Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
"hermes_v01" - mail account virus?

"hermes_v01" - mail account virus?


Log-Analyse und Auswertung: "hermes_v01" - mail account virus?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 21.08.2012, 13:24   #1
kamitesti
 
"hermes_v01" - mail account virus? - Standard

"hermes_v01" - mail account virus?


Hallo!

Ich habe vor kurzem von meinem Email-Provider eine Nachricht bekommen, dass mein Konto-Passwort vom Virus "hermes_v01" ausgespäht worden sei. Könnt ihr mir bitte sagen ob mein Rechner infiziert ist und wie ich ihn bereinigen kann?

Vielen Dank!

Hier die OTL logs:

OTL.txt

Zitat:
OTL logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - A:\Programme\Tools\Sicherheit\OTL.exe (OldTimer Tools)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)
PRC - A:\Programme\Vista\Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
PRC - A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
PRC - A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
PRC - C:\Windows\BisonCam\BisonHK.exe (mychat)
PRC - C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
PRC - A:\Programme\Vista\Razer\razerhid.exe ()
PRC - A:\Programme\Vista\Razer\razerofa.exe (Razer Inc.)
PRC - A:\Programme\Vista\Razer\razertra.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - A:\Programme\Vista\Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3c92d4b3ec56936eab8e17ed81940c10\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\675632907c226b0c67a2407f2ddd4bf7\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Hotkey\Hotkey.exe ()
MOD - C:\Windows\BisonCam\KBHookDLL.dll ()
MOD - A:\Programme\Vista\Razer\razerhid.exe ()
MOD - A:\Programme\Vista\Razer\razertra.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.)
SRV - (SkypeUpdate) -- A:\Programme\Vista\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirService) -- A:\Programme\Vista\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- A:\Programme\Vista\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- A:\Programme\Vista\SpybotSD\SDWinSec.exe (Safer Networking Ltd.)
SRV - (PowerBiosServer) -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe ()
SRV - (GtDetectSc) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Nero BackItUp Scheduler 3) -- A:\Programme\Vista\Nero 8\Nero BackItUp\NBService.exe (Nero AG)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (acsmux) -- C:\Windows\SysNative\DRIVERS\acsmux64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsint) -- C:\Windows\SysNative\DRIVERS\acsint64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\Drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira GmbH)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek )
DRV:64bit: - (nm3) -- C:\Windows\SysNative\DRIVERS\nm3.sys (Microsoft Corporation)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\DRIVERS\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\DRIVERS\lirsgt.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\Drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (NETw5v64) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys (Motorola Inc.)
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys (Option N.V.)
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys (Option N.V.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys (Option N.V.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes,DefaultScope = {6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\..\SearchScopes\{6CA6AB68-41B1-4F7F-BC1F-B1E0F86F91AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: A:\Programme\Vista\iPhone\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: A:\Programme\Vista\Canon Pixma\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: A:\Programme\Vista\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: A:\Programme\Vista\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: A:\Programme\Vista\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: A:\Programme\Vista\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: A:\Programme\Vista\Realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: A:\Programme\Vista\Realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: A:\Programme\Vista\Adobe\Reader 10\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.06.04 10:34:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: A:\Programme\Vista\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.01 13:51:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.2\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: A:\Programme\Vista\Firefox\components [2012.07.18 12:41:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: A:\Programme\Vista\Firefox\plugins [2012.07.05 21:10:05 | 000,000,000 | ---D | M]

[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2010.09.26 22:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.08.14 11:12:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions
[2010.04.28 13:05:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.29 19:49:22 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\if9fk0cu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

O1 HOSTS File: ([2012.04.13 17:00:47 | 000,000,835 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - A:\Programme\Vista\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe (mychat)
O4:64bit: - HKLM..\Run: [DeLay] C:\Windows\BisonCam\DeLay.exe (Bison Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] A:\Programme\Vista\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Diamondback] A:\Programme\Vista\Razer\razerhid.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] A:\Programme\Vista\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1000..\Run: [SpybotSD TeaTimer] A:\Programme\Vista\SpybotSD\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2661488324-2594523016-1501765560-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - A:\Programme\Vista\MS Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - A:\Programme\Vista\ICQ\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - A:\Programme\Vista\MS Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222095909 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.0.43.81 217.0.43.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1764FA82-2AAD-48AC-AD19-1AAF123D0AEC}: DhcpNameServer = 193.254.160.1 193.254.160.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435FDF61-F9B2-460D-BF4F-E9C93379F1C9}: NameServer = 8.8.4.4,8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9394D44A-938C-4448-84A3-437A7541EA7E}: DhcpNameServer = 217.0.43.81 217.0.43.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{07d406fd-bdc9-11df-9391-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{3037157a-aaa6-11dd-a788-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\AutoRun\command - "" = I:\mirk\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\explore\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{525fbdcc-8fe6-11df-af14-0090f58b0237}\Shell\open\command - "" = I:\mirk\\\okitab.exe
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{54d9649d-f0c6-11df-bca2-0090f58b0237}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d1-52fb-11e1-bba0-a883fb90f49d}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754d2-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell - "" = AutoRun
O33 - MountPoints2\{c76754e9-52fb-11e1-bba0-9b6e40a9e24a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{e27ffdf8-f3bc-11df-a03a-0090f58b0237}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell - "" = AutoRun
O33 - MountPoints2\{f02c40f0-56a2-11de-bfde-0090f58b0237}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GlobeTrotter Connect.lnk - C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe - (Option)
MsConfig:64bit - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: CloneCDTray - hkey= - key= - A:\Programme\Vista\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - A:\Programme\Vista\Yahoo Messenger\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - A:\Programme\Vista\Nero 8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - A:\Programme\Vista\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: RGSC - hkey= - key= - G:\Games\Vista\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
MsConfig:64bit - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - G:\Games\Vista\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012.08.18 13:48:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe
[2012.08.15 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.08.15 11:59:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012.08.13 16:08:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.13 14:59:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes
[2012.08.13 14:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.11 18:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.08.11 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\NPE
[2012.08.07 13:30:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2012.07.30 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Network Monitor 3
[2012.07.30 17:42:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2012.07.24 12:13:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\iPhone
[2012.07.21 20:39:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2012.07.21 20:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.07.21 20:39:07 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.07.21 20:39:07 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.07.21 20:39:07 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.07.21 20:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.07.21 20:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.07.21 20:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.07.21 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.07.21 20:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.07.21 16:29:51 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Suite
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.07.21 16:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.07.21 16:27:19 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2012.07.21 16:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPhone Explorer
[2012.07.21 16:24:14 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2012.07.21 16:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskAid

========== Files - Modified Within 30 Days ==========

[2012.08.18 12:59:22 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.18 12:59:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.18 12:59:07 | 008,405,015 | ---- | M] () -- C:\Windows\TmpFile1
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:59:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 12:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 12:58:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.16 14:58:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.08.15 11:59:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.08.15 11:26:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.15 11:26:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.14 10:27:53 | 000,227,904 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | M] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | M] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.08.06 19:39:41 | 001,588,952 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.06 19:39:41 | 000,682,142 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.06 19:39:41 | 000,641,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.06 19:39:41 | 000,149,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.06 19:39:41 | 000,123,016 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.06 19:39:28 | 000,144,384 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.24 10:52:35 | 003,140,283 | ---- | M] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf

========== Files Created - No Company Name ==========

[2012.08.14 10:27:53 | 000,227,904 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Schwedisch.pdf
[2012.08.14 10:27:39 | 000,231,515 | ---- | C] () -- C:\Users\Daniel\Desktop\Europa-Unfallbericht_Deutsch_Englisch.pdf
[2012.08.14 10:26:52 | 000,546,813 | ---- | C] () -- C:\Users\Daniel\Desktop\Europaeischer_Unfallbericht_04.pdf
[2012.07.24 10:52:33 | 003,140,283 | ---- | C] () -- C:\Users\Daniel\Desktop\Voegel_03-07_Spektivtest_70-75_low.pdf
[2012.06.20 11:25:39 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.06.20 11:25:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.12.14 17:25:41 | 000,000,079 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\.ettercap_gtk
[2011.09.20 11:42:37 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2011.09.20 11:42:37 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011.04.28 13:31:37 | 000,000,094 | ---- | C] () -- C:\Users\Daniel\AppData\Local\fusioncache.dat
[2011.04.28 13:29:22 | 001,568,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.04 22:22:11 | 000,002,976 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel
[2011.04.04 22:15:53 | 000,000,882 | ---- | C] () -- C:\Users\Daniel\.ufrawrc
[2010.09.16 13:50:33 | 000,090,416 | ---- | C] () -- C:\Windows\AKDeInstall.exe
[2010.09.08 17:00:33 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.06.03 21:06:18 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db
[2010.04.10 20:12:50 | 000,000,680 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat
[2009.02.08 16:37:59 | 000,000,552 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d8caps.dat
[2008.12.18 11:18:53 | 000,000,126 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.27 21:09:45 | 000,001,033 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\ShiftN.ini
[2008.09.15 23:42:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.10 18:48:34 | 000,144,384 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.10 16:18:35 | 000,001,460 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps64.dat

========== LOP Check ==========

[2008.09.17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Anthropics
[2011.11.03 11:43:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Audacity
[2011.09.06 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bio-Rad
[2011.10.04 11:37:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Bitcoin
[2012.06.23 17:18:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon
[2009.10.25 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\CD-LabelPrint
[2008.09.10 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools
[2012.07.22 16:09:02 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DiskAid
[2009.03.13 22:03:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO Labs
[2009.03.13 22:04:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DxO_Labs
[2010.09.26 22:35:41 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Flickr
[2010.09.15 00:00:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.04.04 22:22:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0
[2012.06.16 02:35:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2008.12.18 15:01:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ImgBurn
[2011.10.26 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LibreOffice
[2010.09.12 01:40:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient
[2010.09.14 16:14:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ManyCam
[2012.05.25 04:33:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details
[2009.06.11 18:28:15 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
[2009.03.13 21:59:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PACE Anti-Piracy
[2011.06.16 23:24:51 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\poclbm
[2012.04.18 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PTGui
[2011.04.03 10:55:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RawTherapeeAlpha
[2012.08.07 14:37:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\redsn0w
[2011.11.05 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\RStudio
[2012.07.21 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Software4u
[2011.11.17 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Tinn-R
[2010.09.13 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Uniblue
[2012.07.21 21:01:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions
[2012.08.18 12:58:05 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012.08.18 12:55:17 | 000,001,546 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012.08.18 12:56:33 | 000,001,665 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2012.08.18 12:56:11 | 000,000,286 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2012.08.18 12:57:23 | 000,001,482 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2009.12.13 22:21:49 | 000,000,678 | ---- | M] () -- C:\BnetLog.txt
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.09.10 17:03:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /HideShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /ShowShortcuts [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "A:\Programme\Vista\Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.07.18 12:41:15 | 000,867,736 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: A:\Programme\Vista\Firefox\firefox.exe [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -preferences [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "A:\Programme\Vista\Firefox\firefox.exe" -safe-mode [2012.07.18 12:41:15 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2011.05.19 14:18:24 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011.05.19 14:18:21 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011.05.19 14:18:25 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 72 bytes -> C:\Windows:5F0592099A32DCC0
@Alternate Data Stream - 523 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1376 bytes -> C:\ProgramData\Microsoft:2aFCTYIauh49VL3a6T3hn1x
@Alternate Data Stream - 1339 bytes -> C:\Users\Daniel\AppData\Local\pgz9ZkDlY8W:uJVY4whjdMSVr0HoJctvFpH
@Alternate Data Stream - 1334 bytes -> C:\ProgramData\Microsoft:yZvVHxMnho9TrFuHvzEft1

< End of report >
Extras.txt

Zitat:
OTL Extras logfile created on: 18.08.2012 13:47:37 - Run 4
OTL by OldTimer - Version 3.2.57.0 Folder = A:\Programme\Tools\Sicherheit
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,99 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,50% Memory free
11,94 Gb Paging File | 9,78 Gb Available in Paging File | 81,84% Paging File free
Paging file location(s): e:\pagefile.sys 8230 8230 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,79 Gb Total Space | 14,39 Gb Free Space | 24,47% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,52 Gb Free Space | 44,52% Space Free | Partition Type: NTFS
Drive G: | 68,36 Gb Total Space | 13,29 Gb Free Space | 19,45% Space Free | Partition Type: NTFS
Drive S: | 107,46 Gb Total Space | 23,66 Gb Free Space | 22,02% Space Free | Partition Type: NTFS
Drive Z: | 633,42 Gb Total Space | 249,92 Gb Free Space | 39,46% Space Free | Partition Type: NTFS

Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- A:\Programme\Vista\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "A:\Programme\Vista\MS Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- A:\Programme\Vista\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "A:\Programme\Vista\VLC\vlc-1.0.5\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 3E 1C B0 6A A9 51 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2661488324-2594523016-1501765560-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A9D8F9-727F-40B5-A1C8-137D549EE2F5}" = lport=137 | protocol=17 | dir=in | app=system |
"{1FDC75A7-3678-42B5-8C77-7215A3AB3D70}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2000FCCE-56E9-47B3-9603-0B0A2118132C}" = lport=138 | protocol=17 | dir=in | app=system |
"{25F3B178-0433-4ECD-86AD-D4C071873DC4}" = lport=445 | protocol=6 | dir=in | app=system |
"{27F0BBE8-E77B-4644-ADC1-32439D041379}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F0BEDCE-4BEF-49F3-BFEC-7BF115414BFB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{3B2C05E6-F7C2-4DE2-971B-0338BC64589C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3E5F873E-1594-4ABE-BE8E-5A42516FC4F0}" = rport=138 | protocol=17 | dir=out | app=system |
"{524FF324-190E-4503-8697-BCEC983ACBF5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6F9A149F-1E12-4443-89F7-00E48737657F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{70284FBE-7A2E-4227-934B-7BD84123AFD0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77896EB8-D669-4D03-B975-EFD4306C13C1}" = rport=139 | protocol=6 | dir=out | app=system |
"{98126AF1-83C9-400F-9304-D799B9546A23}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9B8101E1-00CD-4640-B49B-6CEE6F30E948}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{9DD04AD7-FBA1-40C5-9493-4D0B478FCDF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F408C4A-981D-420E-BE0A-6588B47A34B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9FF9B398-A7C7-4EDF-802F-93D7301EAB7C}" = rport=445 | protocol=6 | dir=out | app=system |
"{9FFE290F-9123-4377-9D76-33A92FC0204D}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{BF7F3FF4-055E-4654-9B43-8136ED845F55}" = rport=137 | protocol=17 | dir=out | app=system |
"{C03CF2ED-101F-43BB-8B62-7426734A3CDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D8BF147E-7D53-45FA-A3FE-5B93306E9376}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D96DD8B1-5AA9-443C-BC5E-6C2329B9C9C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBCF9561-9AB4-4232-B3CF-3E9FD323F479}" = lport=139 | protocol=6 | dir=in | app=system |
"{FDE2FA16-3EFA-4BAF-B7F6-62C09C4B75D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09DDC764-E218-40F5-B696-7B133421B7F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0B03262E-6968-44C4-90D1-AACBBBFC45C1}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{1078D3BB-3A27-4923-84E7-A4E8EE0B7F0A}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{11F834EF-62A8-42DB-835D-AF510DA44920}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{1A64B0AC-0FC5-45CF-9EAB-23AA981121B4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B92EE72-0EBF-4DD7-8D04-90B36DA4E806}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C790510-A155-4D1C-AFB1-7C97BD74F5B3}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{1FC7DBF4-2E2B-4AE7-828D-309A0C76FC18}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{20E2A033-6409-4925-B1CA-3F504BDEB694}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{26613B22-3198-4406-A8F5-7D8191C97C08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2A108E73-0147-4E4F-8C35-DA1F684BFA8B}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{2D6DC1CE-A4EB-49AF-8BBE-00567B0083A5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{30703650-CAF3-4885-AF29-971BFB83D740}" = protocol=6 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{31966044-CF10-473F-B9EF-C26464BF2415}" = dir=in | app=a:\programme\vista\iphone\itunes\itunes.exe |
"{360D7458-167C-49B6-9EE7-11F1C0047412}" = protocol=17 | dir=in | app=a:\programme\vista\yahoo messenger\messenger\yahoomessenger.exe |
"{382CB011-1ED4-4424-87F0-A0F8B6D5072D}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{3993FF3D-4A5A-4626-8B31-2AA03B31FE4C}" = dir=in | app=a:\programme\vista\skype\phone\skype.exe |
"{412439BA-C36B-49B9-8EFD-53A35853121E}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{4322B004-2B5F-42B2-A41F-3DD04B8A3A92}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{49EBE3C1-3B14-4E5D-A0AB-D8D2750165C1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4AFB02F4-9FF5-46CB-9BB3-0D0DB99476D7}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{517B5C67-A172-4E21-B4BC-5A844C3E50DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58B4E94D-8588-4EC9-BE0B-41F48747A24A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5DC5928C-BEE6-4B54-8AA1-54D01EB30961}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6050A661-9EA2-4921-95E2-AD93CB5AD355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6418A616-FA10-442E-8577-B6E1DF2E383B}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{67F04552-42DD-4B41-BB13-A28941A6BD57}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\rockstar games social club\rgsclauncher.exe |
"{69A5BF7D-E0B9-4953-A92D-98BE1EE946EB}" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{6E247E8F-BF3F-4AE6-8208-DB733AB4640C}" = protocol=17 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{730F4B70-CF5B-42AB-8431-B07EFA18FF9C}" = protocol=6 | dir=in | app=a:\programme\vista\iphone\iphone explorer\software4u.iphoneexplorer.exe |
"{758FF5F4-B039-4F9A-B561-13586821B039}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{75CE771B-4E20-4040-93DF-E9AC6392DFA5}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin32\crysis.exe |
"{79057D84-01F0-468F-ABF8-8C0C996F43DE}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{7BE3683F-5FE0-4021-BC9D-318D46426C07}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{7C3C64C1-92CA-453D-A1A6-AD15199F9A58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CE9F49E-B0DB-440D-ABDA-0968E746FA6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{80AC9C10-8CE9-467A-A1DA-DE7B82DDCDE2}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{8152E850-656F-417F-9510-EE65EBF66730}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{831E3C9D-CFDA-48CD-97E5-A7D851D11394}" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq7.2\icq.exe |
"{8606AE1F-B8B6-4E72-9790-9FB6E182CC7F}" = protocol=17 | dir=in | app=g:\games\vista\steam\steam.exe |
"{862618BF-ABD0-4E8C-B1F9-EADCB8093E0F}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8861A561-9378-42FE-9264-9E259B211533}" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\launchgtaiv.exe |
"{8FDC12BF-61CA-4245-AB60-A4853F7564AF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9332F4AF-F521-421B-82EC-807048E7B15F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98F2597F-F0E3-4FA0-9184-8F38B431C3D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A271B458-ECB9-4F8B-A814-F05DE0F2D532}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A5CFD30A-F1DE-469C-9B4C-ED7DAB63F609}" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq7.2\aolload.exe |
"{A6231193-6437-4717-93B6-F6B7B3256B30}" = protocol=6 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{B582AA15-4D45-4094-9564-549491F5441A}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin32\crysisdedicatedserver.exe |
"{B63E08B3-5E27-4CEE-9C3E-90814CF5D63D}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{C010C20C-12A2-4E7A-92BA-CAC082888B28}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{C7D3BB21-9498-4004-81C5-9A7D5A633809}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D7894933-AC31-4802-BACA-9EE617916873}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D9C40226-6F66-4E21-8931-7967C3538A5D}" = protocol=17 | dir=in | app=g:\games\vista\league of legends\game\league of legends.exe |
"{DD02F313-5F51-4FE6-B334-A88D1B2C8E11}" = protocol=17 | dir=in | app=g:\games\vista\kane and lynch\kaneandlynch.exe |
"{DD68EF71-0E98-46E6-9FC8-9FBF71CA3ADA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DE494ABD-9551-43BE-827D-A84C155FDFB0}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysisdedicatedserver.exe |
"{DE861B23-9040-474A-9155-F74A1101B252}" = protocol=6 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{DEE02FF0-EFD8-45A0-B487-511CBEE35170}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DF765545-F123-4DBE-8030-6932E785CB47}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{E17AC1A2-3543-404B-BA76-44365DC09FFA}" = protocol=6 | dir=in | app=g:\games\vista\league of legends\air\lolclient.exe |
"{E2019786-C9C0-4046-BBF8-9311EACCAE2E}" = protocol=17 | dir=in | app=g:\games\vista\prototype\prototypef.exe |
"{E2380AFE-9529-43CA-AA5E-59556FC31DBA}" = protocol=6 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"{E2BD1FD7-F76E-4AAC-B648-995E7D0C2A08}" = protocol=17 | dir=in | app=g:\games\vista\steam\steamapps\kamikasse\counter-strike\hl.exe |
"{E5573C7C-AA20-4DB1-B414-F493677648E3}" = protocol=6 | dir=in | app=g:\games\vista\steam\steam.exe |
"{F1714522-19F4-48AD-9339-B09DB57E63BB}" = protocol=6 | dir=in | app=g:\games\vista\steam\steamapps\common\dota 2 beta\dota.exe |
"{F8462619-D8FC-474B-AE3B-05AD045EB3FE}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{F89C17D6-A70E-43BA-98DF-9B1B1EFCD9DA}" = protocol=17 | dir=in | app=g:\games\vista\crysis\bin64\crysis.exe |
"TCP Query User{25C2C271-3445-4F90-A33A-5BDFB663676E}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{3B44605F-D5A1-4807-B32E-09BA2D3B00C8}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=6 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"TCP Query User{5384558F-5AD5-446F-BCCD-D48F824A4DB3}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{7305552F-FAA1-47D2-B104-BB395863D045}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=6 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"TCP Query User{90002CB5-0738-482D-A3D0-97A6DEE2FF32}G:\games\vista\starcraft\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"TCP Query User{9043C97D-5F0E-47E9-A79F-61C335C1F4D6}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{93444569-A651-4408-9579-0BCAF562884B}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"TCP Query User{96FF843E-98DE-40D7-9694-4A59F7129202}G:\games\vista\warcraft iii\war3.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"TCP Query User{A183DB00-B3C7-4AEF-BB57-A8F11ACE5828}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=6 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"TCP Query User{A6602194-57F6-4603-8C93-D7C279E8CA0F}A:\programme\vista\emule\emule.exe" = protocol=6 | dir=in | app=a:\programme\vista\emule\emule.exe |
"TCP Query User{BCDB0903-81DB-4142-A63B-8B4583BC775A}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"TCP Query User{CD225332-F4AD-4BE8-8D55-0B56B66279FD}G:\games\vista\starcrafteng\starcraft.exe" = protocol=6 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"TCP Query User{CE958C00-AC71-4DBA-A68F-16065C154EE8}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=6 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"TCP Query User{EB12B6F9-01AA-45BA-B0B9-7384C0413FB9}G:\games\vista\russencs\hl.exe" = protocol=6 | dir=in | app=g:\games\vista\russencs\hl.exe |
"TCP Query User{F62EEC69-CD9D-43B8-A0A8-3AF6AFED21B5}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"TCP Query User{F9923728-1B16-4425-A131-052F0CA786F4}A:\programme\vista\icq\icq6\icq.exe" = protocol=6 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{02BDEDBE-10DA-43B1-A56A-73FE6CE4DC57}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |
"UDP Query User{0350A96B-3808-4411-80FD-9B960FDA2EB5}G:\games\vista\russencs\hl.exe" = protocol=17 | dir=in | app=g:\games\vista\russencs\hl.exe |
"UDP Query User{128A273B-F7AD-4EE9-AA83-4A4CAEED68D5}G:\games\vista\sid meier's civilization 4\civilization4.exe" = protocol=17 | dir=in | app=g:\games\vista\sid meier's civilization 4\civilization4.exe |
"UDP Query User{2B6CB25F-4430-46E5-A750-D5EF0A1F215B}G:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=g:\games\vista\rockstar games\gta iv\grand theft auto iv\gtaiv.exe |
"UDP Query User{46920A0C-CB60-427F-97D0-052CD64863E1}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{4FD0244E-94CE-4A18-B3F4-5DA5839B087D}G:\games\vista\starcrafteng\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcrafteng\starcraft.exe |
"UDP Query User{5650E9F3-1372-4122-8F9C-32BCEAC4E623}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{565FD11A-A8BB-40BF-B6CB-AAB2D635E0B2}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{5A17150F-2890-4F89-A668-D2FFFD6A6AD3}A:\programme\vista\icq\icq6.5\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6.5\icq.exe |
"UDP Query User{6031DD7E-2D38-4FF9-9BA3-E5DE561CF643}S:\my data\downloads\downloader_starcraft_combo_enus.exe" = protocol=17 | dir=in | app=s:\my data\downloads\downloader_starcraft_combo_enus.exe |
"UDP Query User{825CE9D1-B22B-4E12-9C69-B589B3E55143}A:\programme\vista\icq\icq6\icq.exe" = protocol=17 | dir=in | app=a:\programme\vista\icq\icq6\icq.exe |
"UDP Query User{A265DB6F-66E5-4E21-90C4-FCCF2FD336C5}G:\games\vista\warcraft iii\war3.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\war3.exe |
"UDP Query User{D23220A6-FEB3-49A3-BD2E-4D137CCD1555}A:\programme\vista\emule\emule.exe" = protocol=17 | dir=in | app=a:\programme\vista\emule\emule.exe |
"UDP Query User{E80AAA66-9EBB-4FB2-B384-28AEF9DE6449}G:\games\vista\starcraft\starcraft.exe" = protocol=17 | dir=in | app=g:\games\vista\starcraft\starcraft.exe |
"UDP Query User{FA20537C-F71A-4C13-A3EB-485537F0F592}G:\games\vista\soldier of fortune payback\sof3.exe" = protocol=17 | dir=in | app=g:\games\vista\soldier of fortune payback\sof3.exe |
"UDP Query User{FE3B5E0E-FE5F-4433-A750-C5D2FBD062C7}G:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe" = protocol=17 | dir=in | app=g:\games\vista\warcraft iii\listchecker\pickup.listchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5C820C43-917F-4A1E-A8CB-F699A73F8AB7}" = AxCrypt 1.7.1878.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60C70D2F-28B7-4654-BBFA-C932BAA4A9E6}" = GlobeTrotter Connect
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{AA45E50C-1447-48CD-9B49-61B82ED1F95C}" = Adobe Photoshop Lightroom 2.3 64-bit
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA2B617F-EE1D-4201-9E3C-E3ECD5DEAC39}" = Topaz Adjust (64-bit)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4435-7533-6274-7601" = Geneious 5.6.2
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"ProInst" = Intel PROSet Wireless
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro for Photoshop CS
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = BisonCam
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50FC1CE8-FF32-4F3B-B654-050DD6ECD474}" = EXIFeditor
"{53DA6CFE-7CDE-4F72-9E23-39AAC686DE17}" = iPhone Folders
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59C2E0E4-0859-4EC1-BCD3-53DBCEFE7AFA}" = Topaz Adjust
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B0D20D7-AA12-4FC8-9A4A-AF722F430738}_is1" = EOS Camera Movie Record 0.3.1 Beta
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B6EF732-A621-4BAB-A695-CEF6C76B46F2}" = Ettercap
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7821C7B2-7E21-4CF3-925B-58B6A8BC6311}" = LibreOffice 3.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8726B95C-F494-4C7B-8773-7A1943D69C4E}" = Bio-Rad CFX Manager 2.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97937CFF-85CE-4534-A843-1DB5C15CF581}" = ImagingPam
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B047C9CE-1B9B-45A9-89A0-7E6F81C16FEF}" = Camtasia Studio 6
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA2E30B9-5D7B-46C4-8C04-B1EFA7BBA23E}" = Lucis Pro
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD4A059-C381-4548-B4F1-564F21A64415}" = Bio-Rad iQ5 2.1 Standard Edition
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C576C82C-EE87-11D6-B031-0000CB597465}" = A.F.7 Merge your files 1.3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D75B5A39-C686-421C-B2BE-FDF9574662E1}" = Cisco AnyConnect Secure Mobility Client
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA86503D-AAA4-4AB1-B872-ED1360A0424C}" = A.F.6 Split your files 2.2
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE4CF159-4AD2-4754-BDA0-5FB088C8B58B}" = Razer Diamondback
"{E4511CEC-2E60-4076-95B6-0E193269EB86}" = MicroMachines V4
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66B9ED8-DB45-4A0C-BE7B-513BE9E28226}" = ASTERICS 3.3.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AVIcodec" = AVIcodec (remove only)
"Avira AntiVir Desktop" = Avira Free Antivirus
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon iP4700 series Benutzerregistrierung" = Canon iP4700 series Benutzerregistrierung
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carl Zeiss LSM Image Browser" = LSM Image Browser, Release 4.2
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CloneCD" = CloneCD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"DiskAid_is1" = DiskAid 5.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"DPP" = Canon Utilities Digital Photo Professional 3.9
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Ettercap 0.7.4" = Ettercap-0.7.4
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Exif Tag Remover_is1" = Exif Tag Remover 3.01
"FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps (remove only)
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"ImagingPam" = ImagingPam
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"ManpWIN_is1" = ManpWIN version 3.01i
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox (3.0.2)" = Mozilla Firefox (3.0.2)
"MyCamera" = Canon Utilities MyCamera
"Neat Image_is1" = Neat Image v5 Demo (with plug-in)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Photomatix Pro_is1" = Photomatix Pro version 2.5.4
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"PTGui" = PTGui Pro 9.0
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RStudio" = RStudio
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"SecureW2 TTLS Client" = SecureW2 TTLS Client 3.2.0 for Windows Vista BETA1
"ShiftN_is1" = ShiftN 3.3
"simple1_is1" = Photomatix Tone Mapping Plug-In version 1.0
"simple2_is1" = Tone Mapping Plug-In 1.2
"SMAC 2.7" = SMAC 2.7
"StarCraft" = StarCraft
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"SystemRequirementsLab" = System Requirements Lab
"Tinn-R_is1" = Tinn-R 2.3.7.1
"Totalcmd" = Total Commander (Remove or Repair)
"UFRaw_is1" = UFRaw 0.17
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.8
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.8
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.13.1.0b
"waterMark V2" = waterMark V2
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 5.54
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.54
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.2.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"Z-defragRAM" = Z-defragRAM
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2661488324-2594523016-1501765560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bitcoin" = Bitcoin
"CopyTrans Suite" = Nur Entfernen der CopyTrans Suite möglich
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Warcraft III" = Warcraft III: All Products

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:02:16 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

Error - 18.08.2012 07:32:15 | Computer Name = Daniel-PC | Source = ESENT | ID = 412
Description = wuaueng.dll (448)SUS20ClientDataStore: Die Kopfzeile der Protokolldatei
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log konnte nicht gelesen werden.
Fehler -546.

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.08.2012 12:38:25 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 16.08.2012 05:17:06 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 16.08.2012 12:15:02 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 06:50:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 07:06:34 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 17.08.2012 13:45:22 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 17.08.2012 15:06:47 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:07:05 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 18.08.2012 06:58:04 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 18.08.2012 06:59:26 | Computer Name = Daniel-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


[ System Events ]
Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 17.08.2012 13:45:17 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 17.08.2012 13:45:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:29 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 18.08.2012 06:06:59 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:12 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 18.08.2012 06:59:20 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Alt 21.08.2012, 16:40   #2
markusg
/// Malware-holic
 
"hermes_v01" - mail account virus? - Standard

"hermes_v01" - mail account virus?


hi
öffne Malwarebytes poste alle berichte bitte.
__________________

__________________
Alt 21.08.2012, 18:52   #3
kamitesti
 
"hermes_v01" - mail account virus? - Standard

"hermes_v01" - mail account virus?


Danke für die schnelle Antwort. Malwarebytes hat nichts gefunden. Es könnte auch sein dass ein anderer Rechner den ich auch ab und zu nutze das Problemkind ist.

Hier erstmal das Malwarebytes log:

Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.21.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniel :: DANIEL-PC [administrator]

21.08.2012 19:43:56
mbam-log-2012-08-21 (19-43-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221242
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
__________________
Alt 22.08.2012, 16:02   #4
markusg
/// Malware-holic
 
"hermes_v01" - mail account virus? - Standard

"hermes_v01" - mail account virus?


dann poste otl logs von andern pc.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu "hermes_v01" - mail account virus?
adwcleaner, antivir, avira, bonjour, delay.exe, desktop, downloader, entfernen, error, firefox, flash player, google earth, grand theft auto, helper, helper.exe, hermes_v01, hijack, hijackthis, home, iexplore.exe, league of legends, logfile, nvidia update, object, office 2007, pando media booster, plug-in, realtek, registry, registry cleaner, safer networking, scan, security, software, svchost.exe, teamspeak, total commander, virtualbox, virus, vista


« BUNDESPOLIZEI - Ihr Computer wurde gesperrt | Weisser Bildschirm Trojaner, OTL-Logfile erstellt »


Ähnliche Themen: "hermes_v01" - mail account virus?


  1. Bekomme massen E-Mail "This message was created automatically by mail delivery software."
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (2)
  2. Virus E-Mail "UPS" mit IPhone geöffnet
    Smartphone, Tablet & Handy Security - 06.03.2015 (3)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Mail-Account gehackt, nun "spontane Fenster" mit Aufforderung der Passworteingabe, Ausgangsserver verändert, Kaspersky findet nichts
    Log-Analyse und Auswertung - 20.11.2014 (14)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. "Dark Mail Alliance" arbeitet an abhörsicherer Mail
    Nachrichten - 31.10.2013 (0)
  7. Unmengen "Undeliverable Mail"-Eingänge, mail-Account jetzt gesperrt
    Log-Analyse und Auswertung - 15.10.2013 (9)
  8. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  9. E-Mail "Mail Delivery System" hundertfach im Posteingang
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (13)
  10. "hermes_v01" - Email von web.de
    Log-Analyse und Auswertung - 18.08.2012 (1)
  11. Evtl. Fehlalarme bzgl. "hermes_V01" in Verbindung mit Firefox?
    Diskussionsforum - 07.08.2012 (2)
  12. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  13. Avira hat "EXP/JAVA.Ternub.Gen" gemeldet und es wurde eine Spam Mail vom GMX Account versendet
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (8)
  14. Account "Gehackt", evtl. ein Virus o.ä!
    Log-Analyse und Auswertung - 12.05.2012 (5)
  15. GEMA Trojaner aus Link in E-Mail erworben;Bildschirm zeigt "PC ist gesperrt" an "lt.Gema"
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. Heute schon über 30 "Mail Delivery System "Mail Delivery System" Mail bekommen
    Log-Analyse und Auswertung - 26.05.2008 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "hermes_v01" - mail account virus? - Hallo! Ich habe vor kurzem von meinem Email-Provider eine Nachricht bekommen, dass mein Konto-Passwort vom Virus "hermes_v01" ausgespäht worden sei. Könnt ihr mir bitte sagen ob mein Rechner infiziert ist - "hermes_v01" - mail account virus?...
Archiv
Du betrachtest: "hermes_v01" - mail account virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131