GVU Trojaner unter Win7

schloenz · 10.07.2012, 13:16

Hi,

ich habe mir leider auch den sogenannten GVU Trojaner eingefangen. Zuerst wollte ich ihn mit dem Kaspersky Windows Unlocker und einem Scan jeweils von der Rescue Disc bekämpfen, half aber nichts.
Dann habe ich herausgefunden, dass ich durch einen Trick (über strg alt entf kurz den GVU Bildschirm wegkriegen=> Firefox starten => versuchen benutzer abzumelden => Firefox hängt sich auf => Abmelden abbrechen => Windows lief praktisch normal, ich konnte nur den Task Manager nicht starten) mein Windows normal zum laufen bringen könnte.
Danach habe ich den PC sofort mit Malwarebytes gescannt (Log im Anhang, leider ohne zu wissen, dass ich alles in Quarantäne verschieben soll, deshalb wurden einige Dateien auch gelöscht). Seitdem läuft der PC wieder normal, aber ich habe Angst, dass der Trojaner noch nicht vollkommend entfernt ist
Sollte ich mein System neu aufsetzen? Oder sind alle unerwünschten Programme soweit sicher entfernt?

Vielen Dank für die Hilfe!

mfg Schlönz

P.S.: OTL erstellt bei mir aus irgendeinem Grund keine Extra.txt. Wenn ich den Haken bei der Extra Registrierung auf "Benutze Safe List" (oder auch "Alles") stelle springt dieser automatisch, sobald ich den Scan starte, auf "Aus" zurück. Ich poste einfach deshalb nur die OTL.txt.

Malwarebytes Log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.09.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
schloenz :: SCHLOENZI [Administrator]

10.07.2012 01:27:46
mbam-log-2012-07-10 (01-27-46).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 398251
Laufzeit: 1 Stunde(n), 28 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 2
C:\Users\schloenz\AppData\Local\Temp\roper0dun.exe (Spyware.Zbot.124Gen) -> Löschen bei Neustart.
C:\Users\schloenz\AppData\Roaming\BAcroIEHelpe163.dll (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C28584-8F10-4D92-987C-0A1008E2435A} (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\schloenz\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\schloenz\AppData\Local\Temp\roper0dun.exe (Spyware.Zbot.124Gen) -> Löschen bei Neustart.
C:\Users\schloenz\AppData\Roaming\BAcroIEHelpe163.dll (Trojan.Banker) -> Löschen bei Neustart.
C:\Users\schloenz\AppData\Roaming\AcroIEHelpe163.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\schloenz\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.
C:\Users\schloenz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL.txt:
OTL logfile created on: 10.07.2012 14:00:53 - Run 4
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\schloenz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,86% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,95 Gb Total Space | 9,31 Gb Free Space | 21,17% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 43,32 Gb Free Space | 23,92% Space Free | Partition Type: NTFS

Computer Name: SCHLOENZI | User Name: schloenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.10 13:47:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\schloenz\Desktop\OTL.exe
PRC - [2012.07.10 13:46:47 | 000,050,477 | ---- | M] () -- C:\Users\schloenz\Desktop\Defogger.exe
PRC - [2012.06.07 17:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.08 13:16:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:15:59 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:15:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- D:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- D:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2010.07.06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) -- D:\Program Files (x86)\Tunngle\TnglCtrl.exe
PRC - [2009.11.06 10:59:04 | 002,244,608 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2009.07.09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe

========== Modules (No Company Name) ==========

MOD - [2012.07.10 13:46:47 | 000,050,477 | ---- | M] () -- C:\Users\schloenz\Desktop\Defogger.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.07 17:34:32 | 000,478,712 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.08 13:16:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:15:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- D:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- D:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.07.06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- D:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.03.30 11:16:14 | 001,823,112 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.10.27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.06.07 17:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012.06.07 17:24:23 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012.05.08 13:16:00 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:16:00 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.19 12:44:24 | 000,256,632 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011.12.19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011.12.19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011.11.29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.10.26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011.09.29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.24 19:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.07.09 13:19:02 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz134_x64.sys -- (cpuz134)
DRV:64bit: - [2010.06.23 17:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.06.10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.04.25 12:50:04 | 000,036,864 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV - [2011.10.26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.11.02 17:57:04 | 000,036,624 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\pxhelp20.sys -- (PxHelp20)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 89 9E 6F E5 29 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.04 19:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_4.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012.05.18 04:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 00:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 22:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.05.18 04:11:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\schloenz\AppData\Roaming\01001.067 [2012.07.09 15:13:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 00:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 22:11:14 | 000,000,000 | ---D | M]

[2010.07.23 00:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schloenz\AppData\Roaming\mozilla\Extensions
[2012.07.01 13:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schloenz\AppData\Roaming\mozilla\Firefox\Profiles\jmhn84y8.default\extensions
[2010.08.12 21:26:17 | 000,002,057 | ---- | M] () -- C:\Users\schloenz\AppData\Roaming\Mozilla\Firefox\Profiles\jmhn84y8.default\searchplugins\youtube-videosuche.xml
[2011.03.04 19:06:32 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.07.01 13:00:26 | 000,193,959 | ---- | M] () (No name found) -- C:\USERS\SCHLOENZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMHN84Y8.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKCU..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CCB798-0BA5-4F6B-9615-DC9FCB6D2975}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.10 13:47:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\schloenz\Desktop\OTL.exe
[2012.07.10 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\Malwarebytes
[2012.07.10 01:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.10 01:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.10 01:26:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.10 01:25:38 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\schloenz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.09 22:01:27 | 000,000,000 | ---D | C] -- C:\Users\schloenz\Desktop\Kaspersky Rescue2Usb
[2012.07.09 15:13:22 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\01001.067
[2012.07.09 00:38:57 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\01001.066
[2012.07.07 03:29:30 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\xmldm
[2012.07.07 03:29:29 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\kock
[2012.07.03 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.07.02 15:22:48 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\XnView
[2012.07.02 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[1 C:\Users\schloenz\AppData\Roaming\*.tmp files -> C:\Users\schloenz\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.10 13:47:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\schloenz\Desktop\OTL.exe
[2012.07.10 13:47:01 | 000,000,000 | ---- | M] () -- C:\Users\schloenz\defogger_reenable
[2012.07.10 13:46:47 | 000,050,477 | ---- | M] () -- C:\Users\schloenz\Desktop\Defogger.exe
[2012.07.10 12:25:08 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 12:25:08 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 12:17:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 12:17:06 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.10 12:16:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.07.10 09:42:10 | 000,000,051 | ---- | M] () -- C:\Users\schloenz\AppData\Roaming\blckdom.res
[2012.07.10 01:26:31 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.10 01:25:51 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\schloenz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.10 00:41:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.09 22:01:30 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.09 22:01:30 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.09 22:01:30 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.09 22:01:30 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.09 22:01:29 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.09 21:59:48 | 210,292,736 | ---- | M] () -- C:\Users\schloenz\Desktop\KWU_1.0.3.upd.iso
[2012.07.09 21:54:44 | 000,387,584 | ---- | M] () -- C:\Users\schloenz\Desktop\rescue2usb.exe
[2012.06.14 12:00:30 | 000,442,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\schloenz\AppData\Roaming\*.tmp files -> C:\Users\schloenz\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.10 13:47:01 | 000,000,000 | ---- | C] () -- C:\Users\schloenz\defogger_reenable
[2012.07.10 12:55:19 | 000,050,477 | ---- | C] () -- C:\Users\schloenz\Desktop\Defogger.exe
[2012.07.10 01:26:31 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.09 21:54:56 | 210,292,736 | ---- | C] () -- C:\Users\schloenz\Desktop\KWU_1.0.3.upd.iso
[2012.07.09 21:54:43 | 000,387,584 | ---- | C] () -- C:\Users\schloenz\Desktop\rescue2usb.exe
[2012.07.09 19:51:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.07 03:29:42 | 000,000,051 | ---- | C] () -- C:\Users\schloenz\AppData\Roaming\blckdom.res
[2011.11.02 02:57:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.11.02 02:57:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.06 18:48:40 | 000,003,584 | ---- | C] () -- C:\Users\schloenz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.02 01:00:03 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010.08.20 01:02:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.08.03 18:01:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 14:16:40 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2012.07.09 00:38:57 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\01001.066
[2012.07.09 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\01001.067
[2012.05.22 02:37:53 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Ad-Aware Antivirus
[2011.01.06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\DeepBurner
[2011.06.08 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Dropbox
[2011.03.30 04:04:59 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\EndNote
[2011.12.26 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\ICQ
[2012.07.07 03:29:29 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\kock
[2011.02.18 19:25:36 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Leadertech
[2012.05.18 04:12:39 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Nokia
[2011.03.04 19:10:52 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\OpenOffice.org
[2011.07.06 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\PC Suite
[2011.01.06 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Pegasys Inc
[2011.11.01 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Swiss Academic Software
[2012.06.25 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\TS3Client
[2010.09.06 04:05:44 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Tunngle
[2012.07.07 03:29:30 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\xmldm
[2012.07.02 15:24:07 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\XnView
[2012.07.09 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Larusso · 11.07.2012, 16:18

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

schloenz · 12.07.2012, 00:14

Hi Daniel,

vielen Dank schonmal für deine Hilfe. Mit Combofix lief soweit alles klar, nachfolgend der Log.

mfg Schlönz

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-11.03 - schloenz 12.07.2012   0:43.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2893 [GMT 2:00]
ausgeführt von:: c:\users\schloenz\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\schloenz\AppData\Roaming\AcroIEHelpe.txt
c:\users\schloenz\AppData\Roaming\srvblck5.tmp
c:\windows\iun6002.exe
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-11 22:52 . 2012-07-11 22:52	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-11 22:52 . 2012-07-11 22:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-11 22:37 . 2012-07-11 22:37	--------	d-----w-	c:\programdata\GFI Software
2012-07-09 23:26 . 2012-07-09 23:26	--------	d-----w-	c:\users\schloenz\AppData\Roaming\Malwarebytes
2012-07-09 23:26 . 2012-07-09 23:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-09 23:26 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-09 13:13 . 2012-07-09 13:13	--------	d-----w-	c:\users\schloenz\AppData\Roaming\01001.067
2012-07-08 22:38 . 2012-07-08 22:38	--------	d-----w-	c:\users\schloenz\AppData\Roaming\01001.066
2012-07-07 01:29 . 2012-07-07 01:29	--------	d-----w-	c:\users\schloenz\AppData\Roaming\xmldm
2012-07-07 01:29 . 2012-07-07 01:29	--------	d-----w-	c:\users\schloenz\AppData\Roaming\kock
2012-07-02 13:22 . 2012-07-02 13:24	--------	d-----w-	c:\users\schloenz\AppData\Roaming\XnView
2012-06-21 12:28 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 12:28 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 12:28 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 12:28 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 12:28 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 12:28 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 12:28 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 12:27 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 12:27 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 00:01 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-14 00:01 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-14 00:01 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 00:01 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 00:01 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 00:01 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-06-14 00:01 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-07 15:35 . 2012-06-07 15:35	10744	----a-w-	c:\windows\SysWow64\vpncategories.dll
2012-06-07 15:35 . 2012-06-07 15:35	33272	----a-w-	c:\windows\SysWow64\vpnevents.dll
2012-06-07 15:25 . 2012-06-07 15:25	27048	----a-w-	c:\windows\system32\drivers\vpnva64.sys
2012-06-07 15:24 . 2012-01-13 17:07	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-05-15 10:48 . 2012-06-02 22:08	25743168	----a-w-	c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-06-02 22:08	19607872	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-06-02 22:08	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-06-02 22:08	14298944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:48 . 2012-06-02 22:08	8139072	----a-w-	c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 22:08	5982528	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-06-02 22:08	2881856	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 22:08	2681664	----a-w-	c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 22:08	2524992	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-06-02 22:08	2445120	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-06-02 22:08	25248064	----a-w-	c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-06-02 22:08	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-06-02 22:08	17551680	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-04-20 13:10	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-04-20 13:10	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-04-20 13:10	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-04-20 13:10	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-03-23 17:01	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-03-23 17:01	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2010-07-22 23:27	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2010-07-22 23:27	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 09:29 . 2011-01-07 19:49	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-01-07 19:49	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-01-07 19:49	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2010-07-09 14:17	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-01-07 19:49	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-01-07 19:50	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-08 15:19 . 2012-04-21 19:17	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-08 15:19 . 2011-05-16 06:53	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 11:16 . 2011-10-16 14:09	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 11:16 . 2011-10-16 14:09	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 17:08 . 2012-06-02 22:08	31040	----a-w-	c:\windows\system32\nvhdap64.dll
2012-04-18 17:08 . 2012-06-02 22:08	72512	----a-w-	c:\windows\system32\nvapo64v.dll
2012-04-18 17:08 . 2012-06-02 22:08	188736	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2012-04-18 17:08 . 2012-04-20 13:10	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2009-11-06 2244608]
"avgnt"="d:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"GrooveMonitor"="d:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;d:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1823112]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 TunngleService;TunngleService;d:\program files (x86)\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2007-04-25 36864]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\schloenz\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"EvtMgr6"="d:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\schloenz\AppData\Roaming\Mozilla\Firefox\Profiles\jmhn84y8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Yawle_0.3b - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-12  01:01:30
ComboFix-quarantined-files.txt  2012-07-11 23:01
.
Vor Suchlauf: 9.894.948.864 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 10.291.597.312 Bytes frei
.
- - End Of File - - DBD10DD55E2C8227C9E65AF47959084F

--- --- ---

Larusso · 14.07.2012, 04:41

Sorry, habs wohl gelesen und nicht geantwortet.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

schloenz · 14.07.2012, 14:55

Hi,
also der ESET Scanner hat nichts gefunden, somit auch keine "List of found threads" angezeigt.
OTL im Folgenden.

mfg Schlönz

OTL.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 14.07.2012 15:43:50 - Run 5
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\schloenz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,15% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,95 Gb Total Space | 9,87 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 43,50 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
 
Computer Name: SCHLOENZI | User Name: schloenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\schloenz\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\CitaviPickerCommunication.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TunngleService) -- D:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Hamachi2Svc) -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (PxHelp20) -- C:\Windows\SysWOW64\drivers\pxhelp20.sys (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 89 9E 6F E5 29 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.spiegel.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:2.7.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://pac.lrz.de/"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.03.04 19:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_4.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_4.0 [2012.05.18 04:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 00:05:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 22:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.05.18 04:11:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\schloenz\AppData\Roaming\01001.067 [2012.07.09 15:13:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 00:05:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.28 22:11:14 | 000,000,000 | ---D | M]
 
[2010.07.23 00:44:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schloenz\AppData\Roaming\mozilla\Extensions
[2012.07.01 13:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schloenz\AppData\Roaming\mozilla\Firefox\Profiles\jmhn84y8.default\extensions
[2010.08.12 21:26:17 | 000,002,057 | ---- | M] () -- C:\Users\schloenz\AppData\Roaming\Mozilla\Firefox\Profiles\jmhn84y8.default\searchplugins\youtube-videosuche.xml
[2011.03.04 19:06:32 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.07.01 13:00:26 | 000,193,959 | ---- | M] () (No name found) -- C:\USERS\SCHLOENZ\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JMHN84Y8.DEFAULT\EXTENSIONS\{37FA1426-B82D-11DB-8314-0800200C9A66}.XPI
 
O1 HOSTS File: ([2012.07.12 00:52:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [GrooveMonitor] D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63CCB798-0BA5-4F6B-9615-DC9FCB6D2975}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.14 15:42:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\schloenz\Desktop\OTL.exe
[2012.07.14 14:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.14 14:16:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\schloenz\Desktop\esetsmartinstaller_enu.exe
[2012.07.12 01:02:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.12 01:01:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.12 00:41:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.12 00:41:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.12 00:41:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.12 00:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012.07.12 00:31:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.12 00:31:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.12 00:28:43 | 004,576,462 | R--- | C] (Swearware) -- C:\Users\schloenz\Desktop\ComboFix.exe
[2012.07.10 01:26:41 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\Malwarebytes
[2012.07.10 01:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.10 01:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.10 01:26:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.10 01:25:38 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\schloenz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.09 22:01:27 | 000,000,000 | ---D | C] -- C:\Users\schloenz\Desktop\Kaspersky Rescue2Usb
[2012.07.09 15:13:22 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\01001.067
[2012.07.09 00:38:57 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\01001.066
[2012.07.07 03:29:30 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\xmldm
[2012.07.07 03:29:29 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\kock
[2012.07.03 12:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
[2012.07.02 15:22:48 | 000,000,000 | ---D | C] -- C:\Users\schloenz\AppData\Roaming\XnView
[2012.07.02 15:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.06.21 14:28:22 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 14:28:22 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 14:28:22 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 14:28:11 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 14:28:11 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 14:28:11 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 14:27:54 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 14:27:53 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.14 15:42:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\schloenz\Desktop\OTL.exe
[2012.07.14 14:16:29 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 14:16:29 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 14:16:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\schloenz\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 14:07:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 14:07:46 | 3220,561,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.14 14:07:06 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012.07.12 00:52:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.12 00:29:08 | 004,576,462 | R--- | M] (Swearware) -- C:\Users\schloenz\Desktop\ComboFix.exe
[2012.07.11 01:26:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.11 01:26:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.11 01:26:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.11 01:26:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.11 01:26:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.10 13:46:47 | 000,050,477 | ---- | M] () -- C:\Users\schloenz\Desktop\Defogger.exe
[2012.07.10 09:42:10 | 000,000,051 | ---- | M] () -- C:\Users\schloenz\AppData\Roaming\blckdom.res
[2012.07.10 01:26:31 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.10 01:25:51 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\schloenz\Desktop\mbam-setup-1.61.0.1400.exe
[2012.07.10 00:41:05 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.09 21:59:48 | 210,292,736 | ---- | M] () -- C:\Users\schloenz\Desktop\KWU_1.0.3.upd.iso
[2012.07.09 21:54:44 | 000,387,584 | ---- | M] () -- C:\Users\schloenz\Desktop\rescue2usb.exe
 
========== Files Created - No Company Name ==========
 
[2012.07.12 00:41:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.12 00:41:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.12 00:41:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.12 00:41:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.12 00:41:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.10 12:55:19 | 000,050,477 | ---- | C] () -- C:\Users\schloenz\Desktop\Defogger.exe
[2012.07.10 01:26:31 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.09 21:54:56 | 210,292,736 | ---- | C] () -- C:\Users\schloenz\Desktop\KWU_1.0.3.upd.iso
[2012.07.09 21:54:43 | 000,387,584 | ---- | C] () -- C:\Users\schloenz\Desktop\rescue2usb.exe
[2012.07.09 19:51:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.07 03:29:42 | 000,000,051 | ---- | C] () -- C:\Users\schloenz\AppData\Roaming\blckdom.res
[2011.11.02 02:57:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.11.02 02:57:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.01.06 18:48:40 | 000,003,584 | ---- | C] () -- C:\Users\schloenz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.02 01:00:03 | 000,003,654 | ---- | C] () -- C:\Windows\SysWow64\drivers\Sonyhcp.dll
[2010.08.20 01:02:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.08.03 18:01:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.23 14:16:40 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== LOP Check ==========
 
[2012.07.09 00:38:57 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\01001.066
[2012.07.09 15:13:24 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\01001.067
[2011.01.06 18:23:00 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\DeepBurner
[2011.06.08 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Dropbox
[2011.03.30 04:04:59 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\EndNote
[2011.12.26 21:25:23 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\ICQ
[2012.07.07 03:29:29 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\kock
[2011.02.18 19:25:36 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Leadertech
[2012.05.18 04:12:39 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Nokia
[2011.03.04 19:10:52 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\OpenOffice.org
[2011.07.06 17:21:16 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\PC Suite
[2011.01.06 18:28:42 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Pegasys Inc
[2011.11.01 19:45:24 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Swiss Academic Software
[2012.06.25 23:29:01 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\TS3Client
[2010.09.06 04:05:44 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\Tunngle
[2012.07.07 03:29:30 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\xmldm
[2012.07.02 15:24:07 | 000,000,000 | ---D | M] -- C:\Users\schloenz\AppData\Roaming\XnView
[2012.07.09 15:10:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Extras.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 14.07.2012 15:43:50 - Run 5
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\schloenz\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,15% Memory free
8,00 Gb Paging File | 6,33 Gb Available in Paging File | 79,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,95 Gb Total Space | 9,87 Gb Free Space | 22,46% Space Free | Partition Type: NTFS
Drive D: | 181,12 Gb Total Space | 43,50 Gb Free Space | 24,01% Space Free | Partition Type: NTFS
 
Computer Name: SCHLOENZI | User Name: schloenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- D:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A42BC9-8DD6-401D-97BB-73D4994FEE9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C5C159C-ACF8-497A-8630-3FA23CA51C46}" = rport=137 | protocol=17 | dir=out | app=system | 
"{16D6762E-7CCE-445B-8869-64BB514B1B84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D13265E-0061-4424-BEF4-2669C4477D55}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2B5A7A7E-10D7-40E5-8EA9-CF427A3519E2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2C9EF1B6-5CD2-4F51-8CB9-04DC31034965}" = rport=138 | protocol=17 | dir=out | app=system | 
"{391468FF-A1EC-4788-8B67-8964F1D3ACB5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{402DD96A-4361-4739-AAA0-253F5E10032E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4381ABE0-BAA2-43ED-915B-4A73B701ACDD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4DF45105-3C69-483B-9BCD-A26021EB04C1}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\outlook.exe | 
"{5E4F2371-F5E8-427F-9B30-4AE3B5D68ED8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66552687-9D52-4586-B9F2-863DE80BD7C1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{675A0710-6DB6-4F1C-A787-AA2B9BF3AB33}" = lport=139 | protocol=6 | dir=in | app=system | 
"{79430E6B-9350-42F8-8015-3E2E0A696BF5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8799B6E9-D250-458F-9D9B-967178D726E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8FAF42AF-D456-4808-B746-2AE22F843D3E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{94555EF7-8062-4875-9262-28CF4877AA8C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B4E1C3E8-B6C9-4018-9DC0-530C7F6DA7B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2619A98-9533-454D-87A9-2571A72F78D8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C33FDDDF-05CC-42CA-9763-EA05494A9369}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C62DE464-DDF7-449C-9F74-7B0BB8F15BF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEA6715C-842E-435E-9245-B7A1D0B482A5}" = lport=6112 | protocol=6 | dir=in | name=battle.net | 
"{DBFF38A2-D161-46E3-8CB8-639E10FDF556}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DEE5A79C-BEA9-4559-942B-5876015D94E1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EC2D45D0-FCDE-4FD3-BC7B-0C0ACEBEADC6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04281D1F-01A9-4DE7-BAB8-1E0D674BA59F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{086CBBF8-F5E1-448B-8D9A-086B101121F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{0B28EB9E-692A-4964-8616-74DD7084F004}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0EC3A667-B9E9-42F2-B654-E80D0D56F1EF}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{0FB3C2BC-C843-45D2-A213-CE3B9535CB15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{11F0C2D3-8687-4DE1-AC07-5DA8E866DE82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12760B0E-93F3-4C10-9EDB-762723A13407}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{159D76E0-EC4F-475A-811B-829D585E04F9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{16E5466A-0861-4DF6-8FA7-3089E2627DCB}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo 3\diablo iii\diablo iii.exe | 
"{1A593315-CC5F-4257-A63D-A28FF1E6F535}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{1DFA2B9E-FE68-4502-8B0B-923A8B5B425F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21BE4F2F-3B81-4138-9A67-6E42C04F19EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{280F573C-94CA-4C70-997C-7D7219772D49}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{294EEDF6-5871-4F90-84A8-9C57485CB00C}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{2A2B580F-8F5C-48DC-9C5A-5AF5917B4DF6}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{2AD75FDA-BADD-479C-BA43-D2D73E094E14}" = protocol=58 | dir=in | app=system | 
"{2B8DE7F2-8578-4961-B7E5-280E2603FBB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{2D0778FF-44F5-4A27-BC0A-D39E017D19B9}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{30C7AF83-65BA-4A39-BB8B-F337F432C3CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{312F7AB2-5C31-4E7D-9DE8-1F47CA3BA795}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{314BB430-67B4-49D2-9284-E1852B71B223}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{34643944-92CB-4CE4-BEB8-52554F74EB8C}" = protocol=17 | dir=in | app=d:\program files (x86)\tunngle\tnglctrl.exe | 
"{3484DBB4-5289-4974-93AB-A05B98163FB8}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{36CCB7EF-A99A-4155-8277-011D68BD69B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3A7FF42D-52AB-4B2B-8E28-EBDDD9543696}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{3BA55C24-2F67-4A73-AF55-182E03B2B7C9}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\groove.exe | 
"{442B2273-F414-4AFC-BFB0-5EC177725C2B}" = protocol=6 | dir=in | app=d:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"{44F9CFBE-E07D-435E-97C1-66489A7E7FA3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{4DAE6C32-8CA0-4A70-AE4A-2F2812B57403}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4F0053B0-CE14-4FB7-B291-73D6F0BEE6C9}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{5107E6A7-8BBB-4DB9-ACF7-E034B0262CBB}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe | 
"{512B1D57-2EEF-492A-94D5-A3FDDA8C2AD7}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office12\groove.exe | 
"{5CBC8ABE-DED1-479F-A142-369112631AC0}" = protocol=6 | dir=in | app=c:\users\schloenz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5DB63772-F489-436F-BB04-F015E9F37BC1}" = protocol=17 | dir=in | app=d:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"{5E16D2A2-0E93-4EE0-B38A-B16DC2FD9410}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo 3\diablo iii\diablo iii.exe | 
"{60809308-9D62-407E-B00C-292A52C5A6A7}" = protocol=6 | dir=in | app=d:\program files (x86)\tunngle\tunngle.exe | 
"{618686D0-34A1-4375-9625-2BAB58BFD703}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"{6287B1C1-BC65-4EC4-945B-881C9EEB397C}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe | 
"{65A74066-4366-4E45-8CF4-E26C6C47B514}" = protocol=17 | dir=in | app=c:\users\schloenz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6703ADDB-8442-487F-9B4E-EB8031FD73F8}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_dede.exe | 
"{68410AEE-D6AF-4C7D-9955-B9BBC7999DCC}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_engb.exe | 
"{69F8B8B0-979D-4C36-B552-F75421AA2C26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A475F8B-E122-4CBC-A5EC-CBC4A1E31E1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{6B8C9C3F-B49D-46DD-9AA5-167E9BB293CC}" = protocol=6 | dir=in | app=c:\users\schloenz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6CE72910-1C72-4582-B76E-187E927A7E02}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{6CED19F0-14C9-460A-9952-F0C8A8E8D414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70875FE0-220B-4608-BFBD-5458708F42BB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{74986B44-1D0F-49E6-B26A-9DE2209F8EF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.649\agent.exe | 
"{74B73476-5AF2-4535-9049-D75DFC3408B7}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{77DE46FC-84F0-4584-988D-E8CC1CAADACC}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"{79B9A42C-23D4-427E-B994-DA45A0E2EF31}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{7FB81784-4EA8-4046-8949-A240C1640A2C}" = protocol=17 | dir=in | app=c:\users\schloenz\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8552735C-51D8-447F-9E3F-D4130933F04C}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{8646004D-3505-43F8-99E1-11C6522AC7DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88F2B75F-7882-4AAA-AD75-3791AC2B4975}" = protocol=17 | dir=in | app=d:\program files (x86)\tunngle\tunngle.exe | 
"{8B61CFD0-D1C0-44AB-B76F-E88D14A3D040}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"{8D826E2C-D06A-4456-B29E-9A1611EF41FF}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_dede.exe | 
"{91665023-5979-429D-BD17-7238B329D06B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{9B3B4F5F-260D-40DC-85A2-6B89039435FB}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{9EB78A1C-28F4-403D-A1E1-C00EE79DD737}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"{9FA044B3-4D89-474C-9E97-FB781AB343E6}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe | 
"{A577AD55-4F3C-40E5-B22B-0E79AE19DB47}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.4\icq.exe | 
"{AC3505D9-4FD4-4F87-BCCE-036CE235A185}" = protocol=6 | dir=out | app=system | 
"{B5E4DFAE-68CB-426E-8219-C5C992A84BC9}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_engb.exe | 
"{B5FAB3E6-8934-4884-B310-3AA94FC2BBF6}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe | 
"{BB0DAF2D-935B-4A31-A930-F6A9DE720D14}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BB277F87-F93A-4463-95F7-57DF61CFF396}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BBE86EB5-C2D3-4636-A240-CFDAD1C920CF}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{BC3691CE-D8F1-49A1-A868-9E62A66AB738}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.2\icq.exe | 
"{BE9EC703-5F8D-4F5F-8779-E40DE414C7F4}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"{C007D96B-2FE4-4459-BCD2-3D18B5B57D64}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.2\icq.exe | 
"{C1009A09-1AC1-478F-B048-B228989021A4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C288A02F-50E0-4B14-9B85-81B8585366BA}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{C3421618-2EC9-403B-B15E-A6B00E5AA8D0}" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe | 
"{C4B8F181-B0FF-4261-9F3B-B122A8A90591}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C4C20243-A813-4675-B48D-C94DC71806AD}" = protocol=6 | dir=in | app=d:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{CA0416E8-ED04-4821-A293-871F196D9A0A}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{CABB7F14-B5A8-4620-9346-CD471CE654DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CC419AD8-0B99-4C6E-8363-06454755F08D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D27A3F8F-ABE0-4937-AFD5-41D4A41397E8}" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe | 
"{D2BF5F5B-F873-48E1-9F1F-729D349B8F82}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"{D636DD95-DDA2-45A5-BDC4-EED6DC52AD2B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{D674F58D-B4A3-4ABB-8B98-11634FC7685A}" = protocol=6 | dir=in | app=d:\program files (x86)\tunngle\tnglctrl.exe | 
"{DF98B3EB-BC68-4FF2-9962-25727BDBC33C}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"{E080560E-11D7-4CD8-B222-DF951B48D793}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{E0D67D05-688E-4AF1-AB11-38F92B6B799D}" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"{E228B393-E342-41BF-8E35-98A99530CFC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E28B3575-EBA7-4BB3-8D20-719E548E4973}" = protocol=17 | dir=in | app=d:\program files\age of empires ii\empires2.exe | 
"{E63E5839-6F1C-4C89-904F-9ACD4BBD4920}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E7516682-A632-4E1E-A706-FB4EAA44C0E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9B28DEE-3BD0-4D4C-94BD-6773CA0F84D3}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{EBDDA143-AE13-449F-B538-4F89AF8740D6}" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"{F0450E87-B03B-4482-B152-FD7DD1FD7453}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F095B481-69C3-4B9D-8D91-9CB05AFDF4EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{F1CDB7FD-EC0E-4D17-A5FE-2CA40E8FA9F8}" = protocol=17 | dir=in | app=d:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{F37807A1-2936-4C55-A3E6-09E69F290DFE}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe | 
"{F6BFC0F4-7C89-4978-88C8-DD1A614E1D4F}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.4\icq.exe | 
"{FB8F22D4-A1BC-4813-8EA5-ED717438FF94}" = protocol=6 | dir=in | app=d:\program files\age of empires ii\empires2.exe | 
"TCP Query User{029AB524-697D-4658-A716-0529FF260C9D}C:\users\schloenz\desktop\heroes_of_newerth_lan_by_sordit_1.3\heroes of newerth lan by sordit 1_3\heroes of newerth lan by sordit\hon.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\heroes_of_newerth_lan_by_sordit_1.3\heroes of newerth lan by sordit 1_3\heroes of newerth lan by sordit\hon.exe | 
"TCP Query User{0F6AFFEE-EF99-4F2A-A158-2330C99209B9}C:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"TCP Query User{1232644D-27D2-46A8-A87E-14030C0493D5}C:\users\schloenz\desktop\starcraft_2_eu_en-gb(2).exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\starcraft_2_eu_en-gb(2).exe | 
"TCP Query User{125E242B-C80F-46E7-8D4D-98424810DCC8}D:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{14FFDF28-7C67-4374-A59C-F404BD5B2A85}C:\users\schloenz\desktop\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_warcraft3_the_frozen_throne_engb.exe | 
"TCP Query User{1C1982F1-6D24-4934-AF2A-BFD3782B039F}D:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{25A56E0D-BF24-46AE-A15B-7393F7BB0A25}D:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{27E8F367-671E-45BD-9DDA-50E998B53934}C:\users\schloenz\desktop\aoe2_the_conquerors(1)\aoc\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\aoe2_the_conquerors(1)\aoc\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"TCP Query User{2B8D06E8-D8D4-4B9A-BE30-20E40375C282}C:\users\schloenz\desktop\downloader_diablo2_engb.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_engb.exe | 
"TCP Query User{2E4A4FDA-FE45-464A-8857-DCDDDDEBD059}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{2F4FCF53-30E0-41A2-B3E9-9FE2FF7635A3}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
"TCP Query User{3187F0B5-491E-4970-BDC8-E62B0778D7B2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{4DFB91F1-2DF4-49B4-B0DF-EF800D6CB63A}D:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{52CA95EE-48E5-4E57-A9E6-0A7361ECCB4F}D:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{5708C1C0-A570-4815-8DDB-113D8767E58D}D:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{5D49C7CA-477F-4AB5-8F56-9391386E2E00}D:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.4\icq.exe | 
"TCP Query User{8E090252-E0FA-4DF7-A0FA-424023892127}D:\program files (x86)\warcraft iii\yawle.exe" = protocol=6 | dir=in | app=d:\program files (x86)\warcraft iii\yawle.exe | 
"TCP Query User{9077B1E0-BBAF-4758-B225-8C95ECD7BC68}D:\program files\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=d:\program files\age of empires ii\empires2.exe | 
"TCP Query User{9745B3B1-80B0-42B2-B09E-BDC768466E84}C:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe | 
"TCP Query User{9F70E28C-92B7-4087-BD41-3358F24065AB}D:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{A1989C10-8EBE-4AAC-97B9-DF9A6D90C41F}D:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A67CACB7-4893-46C3-BD86-F9DD2751CAB4}C:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe | 
"TCP Query User{B106BA22-9FB6-4B05-8BBB-10E5BEC730D8}C:\users\schloenz\desktop\starcraft_2_eu_en-gb.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\starcraft_2_eu_en-gb.exe | 
"TCP Query User{B2B84886-C2EE-47A2-B292-C884510C5B37}D:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{BFDB3DC0-D86B-4027-A395-7B0B56769E0D}C:\users\schloenz\desktop\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_warcraft3_reign_of_chaos_engb.exe | 
"TCP Query User{D1093F68-02F2-4BCA-AF61-4BB3C331AB94}C:\users\schloenz\desktop\downloader_diablo2_dede.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_dede.exe | 
"TCP Query User{D21712DA-D753-4372-893D-8CFF8A205EE0}C:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe | 
"TCP Query User{D34A128F-A1B9-47EF-B576-A6AD3B5E8A75}D:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{DFA39703-7535-4BC8-BDEC-88D73B7D7508}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{E2D53F5D-1C34-45EC-BB0C-AEC865C0D7A6}D:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"TCP Query User{E75B9F92-539E-4D13-980C-A7BDD5C3D229}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{F7057DCB-8711-4EAC-B456-350C3F665D11}D:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{FDFB378B-48D3-410F-BDE0-3724043A3DB1}D:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{02271968-DD36-4643-994A-EC648993C361}D:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{039D1A50-92ED-4482-A509-D82E23E6D118}C:\users\schloenz\desktop\heroes_of_newerth_lan_by_sordit_1.3\heroes of newerth lan by sordit 1_3\heroes of newerth lan by sordit\hon.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\heroes_of_newerth_lan_by_sordit_1.3\heroes of newerth lan by sordit 1_3\heroes of newerth lan by sordit\hon.exe | 
"UDP Query User{1744ADFB-7A79-44A8-A5CF-D9ED936ED686}C:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_dede.exe | 
"UDP Query User{1CCBAF4D-6F25-4CEB-8CC7-16453AD5D047}D:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{2745782B-537C-452E-BE85-5CAE9313410A}D:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{31F9F1E1-60F7-4271-A945-733867A1E1B4}D:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{32E0F1E0-F0BC-4B31-BEED-20E17E682AB3}C:\users\schloenz\desktop\aoe2_the_conquerors(1)\aoc\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\aoe2_the_conquerors(1)\aoc\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"UDP Query User{3ADF0F19-B86A-4036-9623-664EBC67ABA5}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{3C6F0520-AA73-4666-9C1D-340E1678655C}C:\users\schloenz\desktop\downloader_warcraft3_reign_of_chaos_engb.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_warcraft3_reign_of_chaos_engb.exe | 
"UDP Query User{3F043830-06A1-4971-AEFA-935653FF7F1C}D:\program files\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=d:\program files\age of empires ii\empires2.exe | 
"UDP Query User{4535DE8D-5AD7-4C9E-BBE3-AA0EFD3A3DA8}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{4FD55DD8-1856-41C4-8FC8-B3EB0BBC9A43}D:\program files (x86)\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{5D852605-8D34-41D7-B782-86B2C4955D24}D:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires 2 & the conquerors\game\age2_x1\age2_x1.exe | 
"UDP Query User{5E065EEB-FBC8-45FB-8DAC-499772B178C6}C:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\heroes of newerth lan by sordit\hon.exe | 
"UDP Query User{6019CC42-4885-4929-89B4-EBD637A36A32}D:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{64BE56A1-34B2-446F-BFF8-63F24A4939E9}D:\program files (x86)\warcraft iii\yawle.exe" = protocol=17 | dir=in | app=d:\program files (x86)\warcraft iii\yawle.exe | 
"UDP Query User{7CB8E383-A44D-4CFA-B509-332870569E5A}C:\users\schloenz\desktop\downloader_warcraft3_the_frozen_throne_engb.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_warcraft3_the_frozen_throne_engb.exe | 
"UDP Query User{7EA2B7D4-9E20-4BA4-A409-F3C4294B1038}C:\users\schloenz\desktop\starcraft_2_eu_en-gb.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\starcraft_2_eu_en-gb.exe | 
"UDP Query User{859B50B8-B9A5-495E-B2DD-79882AAE9E07}D:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{8AA8D2BC-3825-4BA8-AAA9-7ABE84DD9B75}C:\users\schloenz\desktop\downloader_diablo2_engb.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_engb.exe | 
"UDP Query User{97D7E6DB-B778-4946-8FE6-6BECCB5BDF76}C:\users\schloenz\desktop\downloader_diablo2_dede.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_dede.exe | 
"UDP Query User{9B094C66-66F2-4A36-A7C7-DDC6636013FF}D:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{A6C178CE-446A-403F-A258-07BBFA2EE5E8}D:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{A7DDBBF3-287B-4262-91CF-241F78C1D297}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{AF122739-1315-40EA-A970-5783CA2EAE2C}C:\users\schloenz\desktop\starcraft_2_eu_en-gb(2).exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\starcraft_2_eu_en-gb(2).exe | 
"UDP Query User{B15867DF-4B35-431F-8771-F53E8C7C32C6}D:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{B653A69A-EDF0-4446-93E0-519B0FC56FC4}D:\program files (x86)\icq7.4\icq.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.4\icq.exe | 
"UDP Query User{BFA54F83-3DCB-4A92-8ABA-2D9907E17FE0}D:\program files (x86)\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{C159FF50-41AF-4CBC-822D-122B0DC079D7}C:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\downloader_diablo2_lord_of_destruction_engb.exe | 
"UDP Query User{D060CD0E-8C88-443F-8144-D2F36012928B}D:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{DA094A55-7A97-4FDF-81AD-247A681F8267}C:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\schloenz\desktop\diablo-iii-8370-engb-installer-downloader.exe | 
"UDP Query User{F3E2E4C0-443A-4B50-9716-2423FCF302F8}D:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{F4E05223-1A3D-4B3B-8AE0-7344EFD06D38}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A41EB7B5-8883-4795-A587-AAD8A84A010D}" = Cisco AnyConnect Secure Mobility Client
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"Guitar Pro 5_is1" = Guitar Pro 5.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Nokia Suite" = Nokia Suite
"RealAlt_is1" = Real Alternative 2.0.2
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"StarCraft II" = StarCraft II
"SystemRequirementsLab" = System Requirements Lab
"Tunngle beta_is1" = Tunngle beta
"Warcraft III" = Warcraft III
"XnView_is1" = XnView 1.99
"Yawle_0.3b" = YAWLE 0.5b
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 14:38:01 | Computer Name = schloenzi | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.4.3.21029 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c8    Startzeit: 01cd02d9bc34affd

Endzeit:
 80    Anwendungspfad: D:\Program Files (x86)\StarCraft II\Versions\Base21029\SC2.exe

Berichts-ID:
   
 
Error - 14.04.2012 19:05:36 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: voobly.exe, Version: 0.1.1.1262, 
Zeitstempel: 0x4e50533d  Name des fehlerhaften Moduls: messenger.dll, Version: 0.0.0.0,
 Zeitstempel: 0x4e505297  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001254a  ID des fehlerhaften
 Prozesses: 0x654  Startzeit der fehlerhaften Anwendung: 0x01cd1a9254b2b982  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Voobly\voobly.exe  Pfad des fehlerhaften
 Moduls: D:\Program Files (x86)\Voobly\messenger.dll  Berichtskennung: 581baf29-8686-11e1-b722-00218548f9e8
 
Error - 26.04.2012 17:47:41 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0x131c  Startzeit der fehlerhaften Anwendung: 0x01cd23f5ceb96774  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Pfad
 des fehlerhaften Moduls: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Berichtskennung:
 7272daa5-8fe9-11e1-98d2-00218548f9e8
 
Error - 26.04.2012 17:50:17 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0x580  Startzeit der fehlerhaften Anwendung: 0x01cd23f6573ee9b2  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Pfad
 des fehlerhaften Moduls: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Berichtskennung:
 cf25eacf-8fe9-11e1-98d2-00218548f9e8
 
Error - 26.04.2012 17:53:41 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0xc68  Startzeit der fehlerhaften Anwendung: 0x01cd23f6fbd82e1f  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\wc3_roc_tft_keychanger\cdkey.exe  Pfad des fehlerhaften
 Moduls: C:\Users\schloenz\Desktop\wc3_roc_tft_keychanger\cdkey.exe  Berichtskennung:
 48b3e0a3-8fea-11e1-98d2-00218548f9e8
 
Error - 26.04.2012 17:56:49 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0xefc  Startzeit der fehlerhaften Anwendung: 0x01cd23f76a5cf775  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\wc3_roc_tft_keychanger\cdkey.exe  Pfad des fehlerhaften
 Moduls: C:\Users\schloenz\Desktop\wc3_roc_tft_keychanger\cdkey.exe  Berichtskennung:
 b8c08836-8fea-11e1-98d2-00218548f9e8
 
Error - 26.04.2012 17:58:39 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0x1248  Startzeit der fehlerhaften Anwendung: 0x01cd23f7a526a7d2  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\ROC_CDKey_Changer\ROC_CDKey_Changer\cdkey.exe
Pfad
 des fehlerhaften Moduls: C:\Users\schloenz\Desktop\ROC_CDKey_Changer\ROC_CDKey_Changer\cdkey.exe
Berichtskennung:
 fa6ed92a-8fea-11e1-98d2-00218548f9e8
 
Error - 26.04.2012 18:04:00 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Name des fehlerhaften Moduls: cdkey.exe, Version: 1.0.0.0, Zeitstempel:
 0x3d016737  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000198c1  ID des fehlerhaften Prozesses:
 0xcfc  Startzeit der fehlerhaften Anwendung: 0x01cd23f85f9d0a5a  Pfad der fehlerhaften
 Anwendung: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Pfad
 des fehlerhaften Moduls: C:\Users\schloenz\Desktop\warcraft3-tft-roc-cd-key-changer\wc3_tft_cdkey_changer\cdkey.exe
Berichtskennung:
 b99c93de-8feb-11e1-909b-00218548f9e8
 
Error - 04.06.2012 07:06:50 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000002ffca0
ID
 des fehlerhaften Prozesses: 0x56c  Startzeit der fehlerhaften Anwendung: 0x01cd422c359abe12
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 61ccd9e9-ae35-11e1-b533-00218548f9e8
 
Error - 05.06.2012 08:56:13 | Computer Name = schloenzi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WINWORD.EXE, Version: 12.0.4518.1014,
 Zeitstempel: 0x45428028  Name des fehlerhaften Moduls: wwlib.dll, Version: 12.0.4518.1014,
 Zeitstempel: 0x454285fb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00d58788  ID des fehlerhaften
 Prozesses: 0x878  Startzeit der fehlerhaften Anwendung: 0x01cd4312fcd6e6b9  Pfad der
 fehlerhaften Anwendung: D:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
Pfad
 des fehlerhaften Moduls: D:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll
Berichtskennung:
 d44ea185-af0d-11e1-8b1d-00218548f9e8
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 14.07.2012 07:54:37 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 14.07.2012 07:54:37 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 14.07.2012 07:54:42 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.07.2012 08:08:04 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 14.07.2012 08:08:04 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 14.07.2012 08:08:11 | Computer Name = schloenzi | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
 Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE

 
Error - 14.07.2012 08:21:46 | Computer Name = schloenzi | Source = acvpnui | ID = 67108866
Description = Function: MSSaxErrorHandlerImpl::fatalError File: .\Xml\MSSaxErrorHandlerImpl.cpp
Line:
 41 Invoked Function: ISAXXMLReader::parse Return Code: -1072897499 (0xC00CE225) Description:
 WINDOWS_ERROR_CODE XML Parser fatal error: Fehler bei der Überprüfung.  
 
Error - 14.07.2012 08:21:46 | Computer Name = schloenzi | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
 Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
 GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
 <C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
 Host discarded.
 
Error - 14.07.2012 08:21:47 | Computer Name = schloenzi | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
 Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
 Daten mehr verfügbar.   
 
Error - 14.07.2012 08:21:47 | Computer Name = schloenzi | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1086 NULL object. Cannot establish a connection at this time.
 
[ OSession Events ]
Error - 05.06.2012 08:56:13 | Computer Name = schloenzi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3264
 seconds with 1680 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 12.07.2012 12:11:58 | Computer Name = schloenzi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20  SBRE
 
Error - 12.07.2012 12:44:32 | Computer Name = schloenzi | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 13.07.2012 06:44:04 | Computer Name = schloenzi | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 13.07.2012 06:44:48 | Computer Name = schloenzi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20  SBRE
 
Error - 13.07.2012 11:32:19 | Computer Name = schloenzi | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 13.07.2012 11:32:53 | Computer Name = schloenzi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20  SBRE
 
Error - 14.07.2012 07:54:20 | Computer Name = schloenzi | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 14.07.2012 07:54:59 | Computer Name = schloenzi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20  SBRE
 
Error - 14.07.2012 08:07:47 | Computer Name = schloenzi | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PxHelp20.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 14.07.2012 08:08:24 | Computer Name = schloenzi | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20  SBRE
 
 
< End of report >

--- --- ---

Larusso · 14.07.2012, 20:18

Macht der Rechner noch Probleme ?

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

schloenz · 14.07.2012, 20:46

Hi,

mit Java hab ich alles wie beschrieben durchgeführt und der Rechner macht keine Probleme. Denkst du der Trojaner ist entfernt worden aka mein Rechner wieder vollständig sauber?

Larusso · 15.07.2012, 16:40

Eine 100% Garantie kann man nie geben. Fakt ist, dass keine Malware aktiv ist.

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

schloenz · 17.07.2012, 13:20

Hi,

also bei mir is alles soweit in Ordnung, mein PC läuft ordentlich und nun hoffentlich sicher^^ Vielen Dank nochmal für deine Hilfe und dass du dir soviel Zeit genommen hast!

mfg Schlönz

Larusso · 17.07.2012, 13:26

Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

GVU Trojaner unter Win7

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner unter Win7