Internetverbindung ist extrem langsam/Trojaner entdeckt?

lexnimrod · 17.07.2012, 17:44

Hallo!

Nachdem meine Internetverbindung zusehends langsamer wurde, bzw ich stark schwankende Verbindungsraten bemerkt habe, habe ich wie von euch beschrieben mal das System abgecheckt:

Malwarebites meldete folgendes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.17.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Edo :: EDO-PC [Administrator]

Schutz: Aktiviert

17.07.2012 18:29:38
mbam-log-2012-07-17 (18-29-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228729
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

hier die otl und extras. txt

Code:

ATTFilter

OTL logfile created on: 17.07.2012 18:48:53 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Edo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 52,04% Memory free
7,72 Gb Paging File | 5,79 Gb Available in Paging File | 74,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 39,39 Gb Free Space | 26,43% Space Free | Partition Type: NTFS
 
Computer Name: EDO-PC | User Name: Edo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Edo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Users\Edo\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe (Huawei Technologies Co., Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\DRIVERS\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\DRIVERS\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\DRIVERS\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\DRIVERS\athrxusb.sys (Atheros Communications, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0DyBtB0A0AtDyDyEyEtAyE0EyCtN0D0TzutBtDtCtBtDyCtByE&cr=1963526588
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0DyBtB0A0AtDyDyEyEtAyE0EyCtN0D0TzutBtDtCtBtDyCtByE&cr=1963526588
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0DyBtB0A0AtDyDyEyEtAyE0EyCtN0D0TzutBtDtCtBtDyCtByE&cr=1963526588
IE - HKLM\..\SearchScopes\{116A0518-E4F5-FE0E-B44B-0901EE56AD4C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 1B DD DE 99 6D CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzutDtDtC0DyBtB0A0AtDyDyEyEtAyE0EyCtN0D0TzutBtDtCtBtDyCtByE&cr=1963526588
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19764&mntrId=485434e6000000000000001d72aa05440544
IE - HKCU\..\SearchScopes\{116A0518-E4F5-FE0E-B44B-0901EE56AD4C}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D1AADC93-DE08-4BA0-AD4F-18081DC27413}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Edo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.20 18:50:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:56:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.04.20 18:50:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:56:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.15 20:00:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edo\AppData\Roaming\mozilla\Extensions
[2012.07.17 18:16:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edo\AppData\Roaming\mozilla\Firefox\Profiles\ecfu4j5e.default\extensions
[2012.07.16 08:27:48 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\Edo\AppData\Roaming\mozilla\Firefox\Profiles\ecfu4j5e.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012.06.24 01:56:27 | 000,002,295 | ---- | M] () -- C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Profiles\ecfu4j5e.default\searchplugins\Search.xml
[2012.06.24 10:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.16 19:23:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.06.24 10:37:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.17 10:56:39 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 10:56:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.08 15:49:07 | 000,003,659 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.09.09 23:07:38 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.17 10:56:37 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 10:56:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 10:56:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 10:56:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 10:56:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_tele.ring Verbindungsmanager] C:\Program Files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F70BBE14-FCAB-49F8-8F2D-CA20305962A0}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Edo\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b87e6c1-675e-11e0-9728-e8fe285f60d9}\Shell - "" = AutoRun
O33 - MountPoints2\{2b87e6c1-675e-11e0-9728-e8fe285f60d9}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{67716c6b-c53e-11e1-8d1e-001d72aa0544}\Shell - "" = AutoRun
O33 - MountPoints2\{67716c6b-c53e-11e1-8d1e-001d72aa0544}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{67716c97-c53e-11e1-8d1e-001d72aa0544}\Shell - "" = AutoRun
O33 - MountPoints2\{67716c97-c53e-11e1-8d1e-001d72aa0544}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9793d9b0-9de4-11e0-9a48-001d72aa0544}\Shell - "" = AutoRun
O33 - MountPoints2\{9793d9b0-9de4-11e0-9a48-001d72aa0544}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 360 Days ==========
 
[2012.07.17 18:28:51 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Malwarebytes
[2012.07.17 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.17 18:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.17 18:27:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.17 18:27:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 18:00:26 | 000,000,000 | ---D | C] -- C:\3590F75ABA9E485486C100C1A9D4FF06ZZ.ZZZZ.Z...ZZZZ
[2012.07.17 16:25:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Edo\Desktop\OTL.exe
[2012.07.08 15:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.07.08 15:51:03 | 000,000,000 | ---D | C] -- C:\Sierra
[2012.07.08 15:48:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.07 12:29:04 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Awesomium
[2012.07.03 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\tele.ring Verbindungsmanager
[2012.07.03 20:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tele.ring Verbindungsmanager
[2012.07.03 20:43:45 | 000,308,352 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysWow64\bminstall.dll
[2012.07.03 20:43:45 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Program Files (x86)
[2012.07.03 20:43:44 | 000,039,552 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\tcpipBM.sys
[2012.07.03 20:43:44 | 000,016,512 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\SysNative\drivers\BMLoad.sys
[2012.07.03 20:43:02 | 001,001,472 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2012.07.03 20:43:02 | 000,271,360 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012.07.03 20:43:02 | 000,221,312 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.07.03 20:43:02 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.07.03 20:43:02 | 000,098,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2012.07.03 20:43:02 | 000,086,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2012.07.03 20:43:02 | 000,069,632 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2012.07.03 20:43:02 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012.07.03 20:43:02 | 000,028,672 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2012.07.03 20:43:02 | 000,022,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwupgrade.sys
[2012.07.03 20:43:02 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2012.07.03 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tele.ring Verbindungsmanager
[2012.07.03 20:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2012.06.24 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\888poker
[2012.06.24 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Edo\Start Menu
[2012.06.24 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Edo\Application Data
[2012.06.24 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012.06.24 19:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012.06.24 19:58:33 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\PacificPoker
[2012.06.24 19:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2012.06.24 01:56:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.06.24 01:55:53 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Google
[2012.06.24 01:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012.06.24 01:29:56 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Macromedia
[2012.06.03 18:41:27 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\QuickPar
[2012.06.03 17:59:01 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.06.03 17:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar
[2012.06.03 17:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2012.05.20 18:59:08 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\SWTOR
[2012.05.19 22:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2012.05.19 22:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012.05.16 19:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.16 19:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.04 09:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.30 08:55:26 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\AlawarEntertainment
[2012.04.30 08:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.04.30 08:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OXXOGames
[2012.04.30 08:47:04 | 388,669,848 | ---- | C] (INTENIUM GmbH) -- C:\Users\Edo\Documents\HausDer1000Tueren.exe
[2012.04.19 12:59:29 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\ReBuy
[2012.03.05 16:21:56 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\Lada Niva
[2012.02.24 13:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.05 19:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2012.01.29 17:54:42 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.01.29 17:54:37 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\TeamSpeak 3 Client
[2012.01.25 20:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012.01.14 15:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2012.01.14 15:53:23 | 000,508,984 | ---- | C] (NCH Software) -- C:\Users\Edo\Documents\switchsetup.exe
[2012.01.13 18:29:38 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.13 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Motorola
[2012.01.13 18:28:46 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.01.13 12:30:24 | 000,000,000 | ---D | C] -- C:\Users\Edo\{6a34e8db-1f9c-4913-af71-4cba7aa5f181}
[2012.01.13 12:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2012.01.13 12:27:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Motorola
[2012.01.13 12:26:32 | 008,551,232 | ---- | C] (Motorola) -- C:\Users\Edo\Documents\MotoHelper_2.1.32_Driver_5.4.0.exe
[2012.01.04 21:43:32 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\HP
[2011.12.20 20:24:03 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\calibre
[2011.12.20 20:23:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2011.12.20 20:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2011.12.10 17:12:26 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\~kindle
[2011.12.10 01:53:09 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\My Kindle Content
[2011.12.10 01:52:53 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2011.12.10 01:52:43 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Amazon
[2011.11.30 17:17:56 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Geckofx
[2011.11.30 17:17:45 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Firefly Studios
[2011.11.30 17:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Firefly Studios
[2011.11.24 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\My Photos
[2011.11.24 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\My Documents
[2011.11.24 23:22:30 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Htc
[2011.11.24 22:54:33 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.24 22:53:08 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\HTC
[2011.11.24 22:50:26 | 074,036,842 | ---- | C] (HTC Corporation                                              ) -- C:\Program Files\setup_3.0.5527.exe
[2011.11.24 22:19:05 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Downloaded Installations
[2011.11.24 22:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.11.24 22:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2011.11.24 22:14:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2011.11.24 22:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.11.12 12:10:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.10.26 16:09:07 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Avira
[2011.10.26 16:08:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.26 16:08:37 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.26 16:08:37 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.26 16:08:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.26 16:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.26 16:08:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.24 08:38:30 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\~Manga
[2011.10.23 17:28:24 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Funcom
[2011.10.13 19:55:57 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Arkadium
[2011.10.12 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011.10.01 18:55:50 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\reakktor
[2011.09.29 18:29:00 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\PunkBuster
[2011.09.29 18:28:06 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\NVIDIA
[2011.09.29 18:21:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.09.29 18:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011.09.29 18:12:08 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\OpenCandy
[2011.09.29 18:12:06 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\OpenCandy
[2011.09.29 16:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011.09.28 17:34:18 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\Scanner42
[2011.09.12 10:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH_EN
[2011.09.12 10:27:45 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Conduit
[2011.09.12 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\NCH Software
[2011.09.12 10:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2011.09.12 10:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011.09.12 10:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2011.09.12 10:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2011.09.09 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2011.09.09 23:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ADLSoft UnCompressor
[2011.09.09 23:07:36 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\Babylon
[2011.09.09 23:07:36 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Local\Babylon
[2011.09.09 23:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.09.09 21:49:25 | 000,000,000 | ---D | C] -- C:\Users\Edo\AppData\Roaming\GetRightToGo
[2011.09.09 21:49:25 | 000,000,000 | ---D | C] -- C:\Users\Edo\Documents\Downloads
[2011.09.07 18:41:51 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.09.07 18:41:51 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.09.07 18:38:06 | 000,000,000 | ---D | C] -- C:\Users\Edo\SystemRequirementsLab
[2011.09.05 12:24:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\enable Encore
[2011.08.10 23:39:58 | 000,000,000 | ---D | C] -- C:\Users\Edo\Desktop\GR
[2011.08.01 22:14:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 360 Days ==========
 
[2012.07.17 18:51:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.17 18:27:20 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 18:16:04 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 18:16:04 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 16:26:32 | 000,000,000 | ---- | M] () -- C:\Users\Edo\defogger_reenable
[2012.07.17 16:25:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Edo\Desktop\OTL.exe
[2012.07.17 16:19:18 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job
[2012.07.17 16:16:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 09:33:06 | 000,358,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 20:45:18 | 001,559,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.03 20:45:18 | 000,671,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.03 20:45:18 | 000,631,942 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.03 20:45:18 | 000,144,380 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.03 20:45:18 | 000,118,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.03 20:44:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012.07.03 20:43:50 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\tele.ring Verbindungsmanager.lnk
[2012.07.03 20:43:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.24 19:59:00 | 000,001,864 | ---- | M] () -- C:\Users\Edo\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.06.24 19:59:00 | 000,001,846 | ---- | M] () -- C:\Users\Edo\Desktop\888poker.lnk
[2012.06.24 01:55:50 | 000,302,425 | ---- | M] () -- C:\Users\Edo\AppData\Local\funmoods-speeddial.crx
[2012.06.24 01:55:50 | 000,031,470 | ---- | M] () -- C:\Users\Edo\AppData\Local\funmoods.crx
[2012.06.03 17:59:01 | 000,000,846 | ---- | M] () -- C:\Users\Edo\Desktop\QuickPar.lnk
[2012.05.19 22:10:45 | 000,001,306 | ---- | M] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.05.19 22:09:47 | 039,827,080 | ---- | M] () -- C:\Users\Edo\Documents\SWTOR_setup.exe
[2012.05.16 19:22:47 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.08 09:23:13 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 09:23:13 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.04.30 08:51:06 | 388,669,848 | ---- | M] (INTENIUM GmbH) -- C:\Users\Edo\Documents\HausDer1000Tueren.exe
[2012.03.13 04:10:23 | 001,538,358 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.25 12:39:47 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.01.29 17:54:44 | 000,001,008 | ---- | M] () -- C:\Users\Edo\Desktop\TeamSpeak 3 Client.lnk
[2012.01.25 20:12:37 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012.01.14 15:55:04 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Audiobearbeitungs-Software.lnk
[2012.01.14 15:54:05 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk
[2012.01.14 15:53:23 | 000,508,984 | ---- | M] (NCH Software) -- C:\Users\Edo\Documents\switchsetup.exe
[2012.01.13 12:26:36 | 008,551,232 | ---- | M] (Motorola) -- C:\Users\Edo\Documents\MotoHelper_2.1.32_Driver_5.4.0.exe
[2011.12.31 18:07:30 | 000,012,089 | ---- | M] () -- C:\Users\Edo\Desktop\pix in text.odt
[2011.12.21 14:26:02 | 000,000,473 | ---- | M] () -- C:\Users\Edo\Desktop\~kindle.lnk
[2011.12.20 20:49:20 | 000,002,008 | ---- | M] () -- C:\Users\Edo\Desktop\Kindle.lnk
[2011.12.18 13:38:25 | 000,017,684 | ---- | M] () -- C:\Users\Edo\Desktop\Jokes.odt
[2011.10.26 16:08:48 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.23 01:40:45 | 000,012,314 | ---- | M] () -- C:\Users\Edo\Desktop\Evanescence - What you want.odt
[2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.09.30 16:10:51 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.09.30 16:10:51 | 000,281,656 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.30 16:07:52 | 000,281,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.29 18:25:56 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.07 22:00:35 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat
[2011.09.07 22:00:35 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat
[2011.09.07 22:00:34 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat
[2011.09.07 22:00:34 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat
[2011.09.07 22:00:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.09.07 22:00:14 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011.09.07 18:15:07 | 000,009,380 | ---- | M] () -- C:\Users\Edo\AppData\Local\d3d9caps64.dat
[2011.09.07 17:28:59 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.17 18:27:20 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.17 16:26:32 | 000,000,000 | ---- | C] () -- C:\Users\Edo\defogger_reenable
[2012.07.03 20:44:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jucdcacm_01007.Wdf
[2012.07.03 20:43:50 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\tele.ring Verbindungsmanager.lnk
[2012.07.03 20:43:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012.06.24 19:59:00 | 000,001,864 | ---- | C] () -- C:\Users\Edo\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.06.24 19:59:00 | 000,001,846 | ---- | C] () -- C:\Users\Edo\Desktop\888poker.lnk
[2012.06.24 01:55:54 | 000,302,425 | ---- | C] () -- C:\Users\Edo\AppData\Local\funmoods-speeddial.crx
[2012.06.24 01:55:53 | 000,031,470 | ---- | C] () -- C:\Users\Edo\AppData\Local\funmoods.crx
[2012.06.07 00:45:07 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 17:59:01 | 000,000,846 | ---- | C] () -- C:\Users\Edo\Desktop\QuickPar.lnk
[2012.05.19 22:10:45 | 000,001,306 | ---- | C] () -- C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk
[2012.05.19 22:09:44 | 039,827,080 | ---- | C] () -- C:\Users\Edo\Documents\SWTOR_setup.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.29 17:54:44 | 000,001,008 | ---- | C] () -- C:\Users\Edo\Desktop\TeamSpeak 3 Client.lnk
[2012.01.25 20:12:37 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012.01.14 15:55:04 | 000,001,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Audiobearbeitungs-Software.lnk
[2012.01.14 15:55:04 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Audiobearbeitungs-Software.lnk
[2012.01.14 15:53:43 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Audiodatei-Konverter.lnk
[2012.01.14 15:53:43 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Switch Audiodatei-Konverter.lnk
[2011.12.21 14:26:02 | 000,000,473 | ---- | C] () -- C:\Users\Edo\Desktop\~kindle.lnk
[2011.12.20 20:23:54 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2011.12.10 01:52:54 | 000,002,008 | ---- | C] () -- C:\Users\Edo\Desktop\Kindle.lnk
[2011.10.26 16:08:48 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.16 21:43:07 | 000,012,314 | ---- | C] () -- C:\Users\Edo\Desktop\Evanescence - What you want.odt
[2011.10.01 18:16:58 | 001,538,358 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.29 18:29:03 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.09.29 18:25:57 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.09.29 18:25:57 | 000,281,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.09.29 18:25:56 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.09.22 01:03:58 | 000,017,684 | ---- | C] () -- C:\Users\Edo\Desktop\Jokes.odt
[2011.09.12 10:27:34 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixillion Image Converter.lnk
[2011.09.12 10:27:26 | 000,000,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2011.09.12 10:27:20 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
[2011.09.12 10:26:58 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression Software.lnk
[2011.09.07 22:05:21 | 000,000,949 | ---- | C] () -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.09.07 22:05:18 | 000,000,979 | ---- | C] () -- C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.09.07 22:00:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011.09.07 22:00:14 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011.08.14 20:19:31 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2011.08.14 20:19:31 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2011.08.14 20:19:31 | 000,035,840 | R--- | C] () -- C:\Windows\SysWow64\comdlg32.oca
[2011.08.14 20:19:31 | 000,029,184 | R--- | C] () -- C:\Windows\SysWow64\MSINET.oca
[2011.05.21 10:39:17 | 000,032,689 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.04.27 18:57:25 | 000,032,689 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011.04.20 18:44:01 | 000,217,760 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011.04.20 18:44:01 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011.04.19 09:18:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.04.19 09:18:17 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.04.19 09:17:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.04.18 21:26:04 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.04.18 09:36:27 | 000,004,608 | ---- | C] () -- C:\Users\Edo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.15 16:27:59 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2011.04.15 16:00:46 | 000,009,380 | ---- | C] () -- C:\Users\Edo\AppData\Local\d3d9caps64.dat

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 17.07.2012 18:48:53 - Run 3
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Edo\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 52,04% Memory free
7,72 Gb Paging File | 5,79 Gb Available in Paging File | 74,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 39,39 Gb Free Space | 26,43% Space Free | Partition Type: NTFS
 
Computer Name: EDO-PC | User Name: Edo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 360 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = DC A1 B6 EF 92 FE CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C13C996-D155-4FC4-80A6-16E03E50B28A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{1044269B-9E43-4EE1-A53E-E1078E1B3E1F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{12D6079D-286E-4460-A77F-A5A4D98252F5}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{1CE0ACDE-69CC-4CCB-A2B4-7A60B4307A6B}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe | 
"{1F81B01D-3FFA-491B-A132-17CA5B0E5456}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{26B9F180-785E-4E0D-9D8F-02ABD9F1FACC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{31D8B785-367B-48C7-BD4B-24BDC4E7E3A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{328366A3-AE47-4B62-A866-F84298A60659}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{356A991D-59CA-4E91-8546-3201021B6F8C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{41E74839-9036-4080-A877-2E9A701ECC6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{43F74B35-7671-4285-98BE-BA2B05F9DB49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{5A82E756-C8EA-4C00-A913-DAF0156BA98E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5EC17F1D-68EE-452E-8772-677945664034}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{5F66685D-D955-46F8-958E-C6AB54CE44B9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{6A7FDE87-3B12-413A-B232-69F5B492A452}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{705BAA73-E3D8-42DA-9C74-204A8E16AB03}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{77CAF219-B28F-43BC-828F-CC7EE453DD5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{809C0F24-5300-4938-A9CB-B381558C6154}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{8BECA6AB-6649-4ADD-93DF-DE7F611B7C6E}" = dir=in | app=c:\program files (x86)\finalmediaplayer\fmpcheckforupdates.exe | 
"{A104571C-973C-4112-B67B-3DD3E8316B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{AC651F08-DBCC-490B-96B8-1909F8A7EDBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{B9252A80-9D57-4DFA-A09F-0F7CCCCFA7ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{C4D1FFC3-9D55-4591-846C-B7E7A498F0ED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{E096A60B-0F67-464A-AB7A-4220DEBC9FF4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F5DC68DD-7926-4C4F-99B3-E974DDE3C7B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"TCP Query User{10B0429D-E161-4994-9F33-7C01812CAD91}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{1D826675-6A91-4F0C-B469-81EFBE43260D}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"TCP Query User{22C75FCE-8FCE-4F04-A619-24A03807E39E}C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe" = protocol=6 | dir=in | app=c:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe | 
"TCP Query User{2A213A73-F590-447C-9DD1-AB028A9F7B88}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | 
"TCP Query User{3ED8F565-A56C-4295-AA56-C91149BA31B9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{5E58B85D-FE45-4BC7-836F-165AF59073C6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{5ED630F6-5835-4202-9E48-A83320F417FB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{AA19A8A6-BD63-4857-AB6D-81C0B881B570}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{CE68FA51-CF8C-4DEB-AB9C-F83CC3317B2A}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=6 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe | 
"UDP Query User{19417268-5579-4D62-B089-C24CA70E6FDE}C:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe" = protocol=17 | dir=in | app=c:\program files (x86)\entropia universe\bin32\eigc\eigcc_main.exe | 
"UDP Query User{534188AB-C0BA-45A3-AB5C-BAF4CADD6E5C}C:\program files (x86)\entropia universe\bin32\entropia.exe" = protocol=17 | dir=in | app=c:\program files (x86)\entropia universe\bin32\entropia.exe | 
"UDP Query User{8047B912-94BF-4F9B-BEC2-4EDB3244F841}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{87530E5D-D32A-4A66-9C62-48A03083ED6D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{978F3FF4-273D-48A5-B63D-211CF6F7BAED}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{A284621B-8E9D-4C4B-ACB1-4E60ADB18481}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{C5858B69-090F-49A6-B078-54C2F9704B0B}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | 
"UDP Query User{D27BB8DB-9220-411A-8075-DA1F65CBE910}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | 
"UDP Query User{E0588D33-2698-402C-B470-B562396A7A42}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = 1ClickDownloader
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.60
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Entropia Universe" = Entropia Universe
"ExpressZip" = Express Zip File Compression Software
"FinalMediaPlayer_is1" = Final Media Player 2011
"Homeworld Downloadable Version" = Homeworld Downloadable Version
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"NCH_EN Toolbar" = NCH EN Toolbar
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video File Converter
"QuickPar" = QuickPar 0.9
"Switch" = Switch Audiodatei-Konverter
"SystemRequirementsLab" = System Requirements Lab
"tele.ring Verbindungsmanager" = tele.ring Verbindungsmanager
"Trusted Software Assistant_is1" = File Type Assistant
"WavePad" = WavePad Audiobearbeitungs-Software
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Funmoods Web Search" = Funmoods Web Search
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 14.06.2012 10:29:28 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 10:50:41 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.06.2012 20:18:41 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2012 04:01:28 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.06.2012 13:14:34 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2012 05:46:08 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.06.2012 07:27:08 | Computer Name = Edo-PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run()
 für die Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x6c9533a3]   Bitte Avira
 informieren und die obige Datei übersenden!
 
Error - 16.06.2012 07:28:06 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.06.2012 04:57:17 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.06.2012 03:37:40 | Computer Name = Edo-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.07.2012 09:37:47 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 16.07.2012 09:37:47 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.07.2012 10:04:02 | Computer Name = Edo-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.10 über die
 Netzwerkkarte mit der Netzwerkadresse 001D72AA0544 ist verloren gegangen.
 
Error - 16.07.2012 10:08:10 | Computer Name = Edo-PC | Source = Dhcp | ID = 1000
Description = Die Lease dieses Computers zu der IP-Adresse 192.168.0.10 über die
 Netzwerkkarte mit der Netzwerkadresse 001D72AA0544 ist verloren gegangen.
 
Error - 17.07.2012 04:20:30 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 17.07.2012 04:20:30 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.07.2012 04:20:39 | Computer Name = Edo-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{F70BBE14-FCAB-49F8-8F2D-CA20305962A0} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 17.07.2012 04:20:39 | Computer Name = Edo-PC | Source = netbt | ID = 4321
Description = Der Name "EDO-PC         :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 0.0.0.0  registriert werden. Der Computer mit IP-Adresse 192.168.0.10 
hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 17.07.2012 10:18:30 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7038
Description = 
 
Error - 17.07.2012 10:18:30 | Computer Name = Edo-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Für Hilfe bin ich wirklich dankbar

Gruß
lexnimrod

Larusso · 18.07.2012, 14:05

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lexnimrod · 18.07.2012, 21:33

hallo Daniel, danke schon mal im voraus..

hatte bei der esetsmartinstaller.exe zwei anläufe notwendig,..kam beim erstenmal die Meldung, das Programm sei nicht richtig vollständig,..beim zweiten Versuch gings, hier die Ergebnisse:

Code:

ATTFilter

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.30.0\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll	a variant of Win32/Adware.Yontoo.B application
C:\Users\Edo\AppData\Local\Babylon\Setup\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application
C:\Users\Edo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\481106b1-6519a0b3	Java/Exploit.CVE-2012-0507.CX trojan
C:\Users\Edo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\52b6f43b-180c6a6b	Java/Exploit.CVE-2012-0507.CZ trojan
C:\Users\Edo\Documents\~kindle\PL Nunn\REQ_Neko.exe	Win32/Adware.1ClickDownload.E application
C:\Users\Edo\Downloads\backups\backup-20120717-161245-989.dll	a variant of Win32/Adware.Yontoo.A application

Nach Beendigung hab ich Firewall und Avira wieder aktiviert, bevor ich wieder ins Netz zum posten gekommen bin...

Larusso · 19.07.2012, 00:26

Deinstalliere bitte BabylonToolbar

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:files
ipconfig /flushdns /c

:commands
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
Kopiere nun den Inhalt hier in Deinen Thread

Berichte mal, wie die Internetverbindung läuft

lexnimrod · 19.07.2012, 15:50

Code:

ATTFilter

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Edo\Desktop\cmd.bat deleted successfully.
C:\Users\Edo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Edo
->Temp folder emptied: 25999219 bytes
->Temporary Internet Files folder emptied: 3721647 bytes
->Java cache emptied: 164293986 bytes
->FireFox cache emptied: 164211401 bytes
->Flash cache emptied: 5640458 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48826 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 347,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07192012_164423

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Teste heute noch die Verbindung durch verschiedene Games und Videos,..Meldung bezüglich Geschwindigkeit folgt,..schon mal im Voraus Danke!

Läuft wieder wie früher! Danke für die Hilfe!

Larusso · 20.07.2012, 10:04

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
Klicke erneut OK.

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

lexnimrod · 20.07.2012, 16:33

Alles erledigt! Nochmal Danke!

Larusso · 21.07.2012, 14:13

Froh das wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Internetverbindung ist extrem langsam/Trojaner entdeckt?

Log-Analyse und Auswertung: Internetverbindung ist extrem langsam/Trojaner entdeckt?