:57 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.06.2011 13:55:25 | Computer Name = ***-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 12.06.2011 17:52:47 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm winamp.exe, Version 5.6.1.3133 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 13d0  Anfangszeit: 01cc292a10bf8570  Zeitpunkt der Beendigung:
 19
 
Error - 13.06.2011 06:37:34 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung a2service.exe, Version 5.1.0.20, Zeitstempel
 0x4def8b3e, fehlerhaftes Modul engine.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4de8fc78, Ausnahmecode 0xc0000005, Fehleroffset 0x04374b3c,  Prozess-ID 0x8b0, 
Anwendungsstartzeit 01cc2907832e20d0.
 
[ System Events ]
Error - 02.12.2011 09:16:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.12.2011 09:17:43 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.12.2011 08:16:54 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2011 08:18:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.12.2011 08:59:08 | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.12.2011 um 13:57:08 unerwartet heruntergefahren.
 
Error - 03.12.2011 09:00:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2011 09:00:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 03.12.2011 09:02:12 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 03.12.2011 14:37:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.12.2011 14:37:47 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

Alt 04.12.2011, 15:36   #8
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


6.

Code:
ATTFilter
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	10.11.2009	13,5MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	10.11.2009		10.0.22.87
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	06.10.2010		10.1.85.3
Adobe Reader 9.3 - Deutsch	Adobe Systems Incorporated	27.01.2010	162,6MB	9.3.0
Adobe Shockwave Player 11.5	Adobe Systems, Inc.	28.11.2009	17,5MB	11.5.2.602
Apple Software Update	Apple Inc.	10.06.2009	2,16MB	2.1.1.116
Audacity 1.2.6		25.10.2011	8,43MB	
Avira AntiVir Personal - Free Antivirus	Avira GmbH	13.10.2011	112,0MB	10.2.0.704
Badaboom 1.1.1.194	Elemental Technologies	10.11.2009	14,3MB	1.1.1.194
Belkin Setup and Router Monitor		25.08.2011	40,2MB	
CCleaner	Piriform	03.12.2011	4,20MB	3.13
Cinderella 2.0		27.01.2010	19,9MB	
Compatibility Pack für 2007 Office System	Microsoft Corporation	19.09.2011	60,2MB	12.0.6425.1000
Corel Home Office 5.0.56	Corel Corporation	09.06.2009	124,7MB	
Corel Painter Essentials 4	Corel Corporation	09.06.2009	272MB	
CorelDRAW Essentials 4	Corel Corporation	09.06.2009	684MB	
CorelDRAW Essentials 4 - Windows Shell Extension	Corel Corporation	09.06.2009	1,81MB	
CyberLink MediaShow	CyberLink Corp.	09.06.2009	316MB	4.1.2325
CyberLink PhotoNow	CyberLink Corp.	09.06.2009	21,8MB	1.1.5615
CyberLink PowerDirector	CyberLink Corp.	09.06.2009	423MB	7.0.2625
CyberLink PowerDVD 8	CyberLink Corp.	09.06.2009	94,4MB	8.0.2606a
CyberLink PowerProducer	CyberLink Corp.	09.06.2009	311MB	5.0.1.1412
CyberLink YouCam	CyberLink Corp.	09.06.2009	73,8MB	2.0.2521
DivX Converter	DivX, Inc.	23.05.2010	45,3MB	7.1.0
DivX Plus DirectShow Filters	DivX, Inc.	23.05.2010	1,58MB	
DivX-Setup	DivX, Inc. 	23.05.2010	2,21MB	1.0.1.5
e-Wörterbücher		10.11.2009	1,75MB	
Emsisoft Anti-Malware 5.1	Emsi Software GmbH	05.06.2011	149,3MB	5.1
Feedback Tool	Microsoft Corporation	24.04.2011	2,28MB	1.2.0
Finger-sensing Pad Driver	FSP	09.06.2009	13,3MB	8.4.1.5
Foxlink Webcam	Sonix	09.06.2009	5,70MB	5.8.51000.202_WHQL
Free Audio CD Burner version 1.2	DVDVideoSoft Limited.	28.11.2009	2,60MB	
Free Studio version 5.0.9	DVDVideoSoft Limited.	13.05.2011	172,9MB	
Free YouTube to MP3 Converter version 3.2	DVDVideoSoft Limited.	28.11.2009	2,67MB	
G DATA Logox 4 Speechengine	G DATA Software AG	14.02.2011		
G DATA WebSpeech 4	G DATA Software AG	14.02.2011		
Google Updater	Google Inc.	10.11.2009	4,57MB	2.4.1487.6512
HP Customer Participation Program 8.0	HP	24.04.2011	236MB	8.0
HP Imaging Device Functions 8.0	HP	24.04.2011	1,54MB	8.0
HP OCR Software 8.0	HP	24.04.2011	1,53MB	8.0
HP Photosmart Essential	HP	28.01.2010	10,2MB	1.12.0.46
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B	HP	24.04.2011	75,8MB	8.0
HP Solution Center 8.0	HP	24.04.2011	1,53MB	8.0
HP Update	Hewlett-Packard	28.01.2010	3,57MB	4.000.005.006
HPSSupply	Ihr Firmenname	28.01.2010	0,96MB	2.1.3.0000
ICQ7.2	ICQ	25.10.2010	45,2MB	7.2
Intel® Matrix Storage Manager	Intel Corporation	10.11.2009	46,9MB	
IsoBuster 2.8	Smart Projects	28.05.2010	10,3MB	2.8
Java(TM) 6 Update 22	Sun Microsystems, Inc.	09.06.2009	97,0MB	6.0.220
K-Lite Codec Pack 6.1.0 (Full)		07.07.2010	47,3MB	6.1.0
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	02.12.2011	6,76MB	1.51.2.1300
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	10.11.2009	37,0MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	10.11.2009	37,0MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.06.2010	120,3MB	4.0.30319
Microsoft Office Home and Student 2007	Microsoft Corporation	09.06.2009	321MB	12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	19.09.2011	100,2MB	12.0.6425.1000
Microsoft Silverlight	Microsoft Corporation	13.10.2011	11,0MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	09.06.2009	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	10.11.2010	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	13.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	05.09.2010	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	13.06.2011	0,58MB	9.0.30729.6161
Microsoft Works	Microsoft Corporation	14.12.2010	378MB	9.7.0621
Mozilla Firefox 5.0 (x86 de)	Mozilla	01.07.2011	32,2MB	5.0
MSXML 4.0 SP2 (KB927978)	Microsoft Corporation	09.06.2009	34,00KB	4.20.9841.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	09.06.2009	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	25.11.2009	1,34MB	4.20.9876.0
Nero 8 Essentials	Nero AG	09.06.2009	1.938MB	8.3.124
NVIDIA Drivers	NVIDIA Corporation	10.11.2009	3.278MB	1.3
OpenOffice.org 3.3	OpenOffice.org	23.06.2011	413MB	3.3.9567
Picasa 2	Google, Inc.	10.11.2009	35,3MB	2.0
QuickTime	Apple Inc.	10.06.2009	74,4MB	7.60.92.0
Realtek 8136 8168 8169 Ethernet Driver	Realtek	17.06.2009	1,60MB	1.00.0005
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	09.06.2009	9,29MB	6.0.1.5730
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	09.06.2009	1,50MB	6.0.6000.20111
REALTEK Wireless LAN Driver	REALTEK Semiconductor Corp.	18.02.2011	7,10MB	1.01.0092
RGSS-RTP Standard	Enterbrain	16.12.2009	22,5MB	1.0.0
RPGXP	Enterbrain	16.12.2009	4,11MB	1.0.0
RTPatch Update	PocketSoft	28.05.2010	0,92MB	
Skype Click to Call	Skype Technologies S.A.	06.11.2011	12,7MB	5.6.8442
Skype™ 5.5	Skype Technologies S.A.	06.11.2011	17,0MB	5.5.124
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	27.01.2010	29,7MB	9.0.0
Uninstall 1.0.0.1		13.05.2011	17,7MB	
Winamp	Nullsoft, Inc	11.06.2011	39,5MB	5.61 
Winamp Erkennungs-Plug-in	Nullsoft, Inc	11.06.2011	0,15MB	1.0.0.1
Windows Live Anmelde-Assistent	Microsoft Corporation	09.06.2009	1,93MB	5.000.818.6
Windows Live Essentials	Microsoft Corporation	10.11.2010	136,5MB	14.0.8117.0416
Windows Live Sync	Microsoft Corporation	10.11.2010	2,79MB	14.0.8117.416
Windows Live-Uploadtool	Microsoft Corporation	09.06.2009	0,22MB	14.0.8014.1029
WinRAR		10.11.2009	3,82MB

Alt 05.12.2011, 15:10   #9
kira
/// Helfer-Team
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


1.
Code:
ATTFilter
Azureus
eMule
LimeWire
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du ein „sicheres“ P2P Programm verwendest, ist es nur das Programm, das sicher ist.Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!

2.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.06.06 16:07:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.06 16:07:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2009.04.07 13:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.gif
[2010.01.15 17:59:44 | 000,000,202 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.src
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
[2011.12.01 22:15:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5052
[2011.11.30 00:51:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5051
[2011.11.26 15:21:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5050
[2011.11.24 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5049
[2011.11.24 00:52:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5048
[2011.11.23 08:51:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5047
[2011.11.23 08:51:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.11.23 08:51:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.12.03 19:35:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.03 19:16:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.18 06:43:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.11.23 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.02.19 10:34:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LimeWire
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:2F34C507

:Reg
"TCP Query User{280AC6F6-CEFF-42BD-8044-FC8536FC30FD}C:\program files\emule\emule.exe" =-
"TCP Query User{5148B8B5-A462-4CA1-BB01-72AF7CB21692}C:\program files\limewire\limewire.exe" =-
"TCP Query User{55804B15-69C7-4E74-8E72-162219CD3004}C:\program files\vuze\azureus.exe" =-
"TCP Query User{EF153DF2-1B8E-4A66-A6DB-3E223E0082BB}C:\program files\vuze\azureus.exe" =-
"UDP Query User{2FD01AC9-1FB7-4E05-95D1-E1524A1E66E3}C:\program files\vuze\azureus.exe" =-
"UDP Query User{52672968-F11E-4D2F-8109-11C7B66B3900}C:\program files\emule\emule.exe" =-
"UDP Query User{CAA2BC11-7CD5-42EA-AD40-34AE78B99560}C:\program files\limewire\limewire.exe" =-
"UDP Query User{D3474C55-46A0-45F9-BCD2-CBD3E2956E3D}C:\program files\vuze\azureus.exe" =-

:Commands
[purity]
[emptytemp]
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

6.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

7.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Alt 06.12.2011, 19:05   #10
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


3.
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13\ not found.
File C:\Program Files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.gif not found.
File C:\Program Files\mozilla firefox\searchplugins\Yahooober1610211.src not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\snp2uvc not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tsnp2uvc not found.
File C:\Windows\tsnp2uvc.exe not found.
Folder C:\Users\Kai\AppData\Roaming\5052\ not found.
Folder C:\Users\Kai\AppData\Roaming\5051\ not found.
Folder C:\Users\Kai\AppData\Roaming\5050\ not found.
Folder C:\Users\Kai\AppData\Roaming\5049\ not found.
Folder C:\Users\Kai\AppData\Roaming\5048\ not found.
Folder C:\Users\Kai\AppData\Roaming\5047\ not found.
Folder C:\Users\Kai\AppData\Roaming\xmldm\ not found.
Folder C:\Users\Kai\AppData\Roaming\kock\ not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
Folder C:\Users\Kai\AppData\Roaming\Azureus\ not found.
Folder C:\Users\Kai\AppData\Roaming\kock\ not found.
Folder C:\Users\Kai\AppData\Roaming\LimeWire\ not found.
Unable to delete ADS C:\ProgramData\Temp:2F34C507 .
========== REGISTRY ==========
Registry key Invalid\\"TCP Query User{280AC6F6-CEFF-42BD-8044-FC8536FC30FD}C:\program files\emule\emule.exe" \ not found.
Registry key Invalid\\"TCP Query User{5148B8B5-A462-4CA1-BB01-72AF7CB21692}C:\program files\limewire\limewire.exe" \ not found.
Registry key Invalid\\"TCP Query User{55804B15-69C7-4E74-8E72-162219CD3004}C:\program files\vuze\azureus.exe" \ not found.
Registry key Invalid\\"TCP Query User{EF153DF2-1B8E-4A66-A6DB-3E223E0082BB}C:\program files\vuze\azureus.exe" \ not found.
Registry key Invalid\\"UDP Query User{2FD01AC9-1FB7-4E05-95D1-E1524A1E66E3}C:\program files\vuze\azureus.exe" \ not found.
Registry key Invalid\\"UDP Query User{52672968-F11E-4D2F-8109-11C7B66B3900}C:\program files\emule\emule.exe" \ not found.
Registry key Invalid\\"UDP Query User{CAA2BC11-7CD5-42EA-AD40-34AE78B99560}C:\program files\limewire\limewire.exe" \ not found.
Registry key Invalid\\"UDP Query User{D3474C55-46A0-45F9-BCD2-CBD3E2956E3D}C:\program files\vuze\azureus.exe" \ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kai
->Temp folder emptied: 425389 bytes
->Temporary Internet Files folder emptied: 71648 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7968956 bytes
->Flash cache emptied: 456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18282372191 bytes
RecycleBin emptied: 153358 bytes
 
Total Files Cleaned = 17.444,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_174623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Alt 06.12.2011, 19:40   #11
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


5.

OTL:

Code:
ATTFilter
OTL logfile created on: 06.12.2011 19:15:11 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,84% Memory free
6,19 Gb Paging File | 3,75 Gb Available in Paging File | 60,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 187,85 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.01 22:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.30 15:47:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 11:04:04 | 002,978,720 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.28 17:36:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.22 19:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe
PRC - [2010.11.07 12:59:22 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010.07.28 16:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010.07.28 16:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010.04.12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.07 14:41:38 | 000,745,472 | ---- | M] (Sentelic Corporation) -- C:\Programme\FSP\FspUip.exe
PRC - [2009.04.10 22:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.02.11 16:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.07.28 16:34:04 | 000,022,424 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010.07.28 16:02:58 | 000,658,432 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010.06.28 09:00:00 | 003,828,736 | ---- | M] () -- C:\Programme\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2010.06.23 17:12:28 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010.06.23 17:11:52 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010.06.23 17:11:48 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010.06.23 17:11:48 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010.06.23 16:38:18 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010.04.12 23:46:46 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.04.12 23:46:36 | 001,135,912 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.08.16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.23 14:29:46 | 000,073,728 | ---- | M] () -- C:\Programme\FSP\FspLib.dll
MOD - [2009.02.17 11:26:36 | 000,053,248 | ---- | M] () -- C:\Programme\FSP\KbdHook.dll
MOD - [2006.12.10 20:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 20:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.30 15:47:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.09 11:04:04 | 002,978,720 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.28 17:36:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.28 16:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2009.03.05 18:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2009.02.11 16:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.10.29 15:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.30 15:47:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 15:47:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.02.20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010.09.05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010.05.27 16:25:33 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2010.05.05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2009.11.13 09:37:14 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\WinIo.sys -- (WINIO)
DRV - [2009.05.25 07:50:44 | 000,164,864 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.05.08 21:58:00 | 007,551,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.05.08 18:02:48 | 000,498,176 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.05.07 16:22:20 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.05.01 09:13:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.12.29 17:06:54 | 001,799,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.jetztspielen.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c7478d43-2bd5-4844-98b8-c2a6aa9ed677}:3.2.5.2
FF - prefs.js..extensions.enabledItems: OberonGameHost@OberonGames.com:1.0.5.1344
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 16:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 07:37:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5052
 
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.11.13 16:55:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.12.06 07:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions
[2010.06.14 06:42:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.13 10:52:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.06 07:29:22 | 000,000,000 | ---D | M] (InnoGames Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{c7478d43-2bd5-4844-98b8-c2a6aa9ed677}
[2011.11.18 06:11:39 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.29 16:12:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\umkhp7pm.default\extensions\vshare@toolbar
[2011.12.06 07:33:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.11.11 23:04:55 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.07 07:21:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.06 07:33:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.12.06 07:33:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMKHP7PM.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
[2011.07.02 16:17:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.06 07:32:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.06.06 16:07:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.06 16:07:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.06 16:07:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.06 16:07:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [fspuip] C:\Program Files\FSP\fspuip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Programme\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EF1B4EB-1134-4AB9-8FBB-CEE5E3C3499A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 07:39:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.06 07:36:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.12.06 07:35:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.06 07:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.06 07:33:01 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.06 07:33:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.06 07:33:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.04 15:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.04 15:34:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.03 14:31:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.03 14:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.03 14:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.03 14:31:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.03 14:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 22:24:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.18 03:04:21 | 000,000,000 | -HSD | C] -- C:\found.001
[2009.06.10 14:00:53 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009.06.10 14:00:52 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.06 19:18:41 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 19:18:41 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 19:18:41 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 19:18:41 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.06 19:17:27 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.12.06 19:12:22 | 000,015,360 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.06 19:12:02 | 000,031,681 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.06 19:10:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 19:10:58 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 19:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 19:10:48 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.06 07:37:22 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.06 07:32:28 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.06 07:32:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.06 07:32:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.06 07:32:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.04 15:34:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 14:31:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.03 14:22:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2011.12.02 14:19:44 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\fux2mkuk.exe
[2011.12.01 22:24:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.11.24 00:11:02 | 000,016,693 | ---- | M] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:47 | 000,016,083 | ---- | M] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:31 | 000,044,392 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.06 07:37:22 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.06 07:37:22 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.04 15:34:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 14:31:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.03 14:23:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2011.12.02 14:19:44 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\fux2mkuk.exe
[2011.11.24 00:11:01 | 000,016,693 | ---- | C] () -- C:\Users\***\Desktop\Inhalt.odt
[2011.11.24 00:10:46 | 000,016,083 | ---- | C] () -- C:\Users\***\Desktop\Deckblatt.odt
[2011.11.24 00:10:27 | 000,044,392 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit_Labeling.odt
[2011.04.25 13:23:20 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.04.25 13:23:10 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.09.16 11:33:52 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE
[2010.08.02 10:47:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 12:41:57 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.07.08 12:41:56 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.07.08 12:41:54 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.07.08 12:41:54 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.07.08 12:41:53 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.06.28 16:22:39 | 000,015,360 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 16:25:33 | 000,120,320 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV65.sys
[2009.12.17 19:07:22 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.17 16:50:02 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\C4ADB889A8.sys
[2009.12.17 16:49:58 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.17 16:46:29 | 000,031,681 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.11.13 09:37:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2009.11.12 22:29:19 | 000,000,502 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.06.10 14:00:53 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009.06.10 14:00:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009.06.10 14:00:52 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009.06.10 13:58:06 | 000,311,296 | ---- | C] () -- C:\Windows\System32\Rezip.exe
[2009.06.10 13:49:38 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.10 13:38:31 | 000,000,276 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.09 19:24:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.06.09 19:24:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.06.09 19:24:37 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.06.09 19:24:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.06.09 09:54:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.09 09:53:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.09 09:34:57 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,355,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.08.30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005.08.30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005.08.30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
 
========== LOP Check ==========
 
[2011.08.05 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.14 15:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.24 09:48:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeDoko
[2011.12.01 23:49:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.04.25 13:38:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image Zone Express
[2011.06.24 13:48:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.20 13:03:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Printer Info Cache
[2009.11.12 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.12.06 19:10:04 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
EXTRA:

Code:
ATTFilter
OTL Extras logfile created on: 06.12.2011 19:15:11 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8080.16413)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,84% Memory free
6,19 Gb Paging File | 3,75 Gb Available in Paging File | 60,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 187,85 Gb Free Space | 69,88% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,35 Gb Free Space | 48,99% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25BB81FC-75E2-4E56-A0EA-B1643D692DCC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{275ED65C-AE13-4CF2-96B4-4A274E95B3DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B48F475-A803-4B8F-AEA9-DD423944564D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{30C30EB7-E32F-4097-B5FC-9B5B97BD506A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3BCC61EB-058B-4ACA-A405-FDE6BD6925C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{666D244B-2C97-4E7B-AB7B-80BEF4E62BBF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{703215FF-949F-4934-8A67-65B91014FB53}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7DE4E2E5-1EDF-4C9B-8D62-1AFFD74BF96F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8F33350C-96F1-4E59-BC83-3C2DE6D05EC7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F48D5AD-7C2F-4372-A1A3-FADC27893253}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F0CC9D3-C245-4E37-9828-FC65DEFFA336}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{E0B6DA0F-F178-4DE7-AD91-4D83E92D9AA0}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15841BA2-6374-490E-8586-98061B9A1302}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2AC38F36-C224-41ED-94BC-96FC0F7ED8C3}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{31252298-13B4-4297-814A-6E31B4E954D2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{360D637E-ECC6-49B3-B941-A264E2A414F3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{40BDB3C5-6A3C-4898-AC2D-373135F0B38D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{43AC1576-A8F3-462D-A4AB-6C956748518A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{48151DDE-2F0B-4D8A-BB9F-51CC411CC9E9}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{5EEC18E1-09A0-4335-BC95-A9B702AE2243}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6B262047-757D-4D6D-AC28-1D986C5B6351}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{77C12342-483E-439E-B6DE-A14AB9D7FCA8}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{7F078B1E-866E-4DE2-838F-D6F27DEBA8A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8ADDF7A0-43C9-40AF-B8B8-2AD411D999C0}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{8EE6521A-D7A7-4C8C-BC70-3E2B20F80856}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{98A2211D-00DB-4B27-B899-1B5218BA0B97}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1044F6C-AF40-40F4-96CE-FF7DA8A4D8AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA5FD6A2-EA19-4BC3-95E4-C8A62BB712F0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB19793B-DBE2-4286-86D1-535D15AB4061}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe | 
"{ADEFCE19-888F-4656-9FA1-F5358FBDC5BD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B4987823-A19C-40C1-B8DE-91B0E720FF7D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{B5E5CCE0-8B4E-482A-B488-99C97960DF3C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{C43DEB87-3C56-4EAE-95C3-633782272201}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CC2D2524-E6D7-4CA4-9972-C4B263407A86}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{D27030F1-E046-40B3-9BCE-A3A7252E2DCD}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{D37868C5-1B8E-4496-BFAC-DB707B0C2446}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D7420CC6-93CD-4ABD-A698-4FA54B3D556F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E5278594-E4D5-49E7-9731-8BFEBA3277CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E82C1168-4844-4D34-8517-D5C8C9E389B6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{EEB2134F-1C31-422D-A961-41D0BA4743CE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{739A78C0-FE3A-4BF5-A2C2-27BCA058A7F2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{E4752B4C-3F59-400B-BCEE-9ED5A691F0C4}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{2272DA4F-A629-4837-9671-D4BDBB6011BB}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{A3791961-1C8B-4524-8094-1E845A3414EC}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office 5.0.56
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"_{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{36C95AD3-D330-4BAA-884A-9F3EFD15A5EA}" = Corel Home Office
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{39FE455F-9478-451B-9420-73C15143DF8E}" = Corel Home Office - IPM
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4737AD9F-13AA-4E4C-B86F-B631D557F6A7}" = e-Wörterbücher
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5017D60D-C0A5-4CC8-8D2F-0BDA1ADF39D0}" = Corel Home Office - Templates1
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1A63F75-1F72-4450-980D-434496FFC646}" = Corel Painter Essentials 4
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E74EA3B1-7192-489D-9A57-0AE918FEC001}" = Corel Home Office - Launcher
"{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}" = Finger-sensing Pad Driver
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA3215C7-7032-4D4D-B21F-C9D941749283}" = Corel Home Office 5.0.56
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Badaboom" = Badaboom 1.1.1.194
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"Cinderella 2.0" = Cinderella 2.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"IsoBuster_is1" = IsoBuster 2.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"RTPatch_is1" = RTPatch Update
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"ws4.webspeech" = G DATA WebSpeech 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.06.2011 10:51:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.06.2011 10:51:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.06.2011 10:51:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 07.06.2011 10:51:36 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.06.2011 06:02:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.06.2011 06:02:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.06.2011 06:03:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.06.2011 06:23:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.06.2011 06:23:25 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 10.06.2011 06:24:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 06.12.2011 12:41:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.12.2011 12:42:50 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.12.2011 12:46:45 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 06.12.2011 12:46:52 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 06.12.2011 14:00:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2011 14:00:51 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.12.2011 14:01:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.12.2011 14:12:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2011 14:12:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 06.12.2011 14:13:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

Alt 06.12.2011, 20:46   #12
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


6.

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/06/2011 at 08:37 PM

Application Version : 5.0.1136

Core Rules Database Version : 8019
Trace Rules Database Version: 5831

Scan type       : Complete Scan
Total Scan Time : 00:52:01

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 748
Memory threats detected   : 0
Registry items scanned    : 39306
Registry threats detected : 0
File items scanned        : 69377
File threats detected     : 3

Adware.Tracking Cookie
	.doubleclick.net [ C:\USERS\KAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMKHP7PM.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\KAI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMKHP7PM.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FraudPacked
	C:\_OTL\MOVEDFILES\12062011_073947\C_USERS\KAI\APPDATA\ROAMING\LIMEWIRE\BROWSER\XULRUNNER\XPT_LINK.EXE

Alt 15.12.2011, 19:35   #13
Alucard99
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


So...bis jetzt ist nichts mehr aufgetaucht an Warnungen und Meldungen von Viren etc... Denke die Reinigung hat funktioniert.

Ich danke dir herzlich für deine super Hilfe

Alt 16.12.2011, 08:44   #14
kira
/// Helfer-Team
 
Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Standard

Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


Ok, sieht gut aus

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Alle Systemwiederherstellungspunkte löschen, auch den Letzten

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Empfehlungen/Vorschläge:
5.
An deiner Stelle würde ich aus dem Autostart folgende Programme rausnehmen:
Beim Hochfahren von Windows werden einige Programme mit gestartet, die sich (mit oder ohne Zustimmung des Users) im Autostart eingetragen haben
Je mehr Programme hier aufgeführt sind, umso langsamer startet Windows. Deshalb kann es sinnvoll sein, Software die man nicht unbedingt immer benötigt, aus dem Autostart zu entfernen.- Bei allem Häkchen weg was nicht starten soll.
Die Programme bleiben dabei erhalten, falls man braucht, kann jederzeit manuell gestartet werden!
Code:
ATTFilter
Du solltest nie deaktivieren :
Grafiktreibers
Firewall
Antivirenprogramm
Sound
Es ist immer Benutzerspezifisch (ein allgemein gültiges Rezept gibt es nicht), Tipps kann ich Dir geben
um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart

um den Autostart von Windows XP zu verwalten:-> "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart
Zitat:
Schwarz gefärbten - kannst ohne bedenken aus dem Autostart herausnehmen
Rot gefärbten - überlegenswert, ob beim Autostart hochfahren sollten
Code:
ATTFilter
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
Achtung!:
Für die aufgelisteten Programme gelten zusätzlich, dass man nach Aktualisierung (AfterUpdate) erneut unter Start und Dienste nachkontrollieren muss!

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!
Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!
Antwort

Themen zu Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden
32 bit, alternate, antivir, audacity, autorun, avira, bho, bundespolizeitrojaner, c:\windows\system32\rundll32.exe, converter, emsisoft, emsisoft anti-malware, error, excel.exe, feedback, firefox, format, helper, home, install.exe, limewire, logfile, microsoft office word, mozilla, mp3, nvlddmkm.sys, office 2007, officejet, plug-in, realtek, registry, required, rundll, scan, sched.exe, security, security update, senden, software, studio, svchost.exe, trojaner, usb, usb 2.0, vista


« facemoodssrv.exe virus | PC startet nicht mehr nach Löschen von .exe Datei wegen des Bundeskriminalpolizei-Virus »


Ähnliche Themen: Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden


  1. Hinweis von web.de auf Zeus gefunden wurde Trojaner.Banker
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (37)
  2. TR/Spy.Banker.Gen2-gefunden!
    Log-Analyse und Auswertung - 16.04.2012 (11)
  3. Spy.Banker.Gen2, ATRAPS etc... ip-Adresse wird nicht gefunden, Internet funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (7)
  4. TR/Spy.Banker/Gen2 - wie fortfahren?
    Log-Analyse und Auswertung - 03.04.2012 (5)
  5. TR/Spy.Banker.Gen2 und andere Malware auf meinem laptop gefunden
    Log-Analyse und Auswertung - 02.04.2012 (3)
  6. TR/Spy.Banker.Gen2
    Log-Analyse und Auswertung - 02.04.2012 (9)
  7. erst TR/Spy.Banker.Gen2 gefunden, dann TR/PSW.Banker.O.33
    Log-Analyse und Auswertung - 28.03.2012 (26)
  8. TR/Spy.Banker.Gen2 (gefunden von Avira)
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (8)
  9. mehrere Trojaner gefunden: Spy.Agent.OGS, Spy.Banker.Gen2, Graftor.9201.6, Agent.237568.6
    Log-Analyse und Auswertung - 20.12.2011 (23)
  10. Spy.Banker.Gen2 Trojaner Problem, hoffe auf Lösung !
    Plagegeister aller Art und deren Bekämpfung - 04.12.2011 (2)
  11. TR/Spy.Banker.Gen2
    Log-Analyse und Auswertung - 03.12.2011 (5)
  12. Bundespolizei virus + Spy.Banker.gen2
    Plagegeister aller Art und deren Bekämpfung - 30.11.2011 (6)
  13. Spy.Banker.Gen2 Trojaner wie werde ich ihn dauerhaft los?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2011 (7)
  14. Trojanerbefall durch TR/Spy.Banker.Gen2 - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.11.2011 (3)
  15. [doppelt] Trojanerbefall durch TR/Spy.Banker.Gen2 - Trojaner
    Mülltonne - 19.11.2011 (0)
  16. Trojanisches Pferd TR/Banker.Banker.aywq gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2010 (7)
  17. trojaner DR/Spy.Banker.mjh gefunden und gelöscht??
    Log-Analyse und Auswertung - 22.06.2008 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden - Hallo, ich habe leider seit längerem schon den Bundespolizeitrojaner auf meinem Rechner. Habe es zwar soweit hinbekommen, dass er sich nicht aktiviert, aber er ist ja noch da. Ebenso meldet - Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden...
Archiv
Du betrachtest: Bundespolizei-, Spy.Banker.Gen2- Trojaner etc. gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131