Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Für Virus 50 Euro zahlen

Für Virus 50 Euro zahlen


Log-Analyse und Auswertung: Für Virus 50 Euro zahlen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 14.03.2012, 18:54   #1
Asurmen
 
Für Virus 50 Euro zahlen - Standard

Für Virus 50 Euro zahlen


Hi,

habe auch das Problem mit einem Virus der von mir Geld sehen will.

raOTL logfile created on: 14.03.2012 18:33:19 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = L:\Diverses
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,10% Memory free
4,23 Gb Paging File | 3,76 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 36,36 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 120,45 Gb Free Space | 51,72% Space Free | Partition Type: NTFS
Drive L: | 45,22 Gb Total Space | 38,37 Gb Free Space | 84,84% Space Free | Partition Type: NTFS
Drive M: | 511,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - L:\Diverses\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\FileZilla Client\fzshellext.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (WireHelpSvc) -- C:\Programme\Common Files\WireHelpSvc.exe ()
SRV - (Giraffic) -- C:\Programme\Giraffic\Veoh_GirafficWatchdog.exe (Giraffic)
SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TunngleService) -- C:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)


========== Driver Services (SafeList) ==========

DRV - (XDva289) -- C:\Windows\system32\XDva289.sys File not found
DRV - (XDva143) -- C:\Windows\system32\XDva143.sys File not found
DRV - (XDva039) -- C:\Windows\system32\XDva039.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (dbustrcm) -- C:\Users\Thoran\AppData\Local\Temp\dbustrcm.sys File not found
DRV - (cpuz132) -- C:\Users\Thoran\AppData\Local\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (audyc7sp) -- File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ESLWireAC) -- C:\Windows\System32\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ESLvnic1) -- C:\Windows\System32\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\System32\drivers\tap0901t.sys (Tunngle.net)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (FETND6V) -- C:\Windows\System32\drivers\fetnd6v.sys (VIA Technologies, Inc. )
DRV - (wip0203) -- C:\Windows\System32\drivers\wip0203.sys (Wippien Software)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (RxFilter) -- C:\Windows\System32\drivers\RxFilter.sys (Sonic Solutions)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (xfilt) -- C:\Windows\System32\drivers\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\Windows\System32\drivers\videX32.sys (VIA Technologies, Inc.)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (nvatabus) -- C:\Windows\System32\drivers\nvatabus.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2653012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://search.imesh.com/web?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
IE - HKCU\..\SearchScopes\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}: "URL" = hxxp://search.alcohol-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "iMesh Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.imesh.com"
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.type: 2
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Thoran\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS1002170_SUA_000\npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Thoran\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 10:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.08 16:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 08:36:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Thoran\AppData\Roaming\01011 [2012.03.02 15:46:35 | 000,000,000 | ---D | M]

[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thoran\AppData\Roaming\mozilla\Extensions
[2012.01.28 11:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions
[2011.10.26 19:55:34 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0}
[2012.01.28 11:11:41 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.05.09 09:14:45 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2011.04.05 14:57:51 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\battlefieldplay4free@ea.com
[2011.05.09 09:14:44 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\engine@conduit.com
[2011.05.07 14:29:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Thoran\AppData\Roaming\mozilla\Firefox\Profiles\2bk0lrba.default\extensions\vshare@toolbar
[2011.10.26 19:55:29 | 000,002,516 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\Mozilla\Firefox\Profiles\2bk0lrba.default\searchplugins\SearchResults.xml
[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.16 10:32:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.10.26 19:55:43 | 000,000,000 | ---D | M] (SearchCore for Browsers) -- C:\PROGRAM FILES\SEARCHCORE FOR BROWSERS\SEARCHCORE FOR BROWSERS\FIREFOXEXTENSION
[2009.08.14 12:52:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.08 16:30:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.26 19:55:29 | 000,002,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: No name found = C:\Users\Thoran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2007.11.03 15:54:31 | 000,000,054 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SearchCore for Browsers) - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (SearchCore for Browsers)
O2 - BHO: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O2 - BHO: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\Programme\iMesh Applications\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\prxtbXfir.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (PHPNukeDE Toolbar) - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Toolbar) - {cd90bf73-20f6-44ef-993d-bb920303bd2e} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Programme\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (PHPNukeDE Toolbar) - {C9508125-4747-4733-B048-E4B82DC9716D} - C:\Programme\PHPNukeDE\tbPHPN.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Veoh Web Player Toolbar) - {CD90BF73-20F6-44EF-993D-BB920303BD2E} - C:\Programme\Veoh_Web_Player\prxtbVeoh.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Programme\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Thoran\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [SkypeM] C:\Users\Thoran\AppData\Local\Skype\Skype.exe (Transaction Software, D 81737 Munich)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AED04E4-821F-4766-8279-8396001E3071}: NameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\datamngr.dll (iMesh, Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll) - C:\Programme\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll (iMesh, Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Thoran\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Thoran\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.10.13 12:09:30 | 000,000,043 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a04a9bc-82e2-11dc-a037-0019db319ad8}\Shell - "" = AutoRun
O33 - MountPoints2\{3a04a9bc-82e2-11dc-a037-0019db319ad8}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.03.14 17:11:06 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.03.14 16:00:44 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.03.08 18:29:48 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Template
[2012.03.02 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01011
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Zaruha
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Yxegvu
[2012.03.02 05:23:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Qyit
[2012.03.01 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01010
[2012.02.29 10:42:30 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Local\Chromium
[2012.02.28 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Emfii
[2012.02.27 23:25:58 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01009
[2012.02.24 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ryree
[2012.02.24 23:44:00 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Qoopan
[2012.02.24 14:44:58 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01008
[2012.02.23 11:21:45 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\UAs
[2012.02.20 15:33:28 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01007
[2012.02.17 04:06:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 04:06:08 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.17 04:06:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 04:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 04:06:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 04:06:04 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 15:01:57 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01006
[2012.02.16 14:26:16 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ycox
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Puabe
[2012.02.15 12:42:54 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\Ontixu
[2012.02.15 10:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012.02.14 10:17:13 | 000,000,000 | ---D | C] -- C:\Users\Thoran\AppData\Roaming\01005
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thoran\AppData\Roaming\*.tmp files -> C:\Users\Thoran\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.03.14 18:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.14 18:28:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2012.03.14 18:27:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.14 18:27:32 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.08 21:05:18 | 000,000,202 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\wklnhst.dat
[2012.03.03 01:16:22 | 000,053,328 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\loaupdt.jpg
[2012.03.03 01:16:22 | 000,000,048 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\blckdom.res
[2012.03.02 15:46:47 | 000,005,528 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.01 10:57:09 | 000,129,384 | ---- | M] () -- C:\Users\Thoran\Documents\ts3_clientui-win32-1329301801-2012-03-01 10_56_58.662897.dmp
[2012.02.28 22:27:58 | 000,000,695 | ---- | M] () -- C:\Users\Thoran\Desktop\Heroes of Newerth.lnk
[2012.02.24 13:44:49 | 000,005,416 | ---- | M] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.17 08:24:16 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.02.17 08:11:13 | 000,000,777 | ---- | M] () -- C:\Users\Public\Desktop\ESL Wire.lnk
[2012.02.17 04:31:06 | 000,332,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.16 00:51:23 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.02.15 11:27:55 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Thoran\AppData\Roaming\*.tmp files -> C:\Users\Thoran\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.03.08 18:29:43 | 000,000,202 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\wklnhst.dat
[2012.03.02 18:37:40 | 000,053,328 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\loaupdt.jpg
[2012.03.02 15:46:47 | 000,005,528 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe081.dll
[2012.03.01 10:56:58 | 000,129,384 | ---- | C] () -- C:\Users\Thoran\Documents\ts3_clientui-win32-1329301801-2012-03-01 10_56_58.662897.dmp
[2012.02.28 22:27:58 | 000,000,695 | ---- | C] () -- C:\Users\Thoran\Desktop\Heroes of Newerth.lnk
[2012.02.24 13:44:49 | 000,005,416 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\BAcroIEHelpe078.dll
[2012.02.17 08:24:16 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012.02.08 17:25:11 | 000,000,048 | ---- | C] () -- C:\Users\Thoran\AppData\Roaming\blckdom.res
[2011.12.15 05:41:14 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.07.13 07:16:27 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.10.04 22:08:41 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2010.05.05 02:21:48 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.04.28 22:17:50 | 000,002,110 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010.03.25 16:56:00 | 000,203,331 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

========== LOP Check ==========

[2012.02.08 17:25:25 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01003
[2012.02.10 22:09:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01004
[2012.02.14 10:17:16 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01005
[2012.02.16 15:02:00 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01006
[2012.02.20 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01007
[2012.02.24 14:45:01 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01008
[2012.02.27 23:26:02 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01009
[2012.03.01 11:07:38 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01010
[2012.03.02 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\01011
[2010.06.09 11:07:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\bizarre creations
[2007.05.03 23:30:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012.02.28 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Emfii
[2010.09.12 23:35:26 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ewloan
[2010.08.25 20:28:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\FileZilla
[2009.03.25 17:30:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\fltk.org
[2009.10.14 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\HiveRise
[2010.12.01 00:35:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\iShell
[2011.10.23 13:57:08 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Kalypso Media
[2012.02.08 17:24:11 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\kock
[2008.11.27 20:02:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Leadertech
[2011.05.19 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Lionhead Studios
[2010.10.06 18:58:27 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\LolClient
[2009.09.04 17:23:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.02.09 19:54:53 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\MicroST
[2009.08.12 22:15:13 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Miranda
[2011.04.25 22:01:52 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Mumble
[2009.10.14 23:17:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\NeopleLauncherDFO
[2009.08.27 13:00:18 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\NetSpeedMonitor
[2008.04.25 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Notepad++
[2012.02.15 12:42:54 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ontixu
[2010.12.05 23:54:12 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\OpenCandy
[2007.08.21 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Opera
[2010.12.16 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Panda Security
[2007.11.03 15:50:22 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\PPMate
[2007.11.03 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\ppStream
[2012.03.03 08:28:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Puabe
[2011.03.20 20:32:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\PunkBuster
[2012.03.03 08:25:25 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Qoopan
[2012.03.02 05:23:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Qyit
[2009.02.17 21:43:51 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Red Alert 3
[2012.03.02 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ryree
[2009.01.02 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Secret of the Solstice
[2011.02.27 11:30:38 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Sierra Entertainment
[2009.05.02 14:03:21 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Stardock
[2009.01.05 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\TeamViewer
[2008.04.10 22:47:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Teeworlds
[2009.08.04 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\temp
[2012.03.08 18:29:48 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Template
[2011.02.26 09:51:43 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\The Creative Assembly
[2012.01.26 09:59:23 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\TS3Client
[2011.07.11 19:50:28 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Tunngle
[2012.02.25 11:54:14 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\UAs
[2010.05.03 07:34:43 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ubisoft
[2010.12.05 23:54:55 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Uniblue
[2012.01.14 23:09:36 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Unity
[2008.06.04 09:59:58 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Wippien
[2011.07.01 23:17:59 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\X-Chat 2
[2012.02.25 11:55:12 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\xmldm
[2010.06.19 11:21:08 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\XnView
[2012.02.25 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Ycox
[2010.08.29 20:06:49 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Yrisi
[2012.03.02 05:23:57 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Yxegvu
[2012.03.14 15:41:24 | 000,000,000 | ---D | M] -- C:\Users\Thoran\AppData\Roaming\Zaruha
[2012.03.14 18:28:22 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP2D4B33E

< End of report >

Hoffe habe alles richtig gemacht, falls nicht einfach sagen und ich werde es beim nächsten mal besser machen.

Mfg

Asurmen

Alt 14.03.2012, 18:57   #2
Asurmen
 
Für Virus 50 Euro zahlen - Standard

Für Virus 50 Euro zahlen


Hier noch die andere Log-File:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.03.2012 18:33:19 - Run 1
OTL by OldTimer - Version 3.2.37.0     Folder = L:\Diverses
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 68,10% Memory free
4,23 Gb Paging File | 3,76 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 36,36 Gb Free Space | 20,90% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 120,45 Gb Free Space | 51,72% Space Free | Partition Type: NTFS
Drive L: | 45,22 Gb Total Space | 38,37 Gb Free Space | 84,84% Space Free | Partition Type: NTFS
Drive M: | 511,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate
"D:\Spiele\Combat Arms\CombatArms.exe" = D:\Spiele\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Spiele\Combat Arms\Engine.exe" = D:\Spiele\Combat Arms\Engine.exe:*Enabled:Engine.exe
"D:\Spiele\Combat Arms EU\CombatArms.exe" = D:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"D:\Spiele\Combat Arms EU\Engine.exe" = D:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"D:\Spiele\AirRivalsDe\Launcher.atm" = D:\Spiele\AirRivalsDe\Launcher.atm:Enabled:GameExe2
"D:\Spiele\AirRivalsDe\Res-Voip\SCVoIP.exe" = D:\Spiele\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17931E2A-2D6A-48B5-B855-539EFCC58F38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{49214051-0746-4E8F-B32E-9ED62ED43FA2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5A103801-4827-487F-BFD4-A44C59D166AE}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{A4F53BEF-86EA-4470-9B69-B3AEE3ED3503}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00A50A87-4342-4FE3-AFEA-982499B2CD6D}" = protocol=6 | dir=in | app=d:\spiele\stardock games\demigod\bin\demigod.exe | 
"{00D4CF0D-3578-4EC2-B67D-F890C1DDD1D8}" = protocol=17 | dir=in | app=d:\spiele\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{01C1BD3D-3F8B-4FAC-B8C3-0B8A22B2FF1B}" = protocol=6 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{03A77F70-9B0B-4735-8F11-D8906A1483B7}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"{04B2EFE4-6CA9-4B7C-BDBD-70625D73ECCB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alien swarm\srcds.exe | 
"{0B0B1343-EE2F-4166-B920-C26EF17807F6}" = protocol=6 | dir=in | app=d:\spiele\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{10EB31A0-D001-4558-B519-E2B7177D175F}" = protocol=17 | dir=in | app=d:\spiele\stardock games\demigod\bin\demigod.exe | 
"{12189C18-7F41-4A2B-A899-127F374FE2ED}" = protocol=17 | dir=in | app=d:\spiele\cyanide\loki\loki.exe | 
"{1293C347-EB19-4DF9-AAE0-59B95871FE31}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1326C050-2C55-4F27-B414-8A5AE5640418}" = protocol=6 | dir=in | app=d:\spiele\cyanide\loki\autorun\autorun.exe | 
"{1454F77A-8B28-4343-8214-D29B9FBE4E4C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alien swarm\swarm.exe | 
"{18846FBE-5114-4388-8B0E-C8AF6600A13E}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{1C51F79D-5D57-4F01-92E7-089A6E3C80D8}" = protocol=17 | dir=in | app=d:\spiele\blood bowl legendary edition\autorun\exe\autorun.exe | 
"{1CC9FC99-A08E-442F-93AE-059FE738B53F}" = protocol=6 | dir=in | app=d:\spiele\blood bowl legendary edition\bb_le.exe | 
"{1DB366D1-131F-4C77-892D-189B737DF5CD}" = protocol=17 | dir=in | app=d:\spiele\atari\act of war - high treason\actofwar_hightreason.exe | 
"{1E763B32-33BA-4443-83CE-F8592A83A3EF}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{1E889694-7D41-452C-B050-830E610F454D}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\die schlacht um mittelerde ii\lotrbfme2.exe | 
"{1ECB84E0-614A-47B8-8E8F-442A07C0CA3A}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{1EE2E1F5-AD3C-4605-9DE0-85BE675B2652}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\medal of honor mp beta\mohmpupdater.exe | 
"{21F01E3B-1721-48F1-8747-D0ECD6825EE5}" = protocol=6 | dir=in | app=d:\spiele\heroes in the sky\his.exe | 
"{2A10465B-1BE8-4500-8577-E086BF4ED971}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{2F804DE1-0AFD-4D8A-9DFA-C2D79E790E8F}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\die schlacht um mittelerde ii\lotrbfme2.exe | 
"{2FB170AB-1AE6-48D6-AF97-2A057AD3EB8A}" = protocol=6 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{320E5D46-85D4-4001-8F28-EF71BBE40300}" = protocol=6 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{324D36ED-0EC2-4515-B0D2-92C34E0F5B96}" = protocol=6 | dir=in | app=d:\spiele\atari\act of war - direct action\actofwar.exe | 
"{335E76D5-36D1-473C-8BEE-1193981AD1DD}" = protocol=17 | dir=in | app=d:\spiele\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{33ECFF99-5686-4D39-83C9-9FC3E5ABD73F}" = protocol=17 | dir=in | app=d:\spiele\cyanide\loki\autorun\autorun.exe | 
"{352890A1-54E1-45E3-9E02-062C298FA4C3}" = protocol=17 | dir=in | app=c:\nexon\nexonplug\nmservice.exe | 
"{35570D23-D276-45BF-A30E-AB4458834EF7}" = protocol=6 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{365D1DD0-77DE-4F58-87E2-BAAE4181F8CD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{39B605D8-718D-4B50-B5F5-B0464167E020}" = protocol=17 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{3ACB1D79-0667-48B4-8993-20687FC9970C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{3DB4A9F3-E770-4DA3-B7C1-A0AA61BEFAE0}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{3E140CCF-BB2E-4583-8E88-B24C45ED1529}" = protocol=6 | dir=in | app=d:\spiele\blood bowl legendary edition\autorun\exe\autorun.exe | 
"{3EA13C6F-181E-4272-85C4-6C85110470DD}" = protocol=17 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{4084B75A-19F1-4B09-9410-41C95716DECC}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\medal of honor mp beta\mohmpupdater.exe | 
"{43A43624-C694-46AE-B8ED-03ADB83F36DD}" = protocol=6 | dir=in | app=d:\spiele\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{441AC8BF-26FE-4451-903F-C69BDFE11CA9}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\need for speed(tm) hot pursuit\launcher.exe | 
"{44544B06-6432-4B28-BD72-F303B75CC3E8}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{44A29C7D-276E-4ABD-AD36-366E06951428}" = protocol=17 | dir=in | app=d:\spiele\combat arms eu\nmservice.exe | 
"{451F5983-BCB5-4B3C-A4A2-DAB4F72050D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{45531E56-97DC-4479-B825-8F68D48E6F01}" = protocol=17 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{466F6CAC-1EC0-40B1-84B2-3011D545B50C}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\medal of honor mp open beta\mohmpupdater.exe | 
"{48150646-7D9D-4016-8AA2-99265353AD42}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\command & conquer 3\cnc3.exe | 
"{481EAD8F-1858-4BB0-9495-7A4E5B710B5C}" = protocol=17 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{4D073126-80C5-4ACA-9A80-B282B60C53CC}" = protocol=6 | dir=in | app=c:\programdata\nexon\ngm\ngm.exe | 
"{4D2C74A4-A8E1-4312-826C-F1AE23A3F94A}" = protocol=6 | dir=in | app=d:\spiele\warrock\wrlauncher.exe | 
"{4D8B6863-79CF-4128-94DF-B14E9CA6ECC7}" = protocol=6 | dir=in | app=d:\spiele\atari\act of war - high treason\actofwar_hightreason.exe | 
"{551ADC88-B53C-4E82-957B-A066DE389B72}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{55CC80E7-5ACF-4748-A873-2E6FA1E58AAD}" = protocol=17 | dir=in | app=d:\spiele\thq\dawn of war\w40k.exe | 
"{59486286-98DD-4A87-A59A-ABE4E2D3C363}" = protocol=17 | dir=in | app=d:\spiele\heroes in the sky\his.exe | 
"{5B44843F-3041-42A0-8D77-A78EDF90F3CB}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{5C1AB4DE-92C1-4659-919A-1754D14F5387}" = protocol=17 | dir=in | app=d:\spiele\league of legends\air\lolclient.exe | 
"{5F89070E-1C75-4DE1-B187-DB256840D7EE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\srcds.exe | 
"{609CDD90-0050-4B0B-B27C-73162B35665C}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{619CF55E-03B8-4CB2-880D-54D59F81DF49}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{61E498DC-1D77-4F0C-8C2F-BCD33C8DF26B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{644B5C39-A75B-4E81-A312-701E5672FD0F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{64E00743-3A28-4770-A955-26ACF092CF99}" = protocol=1 | dir=in | name=@firewallapi.dll,-26140 | 
"{66369C85-09C3-4CBF-B862-16B088A0980C}" = protocol=17 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{68F8E996-FE3F-43A3-9F15-99BA0F23EDC6}" = protocol=17 | dir=in | app=d:\spiele\qfg\dead island deluxe edition\deadislandgame.exe | 
"{6BDCB971-32FE-4868-A69E-7505A30D444D}" = protocol=6 | dir=in | app=d:\spiele\thq\gas powered games\supreme commander\bin\supremecommander.exe | 
"{71D6FE8D-5561-4DF2-903E-EC952059353B}" = protocol=6 | dir=in | app=d:\spiele\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"{7421E65F-3906-44B7-B36B-FA375819A6C8}" = protocol=17 | dir=in | app=d:\spiele\thq\dawn of war - dark crusade\darkcrusade.exe | 
"{7AAC624F-C032-417C-B7F4-D878E00F3DC5}" = protocol=6 | dir=in | app=d:\spiele\thq\dawn of war - dark crusade\darkcrusade.exe | 
"{7B7B9ADF-D244-4FF1-B015-1EFF3FA47204}" = protocol=6 | dir=in | app=c:\program files\tunngle\tunngle.exe | 
"{7C8EA9F5-EADF-451F-95D2-2671BE829F95}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{7D610AD8-20F7-4F81-873F-F14E853AA886}" = protocol=17 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{7F72BB35-71CA-4152-9184-F34E2EF83EA1}" = protocol=17 | dir=in | app=c:\programdata\nexon\common\nmservice.exe | 
"{7FE6A9AE-0A18-4748-8795-BB836CE828F7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{819A3326-483E-4284-86C8-AF16B8C9B4ED}" = protocol=6 | dir=in | app=c:\program files\wippien\wippien.exe | 
"{82DD66C3-5D3C-4EA4-B2CA-419D59D2040F}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{87B9C171-B7E3-4A7F-8417-69DE1887C0B8}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{87C5EEBE-90B0-4D2A-9680-9D7EC28D84DE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{8A133AEC-A30B-451D-A17B-1769DB4B6F2E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{922A4DF8-5D32-4955-8194-4A76C10088C7}" = protocol=6 | dir=in | app=d:\spiele\atari\act of war - direct action\actofwar.exe | 
"{93A937AD-53BD-425D-AD4B-BA7C678672F4}" = protocol=6 | dir=in | app=d:\spiele\cyanide\loki\loki.exe | 
"{9E6AA14E-04FB-43A5-AA78-6859B23D200D}" = protocol=58 | dir=in | name=@firewallapi.dll,-26142 | 
"{A15D2DA3-4693-4BCE-8012-6AB381EC1ACB}" = protocol=6 | dir=in | app=d:\spiele\league of legends\game\league of legends.exe | 
"{A36DA13E-BC9B-4F86-8B83-27DD397FD822}" = protocol=17 | dir=in | app=d:\spiele\atari\act of war - direct action\actofwar.exe | 
"{A786BE34-DA72-49D4-A3CE-8059A1CE5FA9}" = protocol=17 | dir=in | app=d:\spiele\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | 
"{A8149B51-B6DC-41FC-AC2C-960041D34270}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{AC65C4EA-666C-4FB1-ADC7-163AD47594DB}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{AD8C1867-37EA-4E16-AFD1-E9B41980C1BD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{B075FA4E-50E1-45A5-98ED-B091E1D96C5C}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\command & conquer 3\cnc3.exe | 
"{B0F8A0C4-A42D-4588-896A-DD985D47AD57}" = protocol=17 | dir=in | app=d:\spiele\microsoft games\halo2.exe | 
"{B157271D-FA2F-40C0-AB92-FCA46363DDA8}" = protocol=17 | dir=in | app=d:\spiele\electronic arts\medal of honor mp open beta\mohmpupdater.exe | 
"{B42DAD55-9EB3-45C5-805C-DF2CD7014F60}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{B4D0ADFD-3FBF-4F22-87F1-3D87224A3E36}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B5782F35-60DD-4809-9C3C-BC1E10790178}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B7CFD481-4D20-4042-9EE1-723C72D74D82}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{B91081DC-5EEF-47E4-B457-AC370DA363B3}" = protocol=6 | dir=in | app=d:\spiele\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{BB1FE344-FE41-40FB-9148-FC61964C3E86}" = protocol=6 | dir=in | app=d:\spiele\qfg\dead island deluxe edition\deadislandgame.exe | 
"{BCD5750A-78A4-4EEE-8F67-70AD683505F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{BD5F19EA-3DFD-48AF-AA18-DDC478BF0704}" = protocol=6 | dir=in | app=c:\program files\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | 
"{C02E44D2-B43B-422D-8CFF-97C665E63C14}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alien swarm\srcds.exe | 
"{C6DF96ED-1229-45C9-BE5D-65EED9648BE9}" = protocol=17 | dir=in | app=d:\spiele\atari\act of war - direct action\actofwar.exe | 
"{D0C8FF28-3A11-49C9-AF40-2A7CF4A0DEFF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{D13E2D46-0A5F-4996-8B85-B1AE8A10B616}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien swarm\swarm.exe | 
"{D729999D-BB5E-402C-9190-AF0CD47BA176}" = protocol=6 | dir=in | app=d:\spiele\microsoft games\halo2.exe | 
"{DD9CBC3F-C164-4BF5-A49F-E3EE626EF61D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{DE4C0849-1F84-4526-8DC9-DAA91C91F25C}" = protocol=17 | dir=in | app=d:\spiele\warrock\wrlauncher.exe | 
"{E0D035B3-B9B9-4D3F-AE2F-0697407E8651}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E3B6D323-C881-4ACB-8DD0-D03FE9347895}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{E3DCE330-2287-40B4-B3A6-2FB9ED29C6E8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E71C127B-98D5-4170-913A-C224DF0EE3A1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{E864B5F4-F0D4-42A3-8EF5-CC0A1AF6E9D2}" = protocol=17 | dir=in | app=d:\spiele\bethesda softworks\hunted\binaries\win32\p4dftre.dll | 
"{E9D6D2CE-A886-4C0D-BB7C-0A3803A6E9B7}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{EDDAB98D-A723-4B86-8181-63601793C677}" = protocol=6 | dir=in | app=d:\spiele\thq\dawn of war\w40k.exe | 
"{EE054AD1-F5F2-4967-A93E-D4C1B51E0C4F}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe | 
"{EF06FFF7-1A9E-43EE-A3A4-F6674C18B3CA}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{F0ABFE12-E5F2-47FC-80F5-98248E0C25E9}" = protocol=17 | dir=in | app=d:\spiele\atari\act of war - high treason\actofwar_hightreason.exe | 
"{F1710661-80AE-4BBC-8500-06F8821BCBCC}" = protocol=17 | dir=in | app=c:\program files\imesh applications\imesh\imesh.exe | 
"{F1F35813-7709-44F4-A295-DFA7E227898F}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{F45C6938-985B-4312-9311-17E369E64C57}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{F63F0DA3-3B9D-4FAC-8A6D-A809F8A44231}" = protocol=6 | dir=in | app=d:\spiele\combat arms eu\nmservice.exe | 
"{F67AE5A1-9F7E-4067-BF54-B26954204B2C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F775D379-41C5-4AE9-8ACC-ED40D654B804}" = protocol=17 | dir=in | app=d:\spiele\blood bowl legendary edition\bb_le.exe | 
"{F7CFD139-4028-4DF3-AA1A-09DFD4BBBCB8}" = protocol=6 | dir=in | app=d:\spiele\atari\act of war - high treason\actofwar_hightreason.exe | 
"{F88BCD9B-84D2-4BB1-992A-8FD9779B9DB5}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe | 
"{F9D7C1C7-EDD1-4289-97DC-451B96024450}" = protocol=6 | dir=in | app=c:\program files\tunngle\tnglctrl.exe | 
"{FF8C938D-FD36-4E3C-820E-38EE272EAE2A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alien swarm\swarm.exe | 
"TCP Query User{4F4CB01A-453A-432C-B185-7961FE8DB1CB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{9AC28B4F-2C80-4FDA-88F4-0669C4920E3C}C:\users\thoran\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\thoran\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{73B7DCCF-63B6-4AAF-A0F5-2826B58DFB1A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D106F384-03A4-4496-ADFC-33AE22A863AB}C:\users\thoran\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\thoran\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{046ED2B7-14D5-4F2C-A275-09D54CEFE757}" = GTactix
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch 
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17D6207F-F9F4-1FDE-3F6B-C5B67CFD87C9}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B4D0B5-81C5-ACE0-94CB-72E875B447A4}" = Catalyst Control Center Graphics Previews Common
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D4AEA8C-3FD2-AB03-9E3A-F040B42E0BA3}" = CCC Help Portuguese
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EE4C1F0-B0BF-37CA-2555-ED586F17C5C9}" = Catalyst Control Center Graphics Previews Vista
"{538A1AE6-5D8B-4BF1-B1B3-AE14FDE21C09}" = Test_OnlineDiagnostic
"{53EBA2A9-50F2-16EB-3A44-C99BFF927032}" = Catalyst Control Center Graphics Light
"{5629D545-08E1-516E-F498-082A72A5269D}" = CCC Help Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A0AEB7F-E55B-809B-0D05-F843032B75F7}" = Catalyst Control Center Graphics Full Existing
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75F440C9-C292-1BA6-9755-C94F800657E9}" = ccc-core-static
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4E2C-EDDA-D622-6DAA-6DDE7B17DE85}" = Catalyst Control Center Localization All
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E3E4FD-1C5F-BB72-1118-799EC15CB30B}" = ATI Catalyst Install Manager
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{878C6821-18F9-F6A2-42A7-1ACB1A14AF5C}" = CCC Help Hungarian
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94bbb1af-e72f-492a-b8dc-7e5713a602d9}" = Nero 9 Lite
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A60ABB01-915B-E5A4-5120-0976C0D7697F}" = CCC Help English
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AE4668DF-BE40-4316-9AFF-E82E3F5A7CC3}" = ccc-utility
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C310995F-B785-4252-6A3B-333BA411DE6B}" = CCC Help French
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio WinOnCD 9 Basic
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2082A6B-2334-2533-A5ED-41B537ECD02A}" = CCC Help German
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E84FA784-3305-5E34-16C8-51949D03C059}" = Catalyst Control Center InstallProxy
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EC318F8C-CECC-B31E-44C4-55A1A63E41D5}" = CCC Help Greek
"{ECAD020B-3418-E868-FC8D-668FA6C6A019}" = Catalyst Control Center HydraVision Full
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4B70AA9-AA91-4894-4AC5-61A6934CD85B}" = Catalyst Control Center Core Implementation
"{F525FDB5-C9D4-6505-ACB9-90C921C83ACD}" = CCC Help Italian
"{F7C1C17E-70E3-475F-BD52-EA554391F15D}" = GameShadow
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FE83F56A-D87F-E70E-AE6E-749DFBE27666}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"Bubble Bobble Quest" = Bubble Bobble Quest
"CCleaner" = CCleaner
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ESL Wire_is1" = ESL Wire 1.11.1
"FileZilla Client" = FileZilla Client 3.3.3
"FLV Player" = FLV Player 2.0, build 24
"free-downloads.net Toolbar" = free-downloads.net Toolbar
"GameCenter" = GameCenter
"Giraffic" = Veoh Giraffic Video Accelerator
"hon" = Heroes of Newerth
"iMesh" = iMesh
"iMesh 1 MediaBar" = MediaBar
"Impulse" = Impulse
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{0C5D0DC4-F5D3-46F9-AE2E-E45C99B4A6B6}" = Enemy Territory - QUAKE Wars(TM) 1.1 Patch
"InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Full)
"Launcher" = Outspark Launcher
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miranda IM" = Miranda IM 0.8.26
"ModernRcon v0.8" = ModernRcon v0.8
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mumble" = Mumble and Murmur
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"PC Wizard 2008_is1" = PC Wizard 2008.1.87
"Pcsx2_is1" = Pcsx2 0.9.2 Watermoose
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"Ping Plotter Freeware" = Ping Plotter Freeware
"PunkBusterSvc" = PunkBuster Services
"SearchCore for Browsers" = SearchCore for Browsers
"SopCast" = SopCast 3.4.0
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"ToggleEN Toolbar" = ToggleEN Toolbar
"Tunngle beta_is1" = Tunngle beta
"UltraISO_is1" = UltraISO Premium V9.33
"Veetle TV" = Veetle TV 0.9.18
"Veoh Web Player Beta" = Veoh Web Player
"Veoh_Web_Player Toolbar" = Veoh Web Player Toolbar
"VLC media player" = VLC media player 1.1.11
"VN_VUIns_Rhine_VIA" = VIA Rhine Family Fast Ethernet Adapter
"vShare" = vShare Plugin
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"X-Chat 2_is1" = X-Chat 2.8.6-1
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
"XnView_is1" = XnView 1.94.2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Nero Toolbar Updater
"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T
"Akamai" = Akamai NetSession Interface
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.03.2012 07:09:58 | Computer Name = Lucien | Source = VSS | ID = 8194
Description = 
 
Error - 14.03.2012 08:38:53 | Computer Name = Lucien | Source = VSS | ID = 8194
Description = 
 
Error - 14.03.2012 10:57:37 | Computer Name = Lucien | Source = LoadPerf | ID = 3001
Description = 
 
Error - 14.03.2012 11:23:01 | Computer Name = Lucien | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.03.2012 11:26:43 | Computer Name = Lucien | Source = LoadPerf | ID = 3001
Description = 
 
Error - 14.03.2012 11:58:48 | Computer Name = Lucien | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wire.exe, Version 1.11.1.7318, Zeitstempel 0x4f3a62d5,
 fehlerhaftes Modul WireCore.dll, Version 0.0.0.0, Zeitstempel 0x4f3a62b6, Ausnahmecode
 0xc0000005, Fehleroffset 0x001e0fde,  Prozess-ID 0x8e4, Anwendungsstartzeit 01cd01fb3b23f7c9.
 
Error - 14.03.2012 12:08:47 | Computer Name = Lucien | Source = LoadPerf | ID = 3001
Description = 
 
Error - 14.03.2012 12:29:10 | Computer Name = Lucien | Source = LoadPerf | ID = 3001
Description = 
 
Error - 14.03.2012 13:30:28 | Computer Name = Lucien | Source = EventSystem | ID = 4609
Description = 
 
Error - 14.03.2012 13:35:45 | Computer Name = Lucien | Source = LoadPerf | ID = 3001
Description = 
 
[ System Events ]
Error - 14.03.2012 12:37:44 | Computer Name = Lucien | Source = volsnap | ID = 393236
Description = Die Schattenkopien von Volume "C:" wurden aufgrund von einem fehlgeschlagenen
 Rechenvorgang bezüglich verfügbarem Speicher abgebrochen.
 
Error - 14.03.2012 13:12:52 | Computer Name = Lucien | Source = bowser | ID = 8003
Description = 
 
Error - 14.03.2012 13:26:34 | Computer Name = Lucien | Source = Application Popup | ID = 876
Description = Treiber DLACDBHM.SYS konnte nicht geladen werden.
 
Error - 14.03.2012 13:29:32 | Computer Name = Lucien | Source = Application Popup | ID = 876
Description = Treiber DLACDBHM.SYS konnte nicht geladen werden.
 
Error - 14.03.2012 13:30:19 | Computer Name = Lucien | Source = DCOM | ID = 10005
Description = 
 
Error - 14.03.2012 13:30:28 | Computer Name = Lucien | Source = DCOM | ID = 10005
Description = 
 
Error - 14.03.2012 13:30:41 | Computer Name = Lucien | Source = DCOM | ID = 10005
Description = 
 
Error - 14.03.2012 13:30:42 | Computer Name = Lucien | Source = DCOM | ID = 10005
Description = 
 
Error - 14.03.2012 13:31:13 | Computer Name = Lucien | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 14.03.2012 13:31:13 | Computer Name = Lucien | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
--- --- ---
__________________
Alt 14.03.2012, 19:28   #3
markusg
/// Malware-holic
 
Für Virus 50 Euro zahlen - Standard

Für Virus 50 Euro zahlen


hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\Thoran\AppData\Local\Skype\Skype.exe (Transaction Software, D 81737 Munich)
 :Files
:Commands
C:\Users\Thoran\AppData\Local\Skype

[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________
__________________
Antwort

Themen zu Für Virus 50 Euro zahlen
akamai, alert, alternate, avira, bacroiehelpe, bho, bingbar, bonjour, conduit, defender, desktop, error, euro, explorer, firefox, format, geld, helper, home, logfile, problem, realtek, registry, scan, searchcore, searchscopes, sierra, software, symantec, temp, virus, vista


« 'HTML/Infected.WebPage.Gen2 | Windows security center virus »


Ähnliche Themen: Für Virus 50 Euro zahlen


  1. Computer gesperrt und 100 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (19)
  2. Virus: Rechner gesperrt 100 Euro via paysafe zahlen ...
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (9)
  3. AKM Virus 100 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  4. Virus/Trojaner, Windows-Security-Center, 100 euro per u-kash oder paysafecard zahlen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2012 (4)
  5. Virus wo man 50 Euro zahlen soll, jetzt vollständig entfernt?
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (5)
  6. Bundespolizeivirus 100 Euro zahlen ! WIN 32 bit
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (6)
  7. Der nächste mit Virus Microsoft zahlen Sie 50 Euro
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (12)
  8. Bundespolizeivirus 100 Euro zahlen !
    Alles rund um Windows - 25.03.2012 (1)
  9. Virus - Betreibssystem blockiert, 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 04.03.2012 (30)
  10. (2x) Virus - Betreibssystem blockiert, 50 Euro zahlen
    Mülltonne - 03.03.2012 (2)
  11. Virus! windows 7 gesperrt, 50 Euro zahlen
    Log-Analyse und Auswertung - 15.02.2012 (15)
  12. Muss 50 euro zahlen virus. Habe OTL instaliiert und ausgefürt. und jetz ?
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (20)
  13. Windowsblockierung und 50 Euro zahlen
    Log-Analyse und Auswertung - 10.02.2012 (17)
  14. Windows Systemblock 50 Euro zahlen + BKA Virus 100 Euro zahlen
    Log-Analyse und Auswertung - 29.01.2012 (1)
  15. windows gesperrt....50 euro zahlen
    Log-Analyse und Auswertung - 21.12.2011 (11)
  16. Windows blockiert 50 euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (5)
  17. Für 7,08 sec soll ich 100,- EURO zahlen!
    Plagegeister aller Art und deren Bekämpfung - 20.06.2003 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Für Virus 50 Euro zahlen - Hi, habe auch das Problem mit einem Virus der von mir Geld sehen will. raOTL logfile created on: 14.03.2012 18:33:19 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder - Für Virus 50 Euro zahlen...
Archiv
Du betrachtest: Für Virus 50 Euro zahlen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55