Aus Sicherheitsgründen wurde ihr Windows-System blockiert...

Aron · 05.02.2012, 00:57

Hallo liebes Trojaner-Board Team,

ich war gerade im Internet, als plötzlich der Bildschirm schwarz wurde und in der Mitte der in der Überschrift genannte Text stand, darunter allerlei Logos von diversen Antiviren Programmen und ein Button mit dem Text "Bezahlen und herunterladen".

Offenbar ist das Problem hier bekannt. Ich habe den PC im abgesicherten Modus gestartet, die OTL.exe auf den Desktop gezogen und mit den in einem anderen Thread genannten Einstellungen ausgeführt.

Ist das soweit alles richtig? Die beiden Codes (OTL.txt und Extras.txt) sind im Anhang. Die Datei Extras.txt habe ich in zwei Textdateien unterteilt, weil sie zum hochladen zu groß war. Wie soll ich weiter vorgehen?

Vielen Dank schonmal für eure Hilfe! Es ist wirklich klasse, dass es so ein Forum gibt

Larusso · 05.02.2012, 10:24

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:otl
O4 - HKCU..\Run: [Firefox helper] C:\Users\Aron\AppData\Local\Mozilla\Firefox\firefox.exe ()
:commands
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
Kopiere nun den Inhalt hier in Deinen Thread

Berichte ob du den Rechner wieder starten kannst

Aron · 05.02.2012, 11:07

Danke für die schnelle Antwort!

Ich habe alles wie du beschrieben hast im abgesicherten Modus durchgeführt. Nach dem Neustart habe ich den normalen Modus wieder gestartet und alles schien in Ordnung.

Ist das Problem damit gelöst? Wie kam der Trojaner auf den PC? Scheinbar mit Firefox, oder? Wie kann man sich zukünftig vor sowas schützen? Immerhin habe ich eine kostenpflichtige Version von Avira, und die hat nichts erkannt.

Die Logfile hat folgenden Inhalt:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Firefox helper deleted successfully.
C:\Users\Aron\AppData\Local\Mozilla\Firefox\firefox.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Aron
->Temp folder emptied: 3453 bytes
->Temporary Internet Files folder emptied: 389186951 bytes
->Java cache emptied: 54403925 bytes
->FireFox cache emptied: 375836595 bytes
->Google Chrome cache emptied: 305148693 bytes
->Flash cache emptied: 2240 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1127459534 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.148,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 02052012_105145

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Larusso · 05.02.2012, 16:22

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste in deiner nächsten Antwort
Combofix.txt

Aron · 05.02.2012, 17:57

Während Combofix am arbeiten war, sprang plötzlich eine Virenwarnung von Avira auf (obwohl ich eindeutig alles deaktiviert hatte). Kurz danach stand in dem Fenster von Combofix "Fast fertig...", weiter konnte ich dann nicht lesen, weil der Computer sich aufgehangen hat (Bluescreen mit der Nachricht "... shut down to prevent further damage" oder so ähnlich). Dann kam automatisch ein Neustart, alles scheint wie vorher, keine Combofix.txt zu finden.

Soll ich Combofix nochmal ausführen? Wenn ja, was kann ich tun, um einen erneuten Systemabsturz zu vermeiden?

Larusso · 05.02.2012, 18:36

ja bitte

Aron · 05.02.2012, 19:14

So hier nun die Logfile:

Code:

ATTFilter

ComboFix 12-02-05.02 - Aron 05.02.2012  18:49:49.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2261 [GMT 1:00]
ausgeführt von:: c:\users\Aron\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 17:57 . 2012-02-05 17:58	--------	d-----w-	c:\users\Aron\AppData\Local\temp
2012-02-05 17:57 . 2012-02-05 17:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-05 09:51 . 2012-02-05 09:51	--------	d-----w-	C:\_OTL
2012-02-03 06:19 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{124BEE97-37E7-4874-9DE2-25C6665B156F}\mpengine.dll
2012-01-25 21:53 . 2002-03-29 09:13	102400	----a-w-	c:\windows\system32\TrackerNET.dll
2012-01-25 21:53 . 2002-03-27 14:05	217088	----a-w-	c:\windows\system32\libmySQL.dll
2012-01-25 21:49 . 2012-01-25 21:49	--------	d-----w-	c:\program files\Sierra On-Line
2012-01-25 21:46 . 2012-01-25 21:46	--------	d-----w-	C:\Sierra
2012-01-12 13:06 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-12 13:06 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-12 13:06 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-12 13:06 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-12 13:06 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-12 13:06 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-11 10:08 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 10:08 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 10:08 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 10:08 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 10:08 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 10:08 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 10:08 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 10:08 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-10 20:14 . 2012-02-03 11:28	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 20:14 . 2012-02-03 11:28	45016	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 20:14 . 2012-02-03 11:28	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-10 20:14 . 2012-02-03 11:28	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 16:26 . 2008-07-06 08:54	140496	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-02-04 16:25 . 2009-03-20 22:07	280736	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-04 16:25 . 2008-07-06 08:54	280736	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-04 16:23 . 2008-07-06 08:54	215128	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-01-26 23:21 . 2009-10-03 08:54	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-11-24 12:06 . 2011-11-24 12:06	232512	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-24 09:37 . 2011-08-01 09:23	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-15 11:50	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-15 11:50	2048	----a-w-	c:\windows\system32\tzres.dll
2011-02-16 17:05 . 2011-02-16 17:04	706566	----a-w-	c:\program files\unins000.exe
2012-02-03 11:28 . 2011-08-16 19:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"Acer Tour"="" [BU]
"Apanel"="c:\acersw\config\SetApanel.cmd" [BU]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eRecoveryService"="" [BU]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-25 281768]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-29 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 20:46]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 10:35]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 10:35]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000Core.job
- c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 03:56]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000UA.job
- c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 03:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aron\AppData\Roaming\Mozilla\Firefox\Profiles\d8n6oypb.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-05 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
checkt.exe [3860]
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-873182316-2344748602-1223967999-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:28,0e,70,16,56,1c,38,04,5e,1b,83,63,48,b8,f5,5f,ca,fb,02,33,a1,55,e2,
   af,98,2e,62,8a,fe,2b,09,2b,af,a5,d6,aa,39,22,a5,d1,a1,a7,17,42,6c,08,b3,26,\
"??"=hex:b2,e1,d9,14,ea,01,63,fb,ec,22,d2,77,5a,69,8a,ee
.
[HKEY_USERS\S-1-5-21-873182316-2344748602-1223967999-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,c0,02,77,8c,0f,5f,7d,c6,c3,1d,cd,9e,e8,68,87,ba,da,59,3d,39,
   f6,a8,81,01,3e,8e,73,80,2e,0d,e4,72,12,dc,6a,50,c5,f9,ef,d4,75,94,3f,ad,6d,\
"rkeysecu"=hex:52,0f,59,ee,08,9e,dc,0d,ec,69,54,60,02,3a,ed,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4228)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Zeit der Fertigstellung: 2012-02-05  19:00:55
ComboFix-quarantined-files.txt  2012-02-05 18:00
.
Vor Suchlauf: 24 Verzeichnis(se), 45.068.177.408 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 45.025.796.096 Bytes frei
.
- - End Of File - - C5AAFFDA872B3FDF278E2C6A3AC36D2B

Larusso · 05.02.2012, 21:39

Deinstalliere bitte
pdfforge Toolbar v4.6

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Folder::
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

ClearJavaCache::

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Bitte poste in deiner nächsten Antwort
Combofix.txt
MBAM Log

Larusso · 05.02.2012, 21:39

Deinstalliere bitte
pdfforge Toolbar v4.6

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

Folder::
c:\program files\Common Files\Spigot

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

ClearJavaCache::

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Bitte poste in deiner nächsten Antwort
Combofix.txt
MBAM Log

Aron · 05.02.2012, 23:24

Alles erledigt, Logfiles siehe unten.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.05.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Aron :: ARON-PC [Administrator]

05.02.2012 23:11:56
mbam-log-2012-02-05 (23-11-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 180634
Laufzeit: 5 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ComboFix 12-02-05.02 - Aron 05.02.2012  22:27:26.3.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2212 [GMT 1:00]
ausgeführt von:: F:\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Aron\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\Spigot
c:\program files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-05 bis 2012-02-05  ))))))))))))))))))))))))))))))
.
.
2012-02-05 21:46 . 2012-02-05 21:46	--------	d-----w-	c:\users\Aron\AppData\Local\temp
2012-02-05 21:46 . 2012-02-05 21:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-05 09:51 . 2012-02-05 09:51	--------	d-----w-	C:\_OTL
2012-02-03 06:19 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{124BEE97-37E7-4874-9DE2-25C6665B156F}\mpengine.dll
2012-01-25 21:53 . 2002-03-29 09:13	102400	----a-w-	c:\windows\system32\TrackerNET.dll
2012-01-25 21:53 . 2002-03-27 14:05	217088	----a-w-	c:\windows\system32\libmySQL.dll
2012-01-25 21:49 . 2012-01-25 21:49	--------	d-----w-	c:\program files\Sierra On-Line
2012-01-25 21:46 . 2012-01-25 21:46	--------	d-----w-	C:\Sierra
2012-01-12 13:06 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-12 13:06 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-12 13:06 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-12 13:06 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-12 13:06 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-12 13:06 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-11 10:08 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-11 10:08 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-11 10:08 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 10:08 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-11 10:08 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-11 10:08 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-11 10:08 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 10:08 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
2012-01-10 20:14 . 2012-02-03 11:28	479232	----a-w-	c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-10 20:14 . 2012-02-03 11:28	45016	----a-w-	c:\program files\Mozilla Firefox\mozutils.dll
2012-01-10 20:14 . 2012-02-03 11:28	626688	----a-w-	c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-10 20:14 . 2012-02-03 11:28	548864	----a-w-	c:\program files\Mozilla Firefox\msvcp80.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 16:26 . 2008-07-06 08:54	140496	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-02-04 16:25 . 2009-03-20 22:07	280736	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-04 16:25 . 2008-07-06 08:54	280736	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-02-04 16:23 . 2008-07-06 08:54	215128	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-01-26 23:21 . 2009-10-03 08:54	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-11-24 12:06 . 2011-11-24 12:06	232512	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-24 09:37 . 2011-08-01 09:23	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37 . 2011-12-15 11:50	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-08 14:42 . 2011-12-15 11:50	2048	----a-w-	c:\windows\system32\tzres.dll
2011-02-16 17:05 . 2011-02-16 17:04	706566	----a-w-	c:\program files\unins000.exe
2012-02-03 11:28 . 2011-08-16 19:38	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38	121392	----a-w-	c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [BU]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-21 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-21 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-21 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 4702208]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"Acer Tour"="" [BU]
"Apanel"="c:\acersw\config\SetApanel.cmd" [BU]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eRecoveryService"="" [BU]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-25 281768]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-08-26 111928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-3-29 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02	114688	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-18 20:46]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 10:35]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 10:35]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000Core.job
- c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 03:56]
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000UA.job
- c:\users\Aron\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-14 03:56]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/ig
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Aron\AppData\Roaming\Mozilla\Firefox\Profiles\d8n6oypb.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-05 22:46
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-873182316-2344748602-1223967999-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:28,0e,70,16,56,1c,38,04,5e,1b,83,63,48,b8,f5,5f,ca,fb,02,33,a1,55,e2,
   af,98,2e,62,8a,fe,2b,09,2b,af,a5,d6,aa,39,22,a5,d1,a1,a7,17,42,6c,08,b3,26,\
"??"=hex:b2,e1,d9,14,ea,01,63,fb,ec,22,d2,77,5a,69,8a,ee
.
[HKEY_USERS\S-1-5-21-873182316-2344748602-1223967999-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,c0,02,77,8c,0f,5f,7d,c6,c3,1d,cd,9e,e8,68,87,ba,da,59,3d,39,
   f6,a8,81,01,3e,8e,73,80,2e,0d,e4,72,12,dc,6a,50,c5,f9,ef,d4,75,94,3f,ad,6d,\
"rkeysecu"=hex:52,0f,59,ee,08,9e,dc,0d,ec,69,54,60,02,3a,ed,b1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-02-05  22:48:53
ComboFix-quarantined-files.txt  2012-02-05 21:48
ComboFix2.txt  2012-02-05 18:00
.
Vor Suchlauf: 24 Verzeichnis(se), 42.157.379.584 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 41.904.685.056 Bytes frei
.
- - End Of File - - 9C42363DD53857A208F8C33226C58C32

Larusso · 06.02.2012, 03:16

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort
ESET Log
OTL.txt
Extras.txt
Berichte ob noch Probleme vorhanden sind

Aron · 06.02.2012, 13:06

ESET Log:

Code:

ATTFilter

C:\Qoobox\Quarantine\C\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5.vir	a variant of Win32/Adware.Toolbar.Dealio application
C:\_OTL\MovedFiles\02052012_105145\C_Users\Aron\AppData\Local\Mozilla\Firefox\firefox.exe	a variant of Win32/Kryptik.AACD trojan

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 06.02.2012 12:45:18 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Aron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,18% Memory free
6,71 Gb Paging File | 5,34 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 38,62 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 40,81 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,85 Gb Free Space | 99,52% Space Free | Partition Type: FAT
 
Computer Name: ARON-PC | User Name: Aron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Aron\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Windows\System32\lxdacoms.exe ( )
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTXml4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTGui4.dll ()
MOD - C:\Programme\Logitech\LWS\Webcam Software\QTCore4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3405.36826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3405.36840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3405.36929__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3405.36928__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3405.36933__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3405.36929__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3405.36844__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3405.36889__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3405.36917__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3405.36902__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3405.36845__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3405.36897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3405.36834__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3405.36879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3405.36918__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3405.36834__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3405.36927__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3405.36884__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3405.36927__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3405.36883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3405.36916__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3405.36872__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3405.36835__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3405.36892__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3405.36876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3405.36898__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3405.36880__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3405.36846__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3405.36866__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3405.36870__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3405.36850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3405.36871__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3405.36877__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3403.16829__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3403.16821__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3403.16841__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3403.16853__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3403.16839__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3403.16818__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3403.16813__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3403.16814__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3403.16866__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3403.16830__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3403.16823__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3403.16838__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3403.16851__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3403.16828__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3403.16852__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3403.16833__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3403.16854__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3403.16845__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3403.16836__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3403.16850__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3403.16843__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3403.16844__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3403.16842__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3403.16841__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3405.36839__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3405.36911__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3405.36910__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3405.36825__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3403.16840__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3405.36922__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3403.16820__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3403.16826__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3403.16839__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3403.16839__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3403.16827__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3403.16838__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3403.16838__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3403.16828__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3405.36821__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3405.36830__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3405.36824__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3403.16835__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3403.16838__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3405.36823__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3405.36822__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3403.16846__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3405.36911__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (lxda_device) -- C:\Windows\System32\lxdacoms.exe ( )
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SSHDRV85) -- C:\Windows\System32\drivers\SSHDRV85.sys ()
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology Corp.)
DRV - (WSVD) -- C:\Windows\System32\drivers\WSVD.sys (Wasay)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Aron\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Aron\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.03 12:28:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.07.13 11:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aron\AppData\Roaming\mozilla\Extensions
[2009.08.06 17:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aron\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.11.24 13:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aron\AppData\Roaming\mozilla\Firefox\Profiles\d8n6oypb.default\extensions
[2011.11.24 13:04:57 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Aron\AppData\Roaming\mozilla\Firefox\Profiles\d8n6oypb.default\extensions\yuqkkh5q.c3j
[2012.02.05 22:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.03 12:28:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.03 12:28:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 12:28:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 12:28:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 12:28:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 12:28:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 12:28:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Aron\AppData\Local\Google\Chrome\Application\11.0.696.77\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Aron\AppData\Local\Google\Chrome\Application\11.0.696.77\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Aron\AppData\Local\Google\Chrome\Application\11.0.696.77\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Brushed = C:\Users\Aron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
 
O1 HOSTS File: ([2012.02.05 22:46:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{502FA98B-6493-43C7-9A98-768598D076D6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50EC2D5F-B083-4D3E-87A9-8772497AA3BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52BA842D-14A9-440E-80D9-4E7CCB7B8411}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C3C5BEF-BD3E-412F-8A0D-79BE4F27DC24}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{989AD318-57BC-47A0-961F-6C696470C3D7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE7AB2D5-8B9A-4A4C-B7B3-23113571009D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F037A1BA-2DBE-4606-9FF5-DCC620A5D28C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Aron\Pictures\HDR Wallpaper\Frankfurt_Skyline_LowRes.jpg
O24 - Desktop BackupWallPaper: C:\Users\Aron\Pictures\HDR Wallpaper\Frankfurt_Skyline_LowRes.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 12:44:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aron\Desktop\OTL.exe
[2012.02.06 09:22:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.05 23:11:03 | 000,000,000 | ---D | C] -- C:\Users\Aron\AppData\Roaming\Malwarebytes
[2012.02.05 23:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.05 23:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.05 23:10:53 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.05 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.05 22:48:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.02.05 22:48:55 | 000,000,000 | ---D | C] -- C:\Users\Aron\AppData\Local\temp
[2012.02.05 22:26:03 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.02.05 22:05:46 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.02.05 17:26:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.02.05 17:26:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.02.05 17:26:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.02.05 17:26:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.05 17:26:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.05 10:51:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.25 22:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sierra On-Line
[2012.01.25 22:46:15 | 000,000,000 | ---D | C] -- C:\Sierra
[2012.01.11 11:08:16 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 11:08:14 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 11:08:13 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 11:08:11 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 11:08:11 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2010.11.17 19:49:23 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxdainpa.dll
[2010.11.17 19:49:23 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2010.11.17 19:49:22 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2010.11.17 19:49:22 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2010.11.17 19:49:22 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2010.11.17 19:49:22 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2010.11.17 19:49:22 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2010.11.17 19:49:22 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxdalmpm.dll
[2010.11.17 19:49:22 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxdacoms.exe
[2010.11.17 19:49:22 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
[2010.11.17 19:49:22 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxdaiesc.dll
[2010.11.17 19:49:22 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxdaih.exe
[2010.11.17 19:49:22 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxdacfg.exe
[2010.11.17 19:49:22 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2010.11.17 19:49:22 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2008.06.10 13:22:11 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008.03.29 03:48:21 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.06 12:46:15 | 000,005,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 12:46:15 | 000,005,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 12:44:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aron\Desktop\OTL.exe
[2012.02.06 12:32:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.06 12:00:02 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000UA.job
[2012.02.06 08:47:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 08:46:13 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012.02.06 08:46:10 | 3488,673,792 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.05 23:10:55 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 22:46:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.02.05 22:13:00 | 000,000,301 | ---- | M] () -- C:\Users\Aron\Desktop\ComboFix - Verknüpfung.lnk
[2012.02.05 21:13:08 | 000,000,831 | ---- | M] () -- C:\Users\Aron\Desktop\Ölpiraten in Nigeria - Verknüpfung.lnk
[2012.02.05 21:13:01 | 000,116,224 | ---- | M] () -- C:\Users\Aron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.05 21:12:50 | 000,000,579 | ---- | M] () -- C:\Users\Aron\Desktop\Lenz - Verknüpfung.lnk
[2012.02.05 17:47:07 | 000,638,510 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.05 17:47:07 | 000,604,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.05 17:47:07 | 000,130,462 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.05 17:47:07 | 000,107,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.05 17:40:58 | 319,974,512 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.04 23:30:36 | 000,001,356 | ---- | M] () -- C:\Users\Aron\AppData\Local\d3d9caps.dat
[2012.02.04 22:06:01 | 000,008,102 | ---- | M] () -- C:\Users\Aron\AppData\Roaming\mainhst.zgh
[2012.02.04 17:26:09 | 000,140,496 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.04 17:25:59 | 000,280,736 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.02.04 17:23:00 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.02.03 14:00:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-873182316-2344748602-1223967999-1000Core.job
[2012.02.03 13:24:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.01 11:31:42 | 002,803,727 | ---- | M] () -- C:\Users\Aron\Desktop\BWL1-INV-1112-Aufgabe 01_mit_Loesung.pdf
[2012.02.01 10:56:09 | 000,061,879 | ---- | M] () -- C:\Users\Aron\Desktop\OptimaleND.pdf
[2012.01.31 19:45:01 | 000,412,450 | ---- | M] () -- C:\Users\Aron\Documents\Scan0010.pdf
[2012.01.31 19:44:21 | 000,445,415 | ---- | M] () -- C:\Users\Aron\Documents\Scan0009.pdf
[2012.01.31 19:42:55 | 000,432,597 | ---- | M] () -- C:\Users\Aron\Documents\Scan0008.pdf
[2012.01.31 19:42:08 | 000,450,020 | ---- | M] () -- C:\Users\Aron\Documents\Scan0007.pdf
[2012.01.31 19:41:26 | 000,456,315 | ---- | M] () -- C:\Users\Aron\Documents\Scan0006.pdf
[2012.01.31 19:40:41 | 000,494,790 | ---- | M] () -- C:\Users\Aron\Documents\Scan0005.pdf
[2012.01.31 19:39:12 | 000,086,995 | ---- | M] () -- C:\Users\Aron\Documents\Scan0004.pdf
[2012.01.31 19:38:23 | 000,234,344 | ---- | M] () -- C:\Users\Aron\Documents\Scan0003.pdf
[2012.01.31 19:35:37 | 000,207,616 | ---- | M] () -- C:\Users\Aron\Documents\Scan0002.pdf
[2012.01.31 19:33:29 | 000,331,183 | ---- | M] () -- C:\Users\Aron\Documents\Scan0001.pdf
[2012.01.30 19:59:23 | 000,027,128 | ---- | M] () -- C:\Users\Aron\Desktop\studis_cebit_tickets.pdf
[2012.01.29 00:39:07 | 003,990,160 | ---- | M] () -- C:\Users\Aron\Documents\halloren_anleihe_2010a.pdf
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.14 22:21:16 | 000,014,116 | ---- | M] () -- C:\Users\Aron\Desktop\Programm-Semesterende.pdf
[2012.01.09 13:44:06 | 000,001,003 | ---- | M] () -- C:\Users\Aron\Desktop\Klassifizierungen.lnk
 
========== Files Created - No Company Name ==========
 
[2012.02.05 23:10:55 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 22:13:00 | 000,000,301 | ---- | C] () -- C:\Users\Aron\Desktop\ComboFix - Verknüpfung.lnk
[2012.02.05 21:13:09 | 000,000,831 | ---- | C] () -- C:\Users\Aron\Desktop\Ölpiraten in Nigeria - Verknüpfung.lnk
[2012.02.05 21:12:51 | 000,000,579 | ---- | C] () -- C:\Users\Aron\Desktop\Lenz - Verknüpfung.lnk
[2012.02.05 20:05:23 | 000,275,688 | ---- | C] () -- C:\Users\Aron\Desktop\1995-09, 0002.jpg
[2012.02.05 20:05:22 | 007,616,219 | ---- | C] () -- C:\Users\Aron\Desktop\04 - Xoxo.mp3
[2012.02.05 20:05:22 | 006,936,057 | ---- | C] () -- C:\Users\Aron\Desktop\08 - So Perfekt.mp3
[2012.02.05 20:05:22 | 005,530,681 | ---- | C] () -- C:\Users\Aron\Desktop\09 - Die Letzte Gang Der Stadt.mp3
[2012.02.05 17:26:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.02.05 17:26:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.02.05 17:26:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.02.05 17:26:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.02.05 17:26:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.02.05 10:54:09 | 3488,673,792 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.01 11:31:42 | 002,803,727 | ---- | C] () -- C:\Users\Aron\Desktop\BWL1-INV-1112-Aufgabe 01_mit_Loesung.pdf
[2012.02.01 10:56:09 | 000,061,879 | ---- | C] () -- C:\Users\Aron\Desktop\OptimaleND.pdf
[2012.01.31 19:45:00 | 000,412,450 | ---- | C] () -- C:\Users\Aron\Documents\Scan0010.pdf
[2012.01.31 19:44:21 | 000,445,415 | ---- | C] () -- C:\Users\Aron\Documents\Scan0009.pdf
[2012.01.31 19:42:55 | 000,432,597 | ---- | C] () -- C:\Users\Aron\Documents\Scan0008.pdf
[2012.01.31 19:42:08 | 000,450,020 | ---- | C] () -- C:\Users\Aron\Documents\Scan0007.pdf
[2012.01.31 19:41:26 | 000,456,315 | ---- | C] () -- C:\Users\Aron\Documents\Scan0006.pdf
[2012.01.31 19:40:40 | 000,494,790 | ---- | C] () -- C:\Users\Aron\Documents\Scan0005.pdf
[2012.01.31 19:39:12 | 000,086,995 | ---- | C] () -- C:\Users\Aron\Documents\Scan0004.pdf
[2012.01.31 19:38:23 | 000,234,344 | ---- | C] () -- C:\Users\Aron\Documents\Scan0003.pdf
[2012.01.31 19:35:36 | 000,207,616 | ---- | C] () -- C:\Users\Aron\Documents\Scan0002.pdf
[2012.01.31 19:33:29 | 000,331,183 | ---- | C] () -- C:\Users\Aron\Documents\Scan0001.pdf
[2012.01.30 19:59:23 | 000,027,128 | ---- | C] () -- C:\Users\Aron\Desktop\studis_cebit_tickets.pdf
[2012.01.29 00:39:07 | 003,990,160 | ---- | C] () -- C:\Users\Aron\Documents\halloren_anleihe_2010a.pdf
[2012.01.25 22:53:58 | 000,217,088 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2012.01.25 22:53:58 | 000,102,400 | ---- | C] () -- C:\Windows\System32\TrackerNET.dll
[2012.01.14 22:21:16 | 000,014,116 | ---- | C] () -- C:\Users\Aron\Desktop\Programm-Semesterende.pdf
[2012.01.13 18:49:30 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.01.09 13:44:06 | 000,001,003 | ---- | C] () -- C:\Users\Aron\Desktop\Klassifizierungen.lnk
[2011.08.11 17:33:39 | 000,000,118 | ---- | C] () -- C:\Users\Aron\AppData\Roaming\wklnhst.dat
[2011.06.15 15:58:08 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.04.01 06:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.04.01 06:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.04.01 06:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.04.01 05:56:00 | 000,027,872 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.03.22 22:58:22 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.02.16 18:04:36 | 000,706,566 | ---- | C] () -- C:\Program Files\unins000.exe
[2011.02.16 18:04:36 | 000,018,155 | ---- | C] () -- C:\Program Files\unins000.dat
[2010.11.17 19:50:55 | 000,000,286 | ---- | C] () -- C:\Windows\Lexstat.ini
[2010.11.17 19:49:23 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2010.11.17 19:49:22 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2010.11.13 13:32:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.17 09:32:40 | 000,078,848 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV85.sys
[2010.05.07 17:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010.05.07 15:02:43 | 000,004,096 | -H-- | C] () -- C:\Users\Aron\AppData\Local\keyfile3.drm
[2009.11.25 12:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.09.24 05:12:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.24 05:12:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.02 21:55:18 | 000,184,751 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.18 18:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 21:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.12.24 02:02:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.12.24 01:52:52 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.12.24 01:51:54 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.06 22:48:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.11.06 22:48:56 | 000,383,238 | ---- | C] () -- C:\Windows\System32\libmp3lame-0.dll
[2008.11.04 19:12:12 | 000,008,102 | ---- | C] () -- C:\Users\Aron\AppData\Roaming\mainhst.zgh
[2008.10.10 12:47:28 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.10 12:47:17 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.10 11:13:39 | 000,001,356 | ---- | C] () -- C:\Users\Aron\AppData\Local\d3d9caps.dat
[2008.09.26 17:37:38 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.08.16 08:09:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.27 16:22:58 | 000,001,165 | ---- | C] () -- C:\Windows\eReg.dat
[2008.07.13 10:44:08 | 000,116,224 | ---- | C] () -- C:\Users\Aron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.12 07:55:55 | 002,506,752 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2008.07.08 13:24:33 | 000,138,056 | ---- | C] () -- C:\Users\Aron\AppData\Roaming\PnkBstrK.sys
[2008.07.08 13:24:13 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.07.06 10:36:11 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.07.06 09:54:07 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.07.06 09:54:00 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2008.07.06 09:53:55 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2008.07.06 09:47:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.06.10 22:06:54 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.06.10 22:06:54 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.06.10 13:26:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.06.10 13:24:20 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.06.10 13:24:20 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.06.10 13:22:48 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2008.06.10 13:22:11 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008.03.29 12:41:43 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008.03.29 10:01:34 | 000,001,117 | ---- | C] () -- C:\Windows\generic.ini
[2008.03.29 10:01:34 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008.03.29 04:07:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.29 03:48:18 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2008.03.29 03:13:32 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007.01.22 08:49:34 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdacoin.dll
[2006.11.02 16:33:31 | 000,638,510 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,130,462 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,383,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,604,126 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,107,562 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.03.27 11:19:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdavs.dll
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.11.10 15:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[1997.06.14 02:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >

Aron · 06.02.2012, 13:08

Und noch Extra.txt, weil es nicht in den anderen Beitrag gepasst hat:

Code:

ATTFilter

OTL Extras logfile created on: 06.02.2012 12:45:18 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Aron\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 62,18% Memory free
6,71 Gb Paging File | 5,34 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 38,62 Gb Free Space | 16,86% Space Free | Partition Type: NTFS
Drive D: | 228,83 Gb Total Space | 40,81 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,85 Gb Free Space | 99,52% Space Free | Partition Type: FAT
 
Computer Name: ARON-PC | User Name: Aron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{124D56CD-B41C-430D-85B4-E24C58ADF876}" = lport=139 | protocol=6 | dir=in | app=system | 
"{16A7CE25-DBEE-4575-BA96-3E76573240AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1CCE6E6B-69C5-4B84-8408-C9229C8A6410}" = lport=137 | protocol=17 | dir=in | app=system | 
"{288E0B24-148D-4E0E-9B2B-D15FC0C90733}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{36424F13-E0F3-4184-B356-B8D9F2DEAA7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3707E1B2-DC79-4AB4-96E1-80166904A5B9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4D6CACA1-B52A-4AB7-8F15-D16AE6195E38}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4E3A8774-D2EA-4CF1-B765-980A631F179E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5137BE7E-D31D-41EF-A957-060CFB3F59F0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5F4306C7-65BC-4652-ADD8-E9D00823DFD0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{62B12C6A-0EDC-4BE7-AA19-0E8CE74FDAB1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{63E76013-A0A7-451C-B95A-59E5FD4DC1E6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{684D6F67-A648-4D33-AE60-883E2A73666A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{692E8996-0A6E-469A-9962-6B89EA78A8DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{84855E64-3C8A-41F8-99CB-D6F0C41855AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{95185929-2EEF-450A-8570-CF3E5491E3FE}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CBBAB38A-6651-4A54-9E3A-17EAF7DAE29B}" = lport=6004 | protocol=17 | dir=in | app=c:\office12\outlook.exe | 
"{DBD04804-5145-49A8-A10A-2D2CB894ACE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{EF5BF3ED-C5C1-4EE8-813C-4BFEEB40C490}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F3E8E90A-F199-4F84-870A-EC642E4E9695}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FF25254C-80BA-44E0-B6E9-AF84E2D106CE}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002D24B5-D761-445A-86AD-CFF9C1577FD8}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{02F027E6-2F2D-4D0C-AD54-0EEEAB81CD63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{04832078-5874-4A55-A35C-FFBA538D0466}" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{05C835A2-6C15-43A0-8CE3-6CBDD9ACCFD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{06B96CB9-3B7D-4ED8-8D53-C1345998EFBA}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{0A7CAF6D-ABFA-4819-9F0A-F98425CB6F5C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{12FA8D04-87D1-419C-BD7A-AD35B44DB534}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{14B40B15-E952-4936-A268-35E487F24505}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{185909C4-58A6-4536-8366-9F8000477B8E}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{1A016ABC-0FB9-4D2F-AB6C-06A87D31539B}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{1AD5A8C0-5B3D-4566-802A-02FF174B1E06}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{2819FEB1-EA18-414F-85CA-BC8928995ADA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{298CCA4E-F782-4D4C-8FB7-D3BCF8A1BD45}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{30971585-57AD-42B5-8D34-135938CB0D4B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{314C0C16-0950-467A-B639-FBA030F2370E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{37213916-F5CD-484E-8C65-46F3FB0B9EE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{399E14E9-4A2E-4B68-B4E0-C5DA43E8B0C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3E44235F-6A71-4829-80CF-382114A9762B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AECA41C-A444-46AE-9075-AEAC397EAF29}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{51EE4A1E-0836-471F-809C-913B83D8173B}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{52FF9AF4-3933-4004-AC59-E2153D8EC027}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{553EB581-F5AD-4125-BF1B-E19AEAFD16D3}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{5780592F-D7D7-409C-A13A-9CC64DAFDC90}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{5B2B8063-BCCE-49A3-B630-9225B98C95AF}" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\launchgtaiv.exe | 
"{5D5EFA73-11B3-41B4-A4FF-6F2EB0B81134}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{5D6ADC9C-2E9A-40D7-A8F0-71D9DE474368}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{61E0A7BC-DCCC-4D69-B91D-0374400CA6A3}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{66A77897-1C9F-43DE-8BAF-46350D4DD6E2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{66ADFB5D-14C7-467C-BDCC-D5E63E74901A}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{66E0ABB6-F6BD-444F-8216-D513C8AE4AD8}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{75849987-FCFA-4285-8139-78BAECE31C21}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"{80DAB3BC-95CA-4E71-9706-8418FC3A5663}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{881EDC65-85C0-4DB8-A328-A0C0E103CF3D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{88279FF8-C70E-4AB0-8F76-3ACBFE34725C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe | 
"{8E6805F2-F46F-4E3D-8C40-8CE4EFD9BE3F}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"{9B47B278-D2B4-4E65-B46C-4B177C2861F6}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{9C26BF6C-A014-4874-B18D-2F5A2F7346C7}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 (lg)\binaries\ut3.exe | 
"{9EA7FFF2-EEC0-458B-B3D1-1B726A567EFE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A01D8E92-2B53-42DD-AB73-367D2AF3A5CA}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{A4155FA7-446B-42BD-9CB1-1824D0BC2C9F}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{A4F37CAD-FA8D-4816-A6E7-7073E2ABE428}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A628D9E3-61DB-4A41-9022-5D04E243D047}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdapswx.exe | 
"{A82B1C8E-AD9D-4198-A771-791E93B61A50}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{ACAB32B4-ABBC-4B7F-A800-89F476D34749}" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{AF1CD7CF-E07E-4ABC-B41A-E54B0BCFC143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BB9A9B5A-4A0C-43F4-A315-34E66A91753B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{BC5B950F-B323-4EDC-84B4-DAC0249EB676}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BCE50C71-2E2F-44FD-9AF2-AD3DA3C9CEEA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\r.u.s.e. beta\ruse.exe | 
"{BD48D665-1314-4621-9951-C69DE57ABBCF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C13A70D7-D5A6-46C1-8F4F-24C99AA06B40}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{C2D84C87-43D5-4C46-A670-2BA2DDBE6424}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{C4E4586C-F061-47D7-80D8-45DFCABF120D}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{C9A093ED-EACC-4A46-827E-7CBF3743E58A}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D40598A7-7175-4174-A80B-08A250E65BE7}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{D41A13BE-0623-4C74-8439-2E4EE228B02E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DA19FFC5-B4FB-4B80-BCDF-A65958493727}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{DF7F3287-07EA-46F9-86E8-15B15400BC06}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{E050FDEC-60EC-4B76-8589-88E867CD9C5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E2F69F5F-B790-4CDA-889D-6D8D67AE92F3}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{E33230C7-BB1F-4915-8428-B431444E1555}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe | 
"{ED8D1575-DAC2-4BD9-9934-31715883111C}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{F16AA885-EF4F-462C-AB00-ABCDDEA6AA8D}" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"{F708F92D-1985-4B91-BE5B-14CA5CEAB982}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{FF918533-1F52-4F7F-82F5-C8F1819FD76A}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"TCP Query User{01CD028F-F68D-41C1-AB3F-E8525DF027CF}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"TCP Query User{0B5DEF56-B680-40C6-BEA3-74F736CB2C9B}C:\program files\steam\steamapps\arongringer\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\arongringer\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{0E1135CC-249E-41F3-BC46-5D60BED11278}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{269F6435-693C-42F0-9FB4-20EC358AD3F5}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{2FD61044-EDC4-4FE5-BBD5-2615B6D29C6D}D:\lan\call of duty\coduomp.exe" = protocol=6 | dir=in | app=d:\lan\call of duty\coduomp.exe | 
"TCP Query User{4610EE04-24BE-4817-8174-F046D3328662}D:\lan\age of empires 2 crack\age2_x1.exe" = protocol=6 | dir=in | app=d:\lan\age of empires 2 crack\age2_x1.exe | 
"TCP Query User{4BB6F547-309E-4657-AC9C-1680C6DA78E3}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{5179EA11-C82B-41CE-8E35-CD81569B7B58}C:\program files\ascaron entertainment\sacred\sacred.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred\sacred.exe | 
"TCP Query User{52D599F2-DA89-4517-AC24-B4A39042B96B}C:\program files\ascaron entertainment\sacred\gameserver.exe" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred\gameserver.exe | 
"TCP Query User{52DE59C7-BBC8-4A1C-BE02-5D0E7F505378}C:\program files\505games\1c\men of war\mow.exe" = protocol=6 | dir=in | app=c:\program files\505games\1c\men of war\mow.exe | 
"TCP Query User{55B1B4BF-098B-44E4-B553-9ACA57227EDA}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{6143D79B-A63E-434E-A06A-22C9CD3B2996}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{61DF2D57-F255-466B-900B-C3023C05C847}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"TCP Query User{68AD45E4-44ED-4EDC-91E4-F50E9BF61F23}C:\program files\paradox interactive\hearts of iron 2\hoi2.exe" = protocol=6 | dir=in | app=c:\program files\paradox interactive\hearts of iron 2\hoi2.exe | 
"TCP Query User{70FC3032-8C7D-473A-B255-26509730705A}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{7146DF4D-E097-42CC-9752-F12958417DC3}C:\program files\505games\1c\men of war\outfront_mp.exe" = protocol=6 | dir=in | app=c:\program files\505games\1c\men of war\outfront_mp.exe | 
"TCP Query User{7323C7AC-B1F7-45C5-8E10-D2DFFCD657ED}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"TCP Query User{7658A0D6-E426-4E5A-A352-FB9518435E2E}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{7665C7C7-3F2A-453E-9E06-B6C71A44E63C}D:\lan\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\lan\call of duty\codmp.exe | 
"TCP Query User{7A17BFB3-3A37-40FF-9B13-79876C4FC71E}C:\program files\paradox entertainment\hearts of iron\hoi.exe" = protocol=6 | dir=in | app=c:\program files\paradox entertainment\hearts of iron\hoi.exe | 
"TCP Query User{81F7989D-3539-422F-ACCC-38257FD1EA99}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"TCP Query User{82183512-36D5-4A3C-AEEE-A4E901C0F2A5}C:\program files\jowood\die gilde 2\guildii.exe" = protocol=6 | dir=in | app=c:\program files\jowood\die gilde 2\guildii.exe | 
"TCP Query User{833E1C96-F4D1-4BC9-996B-CC12CB49AD56}C:\program files\jowood\die gilde 2\guildii.exe" = protocol=6 | dir=in | app=c:\program files\jowood\die gilde 2\guildii.exe | 
"TCP Query User{84E2CEB3-39CB-4903-B851-724ECC1B156B}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{89309F6B-2490-49A6-808D-51EC5C7CF378}C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"TCP Query User{8D16130A-3B21-4686-8D4F-091C838A8771}C:\program files\printserver utilities\winutil\psadmin.exe" = protocol=6 | dir=in | app=c:\program files\printserver utilities\winutil\psadmin.exe | 
"TCP Query User{8E913157-9C33-422B-83DC-769DE7D61AFF}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{8EF11E01-862D-4701-9E7B-CB5AA9ABF8B1}D:\lan\age of empires 2 crack\age2_x1.exe" = protocol=6 | dir=in | app=d:\lan\age of empires 2 crack\age2_x1.exe | 
"TCP Query User{98B7C1F0-AF0A-4106-883E-7F52B3960D17}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{99B75A4B-DE15-499B-BE39-B58BFD6BE035}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"TCP Query User{9D5702A9-8856-4E06-B52A-C0FF427AFC51}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{A3EB1A7C-C70E-42FC-BF28-5CBE3CDBFA03}D:\lan\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\lan\call of duty\codmp.exe | 
"TCP Query User{A927D599-3096-4763-B0F4-713D0464FBFF}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"TCP Query User{A98A8088-C13D-4FC1-9E1E-CA3761FE1B5C}C:\program files\atari\boiling point\xenus.exe" = protocol=6 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"TCP Query User{AFE152DC-EE97-4F29-BE55-23A88F206629}C:\program files\paradox interactive\hearts of iron 2\hoi2.exe" = protocol=6 | dir=in | app=c:\program files\paradox interactive\hearts of iron 2\hoi2.exe | 
"TCP Query User{BCD428C6-1B4F-4F70-80B4-A319247836C5}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{BE08859B-24DC-47E8-B45C-2297D642E3EF}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{C1E6DFE3-6F57-44D0-860E-794529329E66}C:\users\aron\appdata\local\temp\87cd8825773146d48dab9ffaa29b5ff5\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\aron\appdata\local\temp\87cd8825773146d48dab9ffaa29b5ff5\relicdownloader.exe | 
"TCP Query User{C4726710-0B63-46EC-9C0E-1007733FA895}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{CA8E94EA-8884-49CA-9FA4-E7EBFA275506}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
"TCP Query User{CB3C75DD-9D0F-4DDA-95D0-26C8345CDDD5}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D542BFAD-30A0-4E6E-B933-D5A3B732445F}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{E439431D-1BBC-4C57-93E7-97803EB025A4}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E44EBBC3-86DC-4E9B-8E4B-6180FCF9DA36}C:\program files\505games\1c\men of war\mow_mp.exe" = protocol=6 | dir=in | app=c:\program files\505games\1c\men of war\mow_mp.exe | 
"TCP Query User{E8E31202-07DD-4690-ACEC-5AE6C4449818}C:\program files\505games\1c\men of war\outfront_mp.exe" = protocol=6 | dir=in | app=c:\program files\505games\1c\men of war\outfront_mp.exe | 
"TCP Query User{E9571F87-1906-439F-A0E1-518511BBE49F}D:\lan\call of d\cod2mp_s.exe" = protocol=6 | dir=in | app=d:\lan\call of d\cod2mp_s.exe | 
"TCP Query User{EE857218-C101-4FF3-A14A-EE83EC4FAF3C}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{EF48C979-97EF-4677-A4DE-5764A430C740}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{EF4EC017-C624-41C4-8C8D-30532F025255}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=6 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"TCP Query User{EF4F69D8-94BF-402D-9C38-56821DD36EA5}D:\lan\age of empires 2 crack\empires2.exe" = protocol=6 | dir=in | app=d:\lan\age of empires 2 crack\empires2.exe | 
"TCP Query User{F58EE4F8-205D-48E6-B387-154A1D23C163}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{F74A5981-1EC1-4C08-9750-66A71874DB41}C:\users\aron\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\aron\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"UDP Query User{00D53645-7CE0-4917-AA9D-15FF26D7AE97}C:\program files\printserver utilities\winutil\psadmin.exe" = protocol=17 | dir=in | app=c:\program files\printserver utilities\winutil\psadmin.exe | 
"UDP Query User{010D5585-C43C-47F5-883F-8C4463EFE063}C:\users\aron\appdata\local\temp\87cd8825773146d48dab9ffaa29b5ff5\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\aron\appdata\local\temp\87cd8825773146d48dab9ffaa29b5ff5\relicdownloader.exe | 
"UDP Query User{10CA5A0D-75E6-48F2-83AD-F4CFC05E989B}D:\lan\age of empires 2 crack\age2_x1.exe" = protocol=17 | dir=in | app=d:\lan\age of empires 2 crack\age2_x1.exe | 
"UDP Query User{161DB6F2-6A68-413B-871F-1F6D8CAF5FC3}D:\lan\call of duty\coduomp.exe" = protocol=17 | dir=in | app=d:\lan\call of duty\coduomp.exe | 
"UDP Query User{1840CC8C-E81F-4595-BC65-D6B8DC5811AD}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{18EEEB6E-512E-474E-878B-6673CD7F1392}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{1AF389CD-A987-4473-9F4C-19A62E799A73}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{1C72CCDA-E744-447F-A48C-EEA330C30A89}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{21514B1C-CB14-49F2-9F60-DC6C3F9D5691}D:\lan\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\lan\call of duty\codmp.exe | 
"UDP Query User{217E9EE0-4E41-449E-80AC-9E7789194C71}C:\program files\505games\1c\men of war\outfront_mp.exe" = protocol=17 | dir=in | app=c:\program files\505games\1c\men of war\outfront_mp.exe | 
"UDP Query User{21B40026-051A-4651-9DF3-28747358C0D4}C:\program files\ascaron entertainment\sacred\sacred.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred\sacred.exe | 
"UDP Query User{2A57A686-F30B-4BF1-AB13-BA4F0CD94331}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{39E3A976-FB3C-4257-B2AE-15421561C26D}D:\lan\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\lan\call of duty\codmp.exe | 
"UDP Query User{3A153556-7EFE-4052-96EB-E5A17F8BDD28}D:\lan\age of empires 2 crack\age2_x1.exe" = protocol=17 | dir=in | app=d:\lan\age of empires 2 crack\age2_x1.exe | 
"UDP Query User{45883A3D-871C-4BF5-B876-D8E0FBAAEB6B}C:\program files\505games\1c\men of war\outfront_mp.exe" = protocol=17 | dir=in | app=c:\program files\505games\1c\men of war\outfront_mp.exe | 
"UDP Query User{500D32DD-D3ED-435D-B981-A4126D7FD932}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{51C85CF0-9E62-453C-8E01-09249C7F14B2}D:\lan\call of d\cod2mp_s.exe" = protocol=17 | dir=in | app=d:\lan\call of d\cod2mp_s.exe | 
"UDP Query User{527BF599-40C5-4025-AFE4-213593D5378B}C:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold_crusader_extreme.exe | 
"UDP Query User{5AD24E3A-4CFA-4407-9722-055FABF960D2}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{5D9EA4E4-ACAC-4B58-9E3C-5DF4D662E676}C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe | 
"UDP Query User{63816A83-702A-4F0F-B3F1-F01415513DDC}C:\program files\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{6386182F-8B7C-47B5-BB07-45BC8F7D4270}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{74DAEBBA-C9AA-4B42-A775-0870864177D2}C:\program files\paradox entertainment\hearts of iron\hoi.exe" = protocol=17 | dir=in | app=c:\program files\paradox entertainment\hearts of iron\hoi.exe | 
"UDP Query User{75E5A848-0E97-4FBC-A47E-3034DD151341}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{7DED0B63-5E02-4AE8-B0A4-95FB7E9CFCF8}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{80E569A5-6E6F-4F50-80D9-F246329F9F5E}C:\program files\505games\1c\men of war\mow.exe" = protocol=17 | dir=in | app=c:\program files\505games\1c\men of war\mow.exe | 
"UDP Query User{8367C827-D8E7-483C-B7D2-78AA89EDE0FD}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe | 
"UDP Query User{86577B0E-455D-480D-80D2-E187C2ED3E90}C:\program files\jowood\die gilde 2\guildii.exe" = protocol=17 | dir=in | app=c:\program files\jowood\die gilde 2\guildii.exe | 
"UDP Query User{8921945C-2258-4AB6-9182-6127B262835C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{8FC5AA01-D5EA-4111-AF62-7A45F0223628}C:\program files\steam\steamapps\arongringer\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\arongringer\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{914714CD-CF73-41E3-805B-26C66698843A}C:\program files\ea games\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"UDP Query User{91536378-177B-4861-AAFF-2004D0F2E156}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{9FEF4DD9-1774-49F1-97A7-B3048FCDE2E1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{A655792B-3B08-43A3-91B3-EFE3A226252B}C:\program files\thq\company of heroes\reliccoh.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\reliccoh.exe | 
"UDP Query User{A82B6B54-4D63-4CF6-BD54-626CBFC28CA2}C:\program files\paradox interactive\hearts of iron 2\hoi2.exe" = protocol=17 | dir=in | app=c:\program files\paradox interactive\hearts of iron 2\hoi2.exe | 
"UDP Query User{B31EE6F3-BE3A-4E40-A070-563329C80EEE}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{B3297F16-808D-480A-8586-B33CD6D3043B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{B6BD5DF6-1D3A-4CC5-9780-587D531B3318}C:\program files\atari\boiling point\xenus.exe" = protocol=17 | dir=in | app=c:\program files\atari\boiling point\xenus.exe | 
"UDP Query User{C01FA390-A50D-437C-89B4-0A803D33C330}C:\program files\ascaron entertainment\sacred\gameserver.exe" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred\gameserver.exe | 
"UDP Query User{C9CFD148-B775-4B08-921E-ED857DFDDA09}C:\program files\thq\company of heroes\bugreport\bugreport.exe" = protocol=17 | dir=in | app=c:\program files\thq\company of heroes\bugreport\bugreport.exe | 
"UDP Query User{C9E2DCDD-C77E-4EF6-B620-17A791C311BC}C:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"UDP Query User{D5675646-FD8C-48D8-98EC-BDE42EC7475A}C:\users\aron\appdata\local\temp\_istmp2.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\aron\appdata\local\temp\_istmp2.dir\_ins5576._mp | 
"UDP Query User{DFC8DF74-07BF-4B7F-AD85-AECC4B8369B6}C:\program files\paradox interactive\hearts of iron 2\hoi2.exe" = protocol=17 | dir=in | app=c:\program files\paradox interactive\hearts of iron 2\hoi2.exe | 
"UDP Query User{E2BED84F-EEDD-4E81-B96F-7161530D0DA4}C:\program files\jowood\die gilde 2\guildii.exe" = protocol=17 | dir=in | app=c:\program files\jowood\die gilde 2\guildii.exe | 
"UDP Query User{E6566D2F-D5A0-4B99-9BBA-9CC314D16F10}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E7CD6EF2-7E5F-4F60-B85A-E292FA1C1693}C:\program files\505games\1c\men of war\mow_mp.exe" = protocol=17 | dir=in | app=c:\program files\505games\1c\men of war\mow_mp.exe | 
"UDP Query User{EC2C446A-8C04-4DF9-9286-12B599063043}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{EC7245E3-638D-4ED9-B1BA-B577A0C23577}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{EDE87602-616B-4EB6-8D1E-3AB22641AAB2}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{F7D8AAD2-107F-4E54-9F94-EE2B8DEE5370}D:\lan\age of empires 2 crack\empires2.exe" = protocol=17 | dir=in | app=d:\lan\age of empires 2 crack\empires2.exe | 
"UDP Query User{F9409A83-9DF6-4854-ABF5-8687A7B99A89}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe | 
"UDP Query User{F9CFF4EC-11EE-41C3-ABBC-4BECD3DC2981}C:\program files\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold crusader\stronghold crusader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{10147551-9D1E-92AB-BC25-50062E59FC93}" = CCC Help Korean
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe 
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Nur entfernen)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14E27EF1-62C9-BD82-6CB2-F07BD641248A}" = Catalyst Control Center InstallProxy
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1917776B-8082-EF01-E8E5-206AE05AB344}" = CCC Help Japanese
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24463BC0-F930-455F-8636-4C0B25F449DD}" = Der Schatz des Pharao XXL
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C31929A-D6AB-4D0B-ABF9-4812A045CE97}" = OptionsOracle
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{2E4CF46D-D3FF-9DA3-53EA-AC856EEA044E}" = Catalyst Control Center Graphics Light
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{43AD7481-0048-BD99-5DC9-F33B87FC3CBE}" = Catalyst Control Center HydraVision Full
"{45F5630E-2EE5-07DE-2340-5BB5F41EFA75}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C391BD8-87F8-4FCF-A08E-2351F3E69EC4}" = Die Gilde 2
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5398A646-DA01-E8E5-838C-041F056DF993}" = ccc-core-static
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5CA72DC6-1043-4BDA-A128-C18200FF7ABA}" = Hama WLAN USB Stick
"{5F693EFA-94F7-E6F9-87F8-E9A9A8A9B9DB}" = Catalyst Control Center Graphics Previews Vista
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6143D2FB-55CF-45CD-B6B2-42D7562C7399}" = Radiotracker USB
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69464949-AD9C-4C98-933F-C32FFC86F3C8}" = Doomsday
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7173DEDF-9BFD-21A5-7267-76761A8322AD}" = Catalyst Control Center Localization All
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{762AD6C2-E30E-D6A9-5EE5-AD983BE43363}" = ccc-utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = MCF Ravenhearst
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8D8B167A-ED0F-43F1-AC10-3F4379F7CBBB}" = ArcSoft MediaConverter 2.5
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{928E6B10-5BA7-3D88-D2A0-D17CC8DD5315}" = CCC Help English
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96703682-957B-2614-2CD0-7B2D68CA51E9}" = ATI Catalyst Install Manager
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98786147-80E3-41A5-A80C-1F3C028558CF}" = Hearts of Iron 2
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8DF8593-F619-47DE-AD27-BCABF233433A}" = STOIK Video Converter 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE715C55-563C-3886-14C6-4EC3E4F167DA}" = CCC Help Thai
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0583394-A9E6-1245-FD0D-FBCB2402808B}" = Catalyst Control Center Core Implementation
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBFDCAA6-9611-5CD1-15C2-8C535E006EA9}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2BFA6FC-1997-4971-AA5A-069546572C7F}" = Guild 2 Patch 1.4
"{D2F2A1C2-B162-77F5-9846-7534074A171C}" = Catalyst Control Center Graphics Full New
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E163BB62-2840-4C55-9A8E-5C5B9E9FF86C}" = Armageddon
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E53C2E32-D090-488A-A098-9EB1A09C367F}" = CCC Help Chinese Standard
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FBBA35E1-9449-4902-8A0F-89252C0C1407}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{FD1D0916-AC22-CB57-7268-260F12D72833}" = Catalyst Control Center Graphics Full Existing
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"0591-8077-9297-0833" = FamilySearch Indexing 3.9.9
"3D-Fahrschule" = 3D-Fahrschule
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Ahnenblatt_is1" = Ahnenblatt 2.64
"AVI Media Player_is1" = AVI Media Player 1.0
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Blitzkrieg" = Blitzkrieg Mod
"City Life" = City Life
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
"DAEMON Tools Lite" = DAEMON Tools Lite
"Designer 2.0_is1" = Designer 2.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FLV Player" = FLV Player 2.0 (build 25)
"Google Updater" = Google Updater
"Hearts of Iron 2 Doomsday Armageddon_is1" = HOI2 Doomsday Armageddon 1.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Lenz" = Lenz
"Lexmark 640 Series" = Lexmark 640 Series
"MAGIX Goya burnR D" = MAGIX Goya burnR 1.3.1.3 (D)
"MAGIX Music Maker 15 D" = MAGIX Music Maker 15 15.0.0.19 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Patch for "Men of War"_is1" = Patch 1.17.5 for "Men of War"
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Sacred_is1" = Sacred
"Steam App 220" = Half-Life 2
"Steam App 280" = Half-Life: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 33310" = R.U.S.E. Beta
"Steam App 380" = Half-Life 2: Episode One
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 1.1.10
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2004Setup" = Setup-Start von Microsoft Works 2004
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.02.2012 06:30:08 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:30:18 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:30:30 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:31:28 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:31:41 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:41:26 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 06:42:02 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 07:44:21 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 07:45:01 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 06.02.2012 07:45:08 | Computer Name = Aron-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
 Desktop\checkt.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer 
anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten sind:
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
[ OSession Events ]
Error - 07.12.2011 18:47:34 | Computer Name = Aron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 57
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.12.2011 18:47:41 | Computer Name = Aron-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.02.2012 14:08:05 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 05.02.2012 14:08:05 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 05.02.2012 17:26:48 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.02.2012 17:41:32 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.02.2012 17:46:36 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7030
Description = 
 
Error - 05.02.2012 18:06:28 | Computer Name = Aron-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
 0024219DF6DE wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 05.02.2012 18:09:01 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 05.02.2012 18:09:01 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.02.2012 03:47:56 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.02.2012 03:47:56 | Computer Name = Aron-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

Larusso · 06.02.2012, 14:30

Sieht gut aus. Wenn keine weiteren Probleme mehr vorhanden sind, sind wir hier fertig.
Bitte folge den letzten paar Schritten

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 6 Update 30 ) herunter laden.
Wenn die installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Aron · 06.02.2012, 15:38

Was Java betrifft konnte ich alles erledigen. Allerdings kommt bei der Eingabe von "Combofix /Uninstall" die Nachricht, dass der angegebene Pfad nicht gefunden werden kann. Der Ordner unter C\Combofix ist auch leer und das Icon auf dem Bildschirm ist nur noch "ComboFix-Verknüpfung", allerdings auch ohne vorhandenen Zielpfad. Ich habe seit der letzten Aufforderung nichts mit dem Programm unternommen.

05.02.2012, 18:36	#6
Larusso /// Selecta Jahrusso	Aus Sicherheitsgründen wurde ihr Windows-System blockiert... ja bitte __________________ --> Aus Sicherheitsgründen wurde ihr Windows-System blockiert...

Aus Sicherheitsgründen wurde ihr Windows-System blockiert...

Plagegeister aller Art und deren Bekämpfung: Aus Sicherheitsgründen wurde ihr Windows-System blockiert...