GVU Trojaner

cosinus · 25.01.2013, 15:52

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Trummel · 25.01.2013, 16:35

So das habe ich durchgeführt.
Denke hat nichts zubeteuten als ich ComboFix gestartet habe kam von Antivira (war Deaktiviert) ein kleines Fenster unten rechts.
Laut Ereignisse in Antivira mit folgendem Wortlaut
[Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry blockiert.]

Gruß

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-24.02 - ***** 25.01.2013  16:18:13.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2618 [GMT 1:00]
ausgeführt von:: c:\users\*****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-25 bis 2013-01-25  ))))))))))))))))))))))))))))))
.
.
2013-01-25 15:21 . 2013-01-25 15:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-25 13:43 . 2013-01-15 01:45	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{81271175-1D3E-430C-93A7-BE16A3E0DF13}\mpengine.dll
2013-01-24 21:47 . 2013-01-24 21:47	--------	d-----w-	C:\_OTL
2013-01-22 22:05 . 2013-01-22 22:05	--------	d-----w-	c:\users\*****\AppData\Roaming\Indicium Technologies
2013-01-22 22:04 . 2013-01-22 22:04	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2013-01-22 22:04 . 2013-01-22 22:05	--------	d-----w-	c:\program files (x86)\Microsoft SQL Server Compact Edition
2013-01-22 22:01 . 2013-01-22 22:07	--------	d-----w-	c:\users\*****\AppData\Roaming\EveHQ
2013-01-22 21:46 . 2013-01-22 21:46	--------	d-----w-	c:\users\*****\AppData\Local\EveMeep3
2013-01-22 21:33 . 2013-01-22 21:33	--------	d-----w-	c:\users\*****\AppData\Roaming\EVEMon
2013-01-20 17:52 . 2013-01-20 17:52	--------	d-----w-	c:\users\*****\.salem
2013-01-20 17:51 . 2013-01-22 20:48	--------	d-----w-	c:\users\*****\Salem
2013-01-11 04:13 . 2013-01-11 04:13	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-11 04:13 . 2013-01-11 04:13	95184	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 04:13 . 2013-01-11 04:13	--------	d-----w-	c:\program files (x86)\Java
2013-01-09 22:32 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 22:32 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 22:32 . 2012-11-01 05:43	2002432	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 22:32 . 2012-11-01 05:43	1882624	----a-w-	c:\windows\system32\msxml3.dll
2013-01-09 22:32 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\SysWow64\msxml6.dll
2013-01-09 22:32 . 2012-11-01 04:47	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2013-01-09 22:32 . 2012-11-20 05:48	307200	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 22:32 . 2012-11-20 04:51	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2013-01-09 22:32 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 22:32 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-01 23:05 . 2013-01-01 23:05	--------	d-----w-	c:\program files (x86)\Microsoft XNA
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 04:13 . 2012-07-13 20:52	859072	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-11 04:13 . 2011-09-13 17:51	779704	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-10 02:02 . 2011-09-07 13:56	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-30 18:52 . 2012-02-17 18:44	111928	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-30 18:21 . 2012-02-17 18:44	111928	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 17:11 . 2012-12-21 20:51	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 20:51	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:51	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 20:51	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-15 00:03 . 2012-02-17 18:44	280792	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-12-14 23:27 . 2012-02-17 18:43	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-12-13 19:49 . 2012-12-08 14:51	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-13 19:49 . 2012-12-08 14:51	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-11-16 19:17 . 2012-12-08 14:51	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-14 07:06 . 2012-12-13 20:55	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 20:55	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 20:55	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 20:55	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 20:55	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 20:55	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 20:55	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 20:55	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 20:55	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 20:55	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 20:55	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 20:55	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 20:55	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 20:55	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 20:55	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 20:55	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 20:55	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 20:55	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 20:55	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 20:55	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 20:55	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 20:55	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 19:54	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 19:54	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 19:54	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 19:54	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-13 384800]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-09-07 79360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-09 270912]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-13 85280]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26380439
*NewlyCreated* - ASWMBR
*Deregistered* - 26380439
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 20:58]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\h6wwgarx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BattlEye - e:\arma 2battleye\UnInstallBE.exe
AddRemove-BattlEye for A2 - e:\arma 2battleye\UnInstallBE.exe
AddRemove-EVE - e:\eve online\Uninstall.exe
AddRemove-Steam App 203770 - e:\steam\steam.exe
AddRemove-Steam App 205610 - e:\steam\steam.exe
AddRemove-Steam App 58610 - e:\steam\steam.exe
AddRemove-Steam App 72850 - e:\steam\steam.exe
AddRemove-Steam App 91310 - e:\steam\steam.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-25  16:22:51
ComboFix-quarantined-files.txt  2013-01-25 15:22
.
Vor Suchlauf: 3.373.240.320 Bytes frei
Nach Suchlauf: 3.389.693.952 Bytes frei
.
- - End Of File - - 57ACD9F3813282825498F3FEA7D05E1B

--- --- ---

cosinus · 26.01.2013, 18:50

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Trummel · 26.01.2013, 20:33

Hallo

Code:

ATTFilter

# AdwCleaner v2.108 - Datei am 26/01/2013 um 20:30:50 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0.1 (de)

Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\h6wwgarx.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [727 octets] - [26/01/2013 20:30:50]

########## EOF - C:\AdwCleaner[R1].txt - [786 octets] ##########

cosinus · 26.01.2013, 22:15

Sieht gut aus

Eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Trummel · 26.01.2013, 22:38

Hört sich ja gut an

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.01.2013 22:41:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,24% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 3,20 Gb Free Space | 4,29% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 299,56 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 0D FD F7 60 6D CC 01  [binary data]
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.12 10:51:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.18 11:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.05.26 14:13:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\h6wwgarx.default\extensions
[2011.12.11 22:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.12 10:51:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.10.12 10:51:28 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.03 20:58:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.12 10:51:27 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.03 20:58:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.12 10:51:27 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012.07.03 20:58:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.03 20:58:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.03 20:58:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.24 22:52:15 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1890510484-2314157509-767822104-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5C3E0F8-1104-4CA2-92CA-EA220DE1FC9F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.26 15:05:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.25 16:22:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.25 16:17:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.25 16:17:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.25 16:17:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.25 16:17:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.25 16:17:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.25 15:59:51 | 005,026,656 | R--- | C] (Swearware) -- C:\Users\*****\Desktop\ComboFix.exe
[2013.01.25 15:17:16 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe
[2013.01.25 14:53:41 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2013.01.24 22:47:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.01.24 16:52:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.01.22 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Indicium Technologies
[2013.01.22 23:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.01.22 23:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.01.22 23:02:25 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\EveHQ
[2013.01.22 23:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EveHQ
[2013.01.22 23:01:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\EveHQ
[2013.01.22 22:46:57 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\EveMeep3
[2013.01.22 22:45:27 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\EveMeep
[2013.01.22 22:44:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evemeep3
[2013.01.22 22:33:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\EVEMon
[2013.01.22 22:33:13 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVEMon
[2013.01.22 21:37:20 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Custom Salem Updater
[2013.01.22 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2013.01.20 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\*****\.salem
[2013.01.20 18:51:48 | 000,000,000 | ---D | C] -- C:\Users\*****\Salem
[2013.01.14 13:29:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoH Community Mappack
[2013.01.11 05:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.11 05:13:53 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 05:13:50 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 05:13:50 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 05:13:50 | 000,095,184 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 05:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.01.11 00:44:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blitzkrieg Mod
[2013.01.09 23:32:49 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 23:32:49 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 23:32:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 23:32:39 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.02 00:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.26 22:29:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.26 20:30:02 | 000,578,255 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe
[2013.01.26 15:12:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.26 15:12:22 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.26 15:09:29 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.26 15:09:29 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.26 15:09:29 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.26 15:09:29 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.26 15:09:29 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.26 15:05:15 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.26 15:05:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.26 15:05:05 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.26 01:42:04 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.26 01:36:48 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.25 16:00:07 | 005,026,656 | R--- | M] (Swearware) -- C:\Users\*****\Desktop\ComboFix.exe
[2013.01.25 15:17:16 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe
[2013.01.25 15:13:35 | 000,000,512 | ---- | M] () -- C:\Users\*****\Desktop\MBR.dat
[2013.01.25 14:54:37 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe
[2013.01.24 22:52:15 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013.01.24 16:52:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.01.22 23:01:45 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\EveHQ.lnk
[2013.01.22 22:46:55 | 000,000,963 | ---- | M] () -- C:\Users\*****\Desktop\EveMeep3.exe - Verknüpfung.lnk
[2013.01.22 21:37:20 | 000,002,173 | ---- | M] () -- C:\Users\*****\Desktop\Custom Salem Updater.lnk
[2013.01.22 19:58:27 | 000,001,132 | ---- | M] () -- C:\Users\*****\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk
[2013.01.22 19:17:51 | 000,000,201 | ---- | M] () -- C:\Users\*****\Desktop\Total War SHOGUN 2.url
[2013.01.16 13:42:28 | 000,000,000 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp
[2013.01.16 13:30:43 | 000,000,000 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp
[2013.01.16 13:07:21 | 000,000,000 | ---- | M] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp
[2013.01.11 05:13:46 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.11 05:13:46 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.11 05:13:46 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.01.11 05:13:46 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.01.11 05:13:46 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.01.11 05:13:46 | 000,095,184 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.01.11 00:50:20 | 000,000,671 | ---- | M] () -- C:\Users\*****\Desktop\Blitzkrieg Mod.lnk
[2013.01.10 15:23:39 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 03:07:04 | 001,590,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.01 23:18:05 | 000,000,202 | ---- | M] () -- C:\Users\*****\Desktop\Terraria.url
 
========== Files Created - No Company Name ==========
 
[2013.01.26 20:30:02 | 000,578,255 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe
[2013.01.25 16:17:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.25 16:17:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.25 16:17:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.25 16:17:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.25 16:17:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.25 15:13:35 | 000,000,512 | ---- | C] () -- C:\Users\*****\Desktop\MBR.dat
[2013.01.22 23:01:45 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\EveHQ.lnk
[2013.01.22 22:46:55 | 000,000,963 | ---- | C] () -- C:\Users\*****\Desktop\EveMeep3.exe - Verknüpfung.lnk
[2013.01.22 19:57:25 | 000,001,132 | ---- | C] () -- C:\Users\*****\Desktop\Civ4BeyondSword.exe - Verknüpfung.lnk
[2013.01.22 19:17:50 | 000,000,201 | ---- | C] () -- C:\Users\*****\Desktop\Total War SHOGUN 2.url
[2013.01.20 18:51:48 | 000,002,173 | ---- | C] () -- C:\Users\*****\Desktop\Custom Salem Updater.lnk
[2013.01.16 13:42:28 | 000,000,000 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_42_28.775139.dmp
[2013.01.16 13:30:43 | 000,000,000 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351504843-2013-01-16 13_30_43.780445.dmp
[2013.01.16 13:07:21 | 000,000,000 | ---- | C] () -- C:\Users\*****\Documents\ts3_clientui-win64-1351090895-2013-01-16 13_07_21.264356.dmp
[2013.01.11 00:44:26 | 000,000,671 | ---- | C] () -- C:\Users\*****\Desktop\Blitzkrieg Mod.lnk
[2013.01.02 00:04:39 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.01 23:18:05 | 000,000,202 | ---- | C] () -- C:\Users\*****\Desktop\Terraria.url
[2012.12.24 01:47:30 | 000,000,218 | ---- | C] () -- C:\Users\*****\.recently-used.xbel
[2012.07.04 06:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.04 06:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.22 17:09:21 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.17 19:44:28 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.17 19:43:20 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.28 16:16:14 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{09D142B4-77A4-422D-B189-37377C6E1C0C}
[2012.01.26 18:48:17 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{FB9017D5-3234-4A21-AF85-B52229339836}
[2011.12.10 14:28:20 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{D5F8C78D-0B4F-4534-8DB6-9A0E362D4C55}
[2011.12.10 14:27:19 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\{08C478D6-61CE-4DA4-96C4-A325A98F0A94}
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.07 14:19:46 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.09.07 14:19:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.09.07 14:13:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.03 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2012.03.01 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft - Kopie
[2012.03.04 16:16:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft versionen
[2013.01.24 12:01:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.purple
[2012.01.20 06:42:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.spoutcraft
[2012.01.09 19:05:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.spoutcraft - Kopie
[2012.10.12 18:54:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.techniclauncher
[2011.09.11 17:38:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ArmA II Launcher
[2012.01.09 11:29:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\bandicraft
[2012.06.22 17:53:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CPUControl
[2011.09.09 19:54:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DAEMON Tools Lite
[2013.01.22 23:07:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EveHQ
[2013.01.22 22:33:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EVEMon
[2012.12.23 19:57:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2013.01.26 20:35:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2013.01.22 23:05:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Indicium Technologies
[2012.05.06 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Kalypso Media
[2011.09.11 14:17:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2013.01.23 01:19:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Mumble
[2012.01.09 19:05:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Neuer Ordner
[2011.10.08 12:06:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2012.07.13 19:20:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-updater
[2011.09.11 12:34:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\six-zsync
[2012.11.04 18:51:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Tropico 4
[2013.01.26 15:50:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2012.07.12 09:25:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay
[2012.07.12 10:22:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TSNotifier
[2012.07.30 22:39:00 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\wargaming.net
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.01.2013 22:41:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,24% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 3,20 Gb Free Space | 4,29% Space Free | Partition Type: NTFS
Drive E: | 74,53 Gb Total Space | 1,95 Gb Free Space | 2,62% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 299,56 Gb Free Space | 64,32% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{139F78A3-D2BD-4EE3-BAD1-DEEE355E250F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1C62CBE9-32A7-4FA9-BBCE-DF7FA3D5F913}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2DF023C3-3582-4B95-BFF6-B8909F7E592F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2F5CFF07-6687-44CD-A5BE-E2AC6C5D035C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3B50607C-DF3A-436A-9A46-E585F5428DFE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{419A1ACF-9ED2-49C6-A15B-AD1FD640BE0A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4ADAA2A6-3BA6-4CD2-98A9-7E245745CA17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61CF8174-1465-44A7-AE64-DBB235767A8D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{883CC362-74AF-4A18-A408-6A10FDEA5AE0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A251CA62-F4EF-4174-9631-E14EC31B5F73}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A7335B2B-536A-44A2-B7F3-A1E86038E640}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AFCC71E5-8EB0-4B2F-B30D-48FCC148A061}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B30B2F3B-F795-4674-A97B-5118392AE1F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C1616ACE-159C-4706-8F68-452B5CB3E052}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF073729-EF52-4D68-B58B-D36A3F07A07D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E280B208-40CE-4900-8E7D-EEBDF516F985}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3ACCDC5-4ADD-4471-AAE2-0A990F863B51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E767E4BC-850B-4EA8-89BF-1BFCFEB90F0E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F4B8B32A-C8AD-493F-9AE4-7982E535A2A5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F6BB4128-8AC5-4D5F-98FA-0D9A4CE53786}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FDACD1EC-7555-4227-9422-EB305B24DF3D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08A9BFDE-0679-49D8-9472-71F359B29688}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{08FC2ECE-4281-4B3B-86E3-9AC37FB6CD28}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0BB3A01C-1857-4EC0-8A56-C18DD8418F0A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0F99D00E-B418-4052-82F9-E499A1C2F13C}" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe | 
"{136A9FEB-85FD-46D6-B0CE-5875F499C567}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{13996990-E216-4833-87C7-F1FA6F1C66F0}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe | 
"{13DD0DB7-3536-4252-B8DC-ADC7F8F0B651}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe | 
"{153F667D-8F98-4A53-AB81-C30B99662DA3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1554F6B7-EFFD-474F-8A8D-0FC3F8EC723B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{16BE248E-C876-4C6D-BA5F-4BFBE9801692}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1954F571-C1A6-43D6-9F2E-F1C68D115853}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B347EC9-0F1D-4976-A144-657DA861668A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{1EC2C1FD-386B-4C1D-9B1E-279B2B514380}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{23E3F041-96E2-4482-8D08-6C426EB345E3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{243E59F2-3933-4F30-BA24-3C61C941098A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{266FB3AB-A7F5-440F-8DAB-247571FC5E56}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{273B5475-11A5-42CE-A7A6-BBDC42B93768}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{2ED81BB3-2D49-45EF-B5BA-3884519743FF}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{3760A398-A872-435E-9BFC-BD7EF7AF7516}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\launchpad.exe | 
"{38878D4A-0039-4662-9B70-8D7DF74509C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3896F4F1-7C49-423B-9864-5D757E073359}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{3ADF36EB-EB2E-411A-A9BC-E49D54B0BD84}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{3BB83ED7-659D-4A0A-8F15-0800F5547FE4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{3D050C5D-6F8A-4829-AB7B-A892AD8AA668}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{3F610F2A-E26A-4904-A078-7B86B869D2AF}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{4300E751-42DF-418B-8A22-61017875700D}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{43296787-5F79-4D49-B88D-2B1080F4E1FA}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{4496CA7A-4202-47BD-809A-634F7E42C8A2}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{4589C2FD-E257-4DDF-B5C9-A38D5D7C7943}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe | 
"{460C7E10-988D-446F-80ED-D82CEB21E7AA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{4829A766-5229-46EA-BE3D-7CBA1D2EB95D}" = protocol=6 | dir=in | app=e:\civ 4\civilization4.exe | 
"{4867FB36-2898-4142-A39B-A8079307457D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{49655377-0BAB-4BA5-A19A-A911C4276043}" = protocol=6 | dir=in | app=e:\arma 2\arma2oa.exe | 
"{4A8CDC66-3B7C-4561-863D-CB1406BE0A66}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{4B7E2D7F-F700-42E6-ACC5-DE19C617E6A2}" = protocol=17 | dir=in | app=c:\spiele\bf2\bf2.exe | 
"{4BFF976D-62AD-459B-9461-595ABCA5E099}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\options.exe | 
"{4E5349F4-EF9B-460E-8BA5-FC83FF70E4E4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\tow.exe | 
"{503ECACA-7531-4EF5-920D-F023E7C8B30B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{51B9E7B7-2E1C-44DC-8C59-F5BC4146F4A0}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{54460D41-6959-4B73-AEC7-83C355CCFA37}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{54A2FBF1-D4B5-4638-AE5A-5B60B1FBF396}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe | 
"{560A0C0E-74A5-4A99-8706-6D16EBEBBF39}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe | 
"{57569D64-DEFE-40B0-A985-0D5FFF3EACF8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{57E93041-D3BD-4174-8133-2686164BD7BE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\towsetup.exe | 
"{599CC9AA-FD57-4EDC-A3B8-4FAB27D5E853}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe | 
"{59FBD013-D725-4C23-B93E-62E22278C321}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{5B3A6FB1-C7F6-4D6A-ADC3-C354D4274D0B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{5B75F581-2CF9-45CC-9ED1-97355222CC1A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{630D02D6-9849-45C9-8F9F-194A30663DCE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{658A7110-06E1-44AD-874B-EAB78F020ABB}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{6D568D21-8A5B-4852-9166-8904C5D45132}" = protocol=17 | dir=in | app=e:\arma 2\arma2oa.exe | 
"{6DE6E7E8-0323-4371-9CB7-BB204906BCBF}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{6EB597AA-C763-45B9-801B-E43356AA3F44}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe | 
"{73C08667-3533-4FFC-95C8-7DE60183A4CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{754B692B-EA43-4AFA-8FE2-12992F67AC6B}" = protocol=6 | dir=in | app=e:\coh\reliccoh.exe | 
"{77343666-791D-4BCB-BB03-89DE86CDEC10}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{775828F7-CF91-4F2D-BE8D-4F83736BE2E8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{78EFE8DA-3609-4A7E-936B-2D82E4D87430}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{7DFED31F-1DFA-4CC3-8D36-47CEC4511852}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war 2 africa 1943\africa1943.exe | 
"{8075B66C-FA3C-44C3-8E47-9546881288C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{81EA2F37-8B69-4105-87EF-447764EDECEE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{83BE40A6-8075-4779-B8EB-954D0301BF59}" = protocol=6 | dir=in | app=c:\spiele\bf2\bf2.exe | 
"{84F116F8-8608-4133-ACE7-B5DDB48CD9D4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{86FE9660-6348-43B2-BC85-35C2F08E4FA9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{8A058070-33A3-4E84-9EC7-6E277C8412AF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8C303989-3975-4A49-91AA-98DFE5032C8E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{8C3E65E3-FE4B-4359-A6B5-761269CCA418}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{8EEC9FE5-9F89-4E8E-B2E8-D55823B0B2DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F268563-AE64-482B-819F-8CB94855CE55}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\men of war assault squad\mow_assault_squad.exe | 
"{902E8B7E-EF44-4EFE-A023-CEDB954D6A65}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{90930351-A6AE-4371-A492-4EF4B9BC6161}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{90A91AE0-6827-48AF-9863-EB586D66D23C}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"{93DCB4FD-ADCB-40DE-ABA9-AAE5FBD6EFDB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{95902940-C006-4713-95B7-BC3E263D6DF9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{974FB648-CAA6-4946-BE2E-455FD4506D0B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{97FC5D22-35F5-46F7-AA43-62378B325D94}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{9DC842DB-69BE-4A2A-97AE-FADA4CA6025D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{9DE3516E-F201-40B9-BDF7-713232FB75EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9DF87F72-FBF1-487A-AEE7-D6BA0D7C1083}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9E828F32-D3E4-4466-9588-9407CAB14E19}" = protocol=17 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
"{A1535A48-62FE-42A7-99FC-35B80763AD9D}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{A2AB3BE4-98CC-4FC1-87F1-F7A197FDEFBD}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{A2B2D3A8-8EA6-4884-B495-BEACA937C17B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{A4CBFB12-8A3F-4406-A978-B6BFE998D96E}" = protocol=6 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe | 
"{A55174C2-3CDF-4C98-A22D-F6886C2EE164}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A5966CDC-CC4C-4CC7-917D-F1E5386B7AAA}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{A7022298-E07E-4B65-AF6B-25499A46E902}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\missiongen.exe | 
"{A7980DE4-7419-4DE2-B113-D40AB9C2F3DD}" = protocol=17 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword_pitboss.exe | 
"{A7FF47A7-737A-4B6B-8466-46EAE38DB3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{A8CBE96F-8530-4A88-86FE-A45D8407CD89}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A93BA15A-4336-4824-A683-432B11E0723D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{A9AA580D-278F-42B9-961B-A50F4559B155}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{AA693B6A-6B6B-4804-98DF-6990232489B4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{B1DEC078-6478-489F-B641-CA5DAA7F43A4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\endless space\endlessspace.exe | 
"{B2BDE698-F4A9-4EBA-9239-642859C46EEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B505BAFC-4CF2-459C-BA5D-277B66A8729C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B8C88A02-BB6C-49BD-AD15-912809346FC3}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.exe | 
"{BBC73C44-9FDB-4646-905F-B2E3E068CC88}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{BDDF5222-54A1-471A-96CD-F52973C8FFAA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BFA0CA62-7D16-4628-B878-9462075D185C}" = protocol=6 | dir=in | app=e:\civ 4\beyond the sword\civ4beyondsword.exe | 
"{BFA51A14-92CC-4597-BE18-D22E6C1384A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C34C709C-7B99-46BC-9B60-E4050A65E3F9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\wargame european escalation\wargame.exe | 
"{C484F089-6390-43F5-AD9B-EA3380176DD4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{CA2010CA-169F-4CFC-86BF-A21A07BE3907}" = protocol=6 | dir=out | app=system | 
"{CF2553B2-C08D-4310-BB77-028EDFB293E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF3DB441-0E76-4AF7-B084-72C8023B796C}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{CF477DB8-B223-4D3C-A3F0-EB864974A7B2}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{D18A296F-5268-412F-ADC9-5F8E53794463}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war\missioneditor\editor.exe | 
"{D290A896-0F6D-4D36-BDB4-D97AE3D2928E}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{D454CDF0-D101-4F17-8E74-F6245C13E672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4655629-72B3-4C3F-BFEA-924FE57A03B9}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{D6129173-D4B7-4BCD-83A8-EEFFC5ECC661}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{D7ACD0F6-8CB2-4066-A722-9B76F5705E61}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\masseffect2launcher.exe | 
"{D7CC652C-1E0F-40E2-8965-EACCC85A983B}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{DD505DB3-A4A6-4B87-B4A1-453EB579438B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{DDCE6D7E-8102-4A62-B68F-AFCE6FFA5E89}" = protocol=17 | dir=in | app=e:\coh\reliccoh.exe | 
"{E105CF09-1CCA-44D2-BA48-FD73EE21A5CC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\tropico 4\tropico4.exe | 
"{E2A15A13-6D55-45A8-A9DF-09F7DCCE633B}" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe | 
"{E2EC47C1-DF4D-471C-B86E-136108ECFBB5}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{E4B13330-D71B-42FB-925E-1EE289D01907}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5075295-552E-47B6-A6DC-7114CBC74EF1}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E9BE0227-02FD-4A85-B5F2-589312FB4F10}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9CE8A9C-A7D0-4828-9687-AFCCFDC1EBE3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v sdk\sid meier's civilization v sdk.exe | 
"{EB4EA075-AAAE-4CC9-B543-FF4E2D0E78B7}" = protocol=6 | dir=in | app=c:\spiele\mass effect 2\binaries\masseffect2.exe | 
"{EC8347D4-C296-434B-82E6-611AFE762833}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{EE2F4786-787C-4A1C-BC29-D0AC2AAEE9A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F42738A7-BA8B-4768-882C-EB9DF4088907}" = protocol=17 | dir=in | app=e:\civ 4\civilization4.exe | 
"{F67FB88F-AB43-4A24-894F-4262381C7832}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\port royale 3\portroyale3.exe | 
"{F7F838A9-55F6-4CE1-92FA-6AD52FE35FEB}" = protocol=58 | dir=in | app=system | 
"{F7F9C1BC-9DDF-46AC-8AF6-F9C336B7D7AE}" = protocol=17 | dir=in | app=e:\coh\relicdownloader\relicdownloader.exe | 
"{F8835270-5FE8-410A-A028-020B2328CE55}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{F8DF4F1D-FBF2-42AF-9D5D-73713FB5CDBC}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{FE47FD2D-55BA-4DE0-9BDC-F0248C0157EE}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"TCP Query User{201A8364-C761-4204-9F09-456CA9789EB2}C:\spiele\bf1942\bf1942.exe" = protocol=6 | dir=in | app=c:\spiele\bf1942\bf1942.exe | 
"TCP Query User{42DEABBE-6FE8-410C-AC63-2BB22465E2B8}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe | 
"TCP Query User{48705D98-F303-42DE-9BD4-14C8DBB4799A}C:\spiele\bf2\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe | 
"TCP Query User{4AF8AAA4-F95F-424E-AB51-7128405236B5}F:\steam\steam.exe" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"TCP Query User{4FB1EC24-CBD9-4FFF-9503-5125D38FF7A5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"TCP Query User{54F6B0F5-E4DF-49B7-BBF0-E82490D15221}C:\spiele\eu3 complete\eu3game.exe" = protocol=6 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe | 
"TCP Query User{5546CEB4-D9B8-4DC6-997C-3BC5800F8967}E:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=e:\eve online\bin\exefile.exe | 
"TCP Query User{5A82F9E7-E604-4F02-B206-77A4A268FC5B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{691AFC1E-06F7-41CF-8CD8-E8BF7DC28295}F:\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=f:\eve online\bin\exefile.exe | 
"TCP Query User{91171CAE-DCAA-40B3-9997-BBD5ACA302FF}E:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | 
"TCP Query User{91B9AB42-FD42-407E-A9A4-510E37BF459F}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=6 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin | 
"TCP Query User{9FA74E56-F56F-4C6E-84FD-044002C20BA8}C:\users\*****\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe | 
"TCP Query User{B1B69B7D-3AFA-4D02-97AE-294DC4D1C285}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe | 
"TCP Query User{D95521E2-5381-472D-8955-5B241D5EFCA9}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe | 
"TCP Query User{E82C95A9-19C2-45C9-ABD5-6536288F3AFF}E:\arma 2\arma2.exe" = protocol=6 | dir=in | app=e:\arma 2\arma2.exe | 
"TCP Query User{EC371077-F772-453B-9F43-347E06DA3FDA}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{F079665A-CFAF-46FD-875B-7C9D5D05951E}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=6 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe | 
"TCP Query User{F0A64BA1-AE06-4E55-BDCF-28CC3857003C}E:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | 
"TCP Query User{F23E5729-3A96-46F3-A0F1-6E1F721FC456}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{0D22E7E4-2647-446E-8466-8D16D5906677}E:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=e:\eve online\bin\exefile.exe | 
"UDP Query User{14168602-1EAD-41D2-B68C-ABF687F3FCC2}F:\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{2408E727-4B94-4EB4-B715-91A098B62586}E:\arma 2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\expansion\beta\arma2oa.exe | 
"UDP Query User{4D0558C3-937F-4461-B61B-8040DB210FBA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{8E09BE51-0A63-4CA1-8E28-5BA7B4E97ADF}F:\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=f:\eve online\bin\exefile.exe | 
"UDP Query User{900394C1-6ECD-47FA-A110-79B9B70C82D5}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe | 
"UDP Query User{98051E54-01FA-4E8E-B695-E742CC7338AD}E:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\worldoftanks.exe | 
"UDP Query User{B32DDDC4-4CF0-4FF2-A6B7-E79FCC9D90DC}C:\users\*****\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\d6b1c34127c0425097a1b6f12c6f7665\relicdownloader.exe | 
"UDP Query User{C30D7B86-1C6F-4B7E-9FF4-79696B98869C}E:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 new\hoi3_sf_ftm305_tfh402 - francesco\hoi3_tfh.exe | 
"UDP Query User{C555B734-926C-452D-8A62-2E4AC2835D83}E:\arma 2\arma2.exe" = protocol=17 | dir=in | app=e:\arma 2\arma2.exe | 
"UDP Query User{C8DC8538-7511-495C-B192-73C778B0761F}E:\arma 2\@dayz\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=e:\arma 2\@dayz\expansion\beta\arma2oa.exe | 
"UDP Query User{D2B46F80-EE19-459C-9042-A8F32F8ADF0E}C:\spiele\bf2\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\spiele\bf2\forgottenhope2.exe | 
"UDP Query User{D8791B0E-493D-4A25-823B-3DF60AE9B551}C:\spiele\eu3 complete\eu3game.exe" = protocol=17 | dir=in | app=c:\spiele\eu3 complete\eu3game.exe | 
"UDP Query User{DDA136A9-8261-40BE-B06B-0A627CE05754}E:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=e:\world_of_tanks\wotlauncher.exe | 
"UDP Query User{E2B1F8B4-FCA1-43BA-BA48-D1242D7F281E}E:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe" = protocol=17 | dir=in | app=e:\hoi3 neu\hoi3_sf_ftm305_tfh402\hoi3_tfh.exe | 
"UDP Query User{EE64EE35-B976-4A74-9234-1E5C73A99475}F:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2.exe | 
"UDP Query User{EEAC2883-6CC3-4C9B-9B8B-DADB3686371D}C:\spiele\bf1942\bf1942.exe" = protocol=17 | dir=in | app=c:\spiele\bf1942\bf1942.exe | 
"UDP Query User{F9CF49A0-4303-424F-BFEF-2458F8984609}F:\steam\steam.exe" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"UDP Query User{FAD552E5-6B83-4FDD-A943-9A90F262D3EA}F:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin" = protocol=17 | dir=in | app=f:\steam\steamapps\common\theatre of war ii kursk 1943\kursk1943.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{68CA3A47-3F7E-0E92-DC0D-5B0C02D9AFAD}" = ccc-utility64
"{6BB150E8-6CBB-5F8F-CAE7-BE21B2C92D31}" = AMD Accelerated Video Transcoding
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8424B163-D1E0-48B7-88A2-C7A61767B3D7}" = Microsoft SQL Server Compact 4.0 x64 ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{99720953-c1d6-4b90-8012-b7c3337f4efe}.sdb" = Battlefield 1942 Windows Vista/7 Compatibility Fix
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{DA3372D5-F228-5C71-3FAC-177D4AEE8659}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TS3 Overlay" = TS3 Overlay
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D45A4B-D7F5-C03E-1650-885756303D13}" = CCC Help Norwegian
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0613D880-939E-4C9D-AD7C-A10DF7D7D5E9}" = EveHQ
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1AAA38A8-5E6E-4F4E-A84B-F1EE589E93E9}" = Pixel-Fighter.com Toolbox
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{284E9E9A-D8BE-3588-D0BA-E9BB61970A1D}" = CCC Help Hungarian
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{30E18A93-982E-AF1B-D646-E8C5DAECA390}" = CCC Help French
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4021F8B5-E8BB-D0F9-AF28-4970013FAE3D}" = Catalyst Control Center
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{470D66DF-B597-124E-EDCE-8B966AA5F230}" = CCC Help Portuguese
"{483924A6-52C5-9169-0280-14272D5FBA70}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E3AA543-09D7-401E-9DF2-2591D24C7C49}" = Addon Sync 2009
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{52F7EC17-C7D9-4254-BBC5-404A67844ED1}" = EveMeepV3
"{57AE1BE1-24E8-4169-D52C-ABE31BD91562}" = CCC Help Finnish
"{5B5745F7-23EF-9E5E-6689-512C9FA08222}" = CCC Help English
"{611E417A-82C3-415C-B9C4-7C8DBF02E6D5}" = TS Notifier
"{625031C9-E249-2A53-C282-C1E9872B211E}" = CCC Help Turkish
"{655E0B5A-7ADF-A052-587F-64F0E59B58E7}" = CCC Help Dutch
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74437563-D720-0307-90FC-1C351B1041D7}" = Catalyst Control Center Localization All
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A4D10-821B-3FA5-52B0-F0FAEEDED9F4}" = CCC Help Czech
"{7BA14A92-C229-5E00-3ADE-8D22F81B849E}" = CCC Help German
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80A5B901-C7BD-D300-17BA-9E02F18EAB77}" = CCC Help Danish
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{82F505E6-5879-B30A-12B7-7795969D3BBB}" = CCC Help Polish
"{8476003F-6927-8393-C6F4-FAF47D61D00B}" = CCC Help Korean
"{89A2D79E-B3AD-A83A-795F-5645EFF922D3}" = CCC Help Greek
"{89C0F58F-9E5B-2B45-D9DF-7988A54BECA8}" = CCC Help Italian
"{8B91D776-792D-F02B-DE43-BF398549C729}" = CCC Help Spanish
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{983BE967-28E9-5C78-8851-638DAC4AF66E}" = CCC Help Swedish
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A707240D-18D3-07F4-AE2E-6AE76C220192}" = CCC Help Japanese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B95AC87D-630B-603F-3F12-AA22B3BBA69C}" = CCC Help Chinese Traditional
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3E9887A-23BA-4777-8080-191A5AFCAB74}" = Mumble 1.2.3
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB1C554C-5343-9A69-1B8C-666AF192CA19}" = CCC Help Russian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F32D24DD-D787-10F9-D21E-BC3FAB3064CB}" = Catalyst Control Center Graphics Previews Common
"{F8D90583-7BB5-75A9-B23F-A353AD4674BC}" = CCC Help Thai
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ArmA2" = ArmA2 Uninstall
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye" = BattlEye Uninstall
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blitzkrieg" = Blitzkrieg Mod
"CMFI_is1" = Combat Mission Fortress Italy
"CoH Community Mappack" = CoH Community Mappack
"Company of Heroes" = Company of Heroes
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Forgotten Hope" = Forgotten Hope 0.70
"Fraps" = Fraps (remove only)
"Hamachi" = Hamachi 1.0.3.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"Steam App 105600" = Terraria
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 16830" = Sid Meier's Civilization V SDK
"Steam App 203770" = Crusader Kings II
"Steam App 205610" = Port Royale 3
"Steam App 208140" = Endless Space
"Steam App 218230" = PlanetSide 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 46290" = Theatre of War
"Steam App 46340" = Theatre of War 2: Africa 1943
"Steam App 46360" = Theatre of War 2: Kursk 1943 
"Steam App 57690" = Tropico 4
"Steam App 58610" = Wargame: European Escalation
"Steam App 64000" = Men of War: Assault Squad
"Steam App 65800" = Dungeon Defenders
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 91310" = Dead Island
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1890510484-2314157509-767822104-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BASE 5.2" = BASE 5.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2013 17:59:46 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 18:19:00 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.01.2013 20:26:40 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 00:24:45 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 09:40:19 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.01.2013 19:48:18 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\ModManager.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.01.2013 19:48:18 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\benchmarks\benchmark_output.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.01.2013 19:48:19 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\redist\flashsecurity.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.01.2013 19:48:19 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\Steam\steamapps\common\total
 war shogun 2\redist\flashsecurity1.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.01.2013 20:31:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BF1942.exe, Version: 0.0.0.0, Zeitstempel:
 0x417564c4  Name des fehlerhaften Moduls: atiumdag.dll, Version: 7.14.10.911, Zeitstempel:
 0x4ff3d613  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0018e9c6  ID des fehlerhaften Prozesses:
 0xa80  Startzeit der fehlerhaften Anwendung: 0x01cdfb5c685acb87  Pfad der fehlerhaften
 Anwendung: C:\Spiele\BF1942\BF1942.exe  Pfad des fehlerhaften Moduls: C:\Windows\system32\atiumdag.dll
Berichtskennung:
 c9891e85-674f-11e2-993e-00261859817f
 
Error - 26.01.2013 10:06:58 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 24.01.2013 17:49:32 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:49:32 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.01.2013 17:51:04 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 25.01.2013 11:19:35 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.01.2013 11:21:17 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >

--- --- ---

cosinus · 26.01.2013, 23:17

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Trummel · 27.01.2013, 02:57

So erledigt.
Hat bei ESET Online Scanner wohl was gefunden.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
***** :: *****-PC [Administrator]

Schutz: Aktiviert

26.01.2013 23:25:54
mbam-log-2013-01-26 (23-25-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220833
Laufzeit: 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=9daee77a2d7e5149bc889a1193768edf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-27 01:28:24
# local_time=2013-01-27 02:28:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 22661 224673394 15440 0
# compatibility_mode=5893 16776573 100 94 128719 110879954 0 0
# scanned=923232
# found=1
# cleaned=0
# scan_time=10527
C:\_OTL\MovedFiles\01242013_224728\C_Users\*****\wgsdgsdgdsgsd.exe	Win32/LockScreen.ANX trojan	6335BD94603C9CC7E2716550CCD55E7BB3DD1EE9	I

cosinus · 27.01.2013, 13:29

Sieht soweit ok aus, der ESET-Fung bezieht sich nur auf die Q von OTL.

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Trummel · 27.01.2013, 17:15

Hallo

Das mit dem MVPS File versteh ich leider nicht da ich kein Engisch kann.
Aber ich werde jetzt auf den Firefox als Browser umsteigen, und mir das mit CookieCuller anschauen.

Wenn Windows startet kurz bevor der Destop sich richtig aufgebaut.
Erscheint oben links für einen bruchteil einer Sekunde ein kleines Dos Fenster,
in dem nichts drin steht.
Weiß nicht ob das Normal ist und schon immer da war.
Andere Funde sind mir nicht bekannt und das System scheint normal zulaufen.

Gruß

cosinus · 28.01.2013, 11:49

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Combofix entfernen: Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen

Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Trummel · 28.01.2013, 12:45

Hallo
Die Sachen die du empfehlst werde ich noch durchführen.
Möchte mich noch ganz Herzlich bei dir und dem Board bedanken.

Gruß

28.01.2013, 12:45	#27
Trummel	GVU Trojaner Hallo Die Sachen die du empfehlst werde ich noch durchführen. Möchte mich noch ganz Herzlich bei dir und dem Board bedanken. Gruß

GVU Trojaner

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner

GVU Trojaner