ICQ öffnet Chatfenster nacheinander und schließt selbige wieder

KabaL · 27.06.2010, 16:04

Hallo an Alle,

ich habe das Problem, dass ich auf einen Link geklickt habe den ich bekommen habe von einem Freund. Schien so als ob es ein Bildschirmschoner o.ä. sein würde.

Ich munter draufgeklickt und nix passierte.

Seitdem macht sich mein icq aber selbstständig, soll heißen:

In regelmäßigen Abständen öffnet sich meine ICQ liste und wählt nacheinander alle aus meiner Kontaktliste aus und öffnet ein Chatfenster mit der Person, das dann sofort wieder geschlossen wird. So geht es die ganze Liste runter (egal ob Online oder Offline-Kontakt).
Während der Trojaner oder was auch immer dieses tut kann ich am pc absolut nichts tun außer taskmanager und icq beenden....

Ich habe versucht mir selber ein bischen weiterzuhelfen doch das schien alles nicht zu helfen.

Ich habe jetzt ein HJT log für euch.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:09, on 27.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\winvsrnc.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\ICQ7.2\ICQ.exe
C:\Users\Rene\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVMWlanClient] "C:\Program Files (x86)\avmwlanstick\wlangui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - HKCU\..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\RunOnce: [*NMRUI] "C:\Users\Rene\Desktop\NPE.exe" /POSTFIX
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Update Service (gupdate1c986f58d58bfc4) (gupdate1c986f58d58bfc4) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11002 bytes

Bitte um HILFE

!!

Larusso · 27.06.2010, 16:39

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
MBAM Log
OTL.txt
Extras.txt

KabaL · 27.06.2010, 17:14

MBAM

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4245

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

27.06.2010 17:55:30
mbam-log-2010-06-27 (17-55-30).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129356
Laufzeit: 4 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL

Zitat:

PRC - [2009.04.10 19:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2008.10.28 02:01:00 | 001,794,048 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe

========== Modules (SafeList) ==========

MOD - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
MOD - [2010.03.07 22:14:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2008.05.02 05:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008.05.02 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.12.12 17:10:37 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.12.12 17:10:29 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 13:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.28 22:32:15 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 16:53:20 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.12.14 12:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymSMR110.SYS -- (SymSMR110)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.04 16:36:26 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV:64bit: - [2009.12.04 16:36:24 | 000,440,520 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.11.18 19:05:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.16 04:13:26 | 000,271,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.12 21:32:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.12 21:32:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.29 13:36:16 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.04.13 16:38:06 | 000,147,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv06.sys -- (acedrv06)
DRV:64bit: - [2009.04.13 16:38:06 | 000,132,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrvlg.sys -- (acedrvlg)
DRV:64bit: - [2009.04.13 16:38:06 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.28 02:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.10.28 02:01:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.04.22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 04:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007.03.07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV - [2009.04.13 16:38:06 | 000,089,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\acedrvlg.dll -- (acedrvlg)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv07.dll -- (acedrv07)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv06.dll -- (acedrv06)
DRV - [2008.12.31 02:43:20 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007.10.16 17:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ogame.de/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 14:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 12:32:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.25 18:19:25 | 000,000,000 | ---D | M]

[2009.10.11 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions
[2010.06.25 17:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.25 17:32:45 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2010.04.28 12:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.27 10:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.19 00:31:24 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.10.13 17:58:59 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010.06.25 17:32:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.04 14:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.28 22:32:54 | 000,001,648 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.28 22:32:54 | 000,002,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.28 22:32:54 | 000,007,015 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.28 22:32:54 | 000,001,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.28 22:32:54 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.06.27 10:05:22 | 000,395,582 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13663 more lines...
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
O4 - HKCU..\RunOnce: [*NMRUI] C:\Users\Rene\Desktop\NPE.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 01 00 00 00 [binary data]
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008.08.17 13:39:34 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2008.07.29 12:38:20 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 05:08:35 | 000,000,000 | ---D | M]

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010.06.27 17:55:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 16:55:25 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:51:34 | 000,072,240 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.06.27 13:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.27 13:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.27 13:57:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.27 13:56:44 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:16:53 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.27 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\NPE
[2010.06.27 12:08:21 | 005,501,296 | ---- | C] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:04:23 | 000,458,752 | ---- | C] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.27 10:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.02 22:45:59 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Onkelz
[2010.05.20 22:10:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Avira
[2010.05.20 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\ForceField Shared Files
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.05.20 21:53:23 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.05.20 21:53:19 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2010.05.20 21:53:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010.05.20 21:45:47 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.20 21:45:47 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.20 21:45:47 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.20 21:45:47 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.20 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.20 21:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2010.05.14 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Varengold Fox
[2010.05.11 16:22:21 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.04.28 22:32:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Opera
[2010.04.28 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.19 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.04.19 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.12 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\PokerStars.NET
[2010.04.12 23:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.27 17:59:54 | 007,176,192 | ---- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 17:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 16:55:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:53:44 | 000,001,408 | ---- | M] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 16:51:30 | 000,000,184 | ---- | M] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job
[2010.06.27 14:51:08 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.27 14:51:07 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.27 14:50:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 14:50:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 14:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 14:04:12 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 14:04:12 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.06.27 14:04:00 | 001,698,323 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.06.27 13:57:10 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 13:56:53 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 12:16:58 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:12:55 | 000,731,136 | ---- | M] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:08:31 | 005,501,296 | ---- | M] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:05:22 | 000,395,582 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.06.27 10:04:29 | 000,458,752 | ---- | M] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.26 19:37:41 | 000,187,135 | ---- | M] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.26 00:47:15 | 007,036,928 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:39 | 005,462,016 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:54 | 004,931,584 | ---- | M] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:27 | 005,746,688 | ---- | M] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.26 00:28:43 | 000,319,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.26 00:27:33 | 580,749,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 20:10:56 | 000,198,082 | ---- | M] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | M] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | M] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:10 | 000,000,560 | ---- | M] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:52:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:18:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:18:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TM.blf
[2010.05.22 11:41:33 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.20 21:53:48 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:53:20 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 20:13:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.05.18 18:30:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.05.13 16:16:52 | 000,034,304 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.11 16:22:21 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.04 22:33:52 | 001,456,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.04 22:33:52 | 000,632,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.04 22:33:52 | 000,598,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.04 22:33:52 | 000,128,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.04 22:33:52 | 000,105,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.09 13:29:15 | 001,360,575 | ---- | M] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:25 | 001,355,991 | ---- | M] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010.03.30 23:00:19 | 000,000,149 | ---- | M] () -- C:\Users\Rene\Desktop\Goldies.pls
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.27 16:53:36 | 000,601,224 | ---- | C] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:52:24 | 001,545,030 | ---- | C] () -- C:\Info20100627165138.xml
[2010.06.27 16:51:34 | 000,001,408 | ---- | C] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:51:30 | 000,000,184 | ---- | C] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 13:57:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:22:18 | 001,538,775 | ---- | C] () -- C:\Info20100627122128.xml
[2010.06.27 12:12:53 | 000,731,136 | ---- | C] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:10:33 | 001,541,269 | ---- | C] () -- C:\Info20100627120944.xml
[2010.06.26 19:37:29 | 000,187,135 | ---- | C] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 00:47:04 | 007,036,928 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:28 | 005,462,016 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:43 | 004,931,584 | ---- | C] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:15 | 005,746,688 | ---- | C] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.25 20:10:55 | 000,198,082 | ---- | C] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | C] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | C] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:08 | 000,000,560 | ---- | C] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:36:26 | 000,228,606 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924MSI02F6.txt
[2010.05.22 12:36:26 | 000,011,780 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924UI02F6.txt
[2010.05.22 12:35:39 | 000,536,588 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923MSI0259.txt
[2010.05.22 12:35:38 | 000,011,684 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923UI0259.txt
[2010.05.22 12:19:59 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:19:58 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:19:58 | 000,065,536 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.05.20 21:53:20 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 21:53:11 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:45:05 | 000,435,038 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistMSI0A9E.txt
[2010.05.20 21:45:05 | 000,011,594 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistUI0A9E.txt
[2010.05.18 18:30:23 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.04.09 13:29:12 | 001,360,575 | ---- | C] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:23 | 001,355,991 | ---- | C] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.30 23:00:18 | 000,000,149 | ---- | C] () -- C:\Users\Rene\Desktop\Goldies.pls
[2009.06.13 00:16:23 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.05.27 14:57:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.27 14:56:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.15 19:47:20 | 000,002,371 | ---- | C] () -- C:\Windows\WinRos.ini
[2009.05.15 19:47:19 | 000,003,868 | ---- | C] () -- C:\Windows\WinSig.ini
[2009.04.22 19:51:45 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\Imncb.dll
[2009.04.22 19:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Urncbc.dll
[2009.04.13 16:38:06 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrvlg.dll
[2009.04.13 16:38:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.04.13 14:54:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll
[2009.04.13 14:23:37 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.04.05 14:31:43 | 001,484,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.03.24 16:31:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.16 20:34:26 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\wk32.dll
[2009.02.16 20:34:26 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ic32.dll
[2008.12.28 23:40:23 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.28 23:40:23 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.12.19 03:06:28 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.12.18 22:12:20 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.12.18 13:46:50 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

========== LOP Check ==========

[2009.05.02 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\apsec
[2009.07.30 23:12:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Atari
[2009.07.26 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\BOM
[2009.02.16 18:24:11 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Canneverbe_Limited
[2010.05.20 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.02.05 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.05.15 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\counters
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools
[2009.11.18 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Lite
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Pro
[2009.05.15 19:46:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\eSignal
[2010.06.27 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ
[2009.05.16 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Leadertech
[2010.04.28 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.28 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera
[2009.10.10 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\PeerNetworking
[2009.01.10 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Red Alert 3
[2009.11.11 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Saxo Bank
[2009.11.09 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\tradesignal
[2010.06.24 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client
[2008.12.18 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TuneUp Software
[2009.08.13 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Ubisoft
[2009.03.28 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\WordToPDF
[2009.03.26 23:50:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\xproj
[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.06.27 14:04:03 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.18 20:28:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008.12.18 13:57:59 | 000,000,237 | ---- | M] () -- C:\csb.log
[2010.06.27 12:17:46 | 000,000,444 | ---- | M] () -- C:\ietgq.txt
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 14:50:25 | 312,037,375 | -HS- | M] () -- C:\pagefile.sys
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2008.12.18 13:55:17 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2008.12.31 02:21:06 | 000,000,122 | ---- | M] () -- C:\service.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
< End of report >

Extras

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.06.2010 18:00:39 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Rene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,76 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 7,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 154,76 Gb Total Space | 38,92 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Value error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2F FD A9 51 D3 DE C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2289016777-2642048843-1374912535-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EBEA59-494C-4C76-8103-D16EBA2D2BE0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{03642776-A8C6-42CC-8BA4-32554EDE52ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0769B0DD-DAE7-4E64-A2F0-6749E7CB00FF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0BE276F3-ABAB-490C-926D-60F2B810BAB8}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{10B0FFD3-F78D-4D19-A4E6-0F05D4785A4F}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{10E86EA8-C6C9-497A-A5F7-54DBF63FA63C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16B9D022-ED7B-4042-AA7B-0209ED39F766}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{18AC25A3-A05D-4670-90A8-8AE0D4A66ABB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{18FD29FE-44ED-428D-82A7-C77A09379578}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{28253E7F-008A-4AC6-B0A0-090F292EEC00}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2E278437-869D-41C7-B00B-CDA36AFA384A}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{30C40839-892E-4D8E-B49B-EC190B970412}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{456C7CB1-2750-4E74-8F19-B4C56BA1643A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48083F25-40A2-442F-A15F-2EA6C57E1EFE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{499312D4-56F1-43AE-B350-7032806477C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{54FA5F95-FAAA-4769-B274-886E3422DFC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{55022EDF-17D2-4ADB-9CA4-77BA33C7649F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5837E6FE-F796-4468-AA0F-E72BA045B7E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59252E3C-8BCF-43AF-A2B0-C408BE1078E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5DF7C210-4EB1-4540-8E49-CA0BEFB9E958}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61D95C2C-6CA5-4320-BB71-05760BA7451F}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{65500DCC-0ADE-47A9-B159-CA32E0BFC134}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{657F8427-F48F-42C1-961D-B3798A04EF0F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{692F2B17-F8CF-4990-B670-4E15E5A50ADE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{6EFE22CC-753C-4609-9789-5ECB76799107}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{77E64315-DAD0-4F2C-AE1F-E52275A9D1CA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{7D4CD38A-E8BC-4D82-AF7B-4B456B8FA30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{87429994-2C34-4154-9909-A8C9EB942C7B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8D44D8C3-FCCF-48C2-AFE0-DE63AE4A4883}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F8C0CA5-6ED5-4D1D-9194-C5A2458573A5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{94A11F46-1C2E-48D9-B212-919D4777938D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{9610002F-71E4-4DB3-BEE0-9D8CAFD9A46D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9735E09F-BD4E-4FBB-B48F-D00540C16A2A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{9B2616CE-237E-460E-AFE0-8DDFE798FD92}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D7C5A3D-05B8-4C49-B57E-DAF3BDBE09E8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A16DD12E-B645-4CDF-8B89-96694991206B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A53C7984-9FF4-49D3-9B5E-80B3608AD7C6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB40776B-A403-43AD-8AA0-4AFFC07E92B8}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{AC040F5E-9415-441C-9A2E-EF1DBB4B97B2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C161AAF6-94FF-4696-867F-8D4D321F3F75}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{C3A53FE1-49EC-4394-8769-9525423B5211}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{CB4CEA05-54E1-424F-8596-5DCF1EC279DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4ABDED5-9010-4C4F-9CBB-2E163A4825A5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E16D30D6-6765-49ED-95A9-9D396575A103}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EDF16B7C-1455-4BDB-A3D3-AC90F0236804}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EF5E0984-346F-49B2-9F9C-5991F4C6736E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03210A6A-9865-4AE5-B716-B56BE09FF6BD}" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe | 
"{04AADD9E-2B8A-46DF-815A-B9587E610225}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{07B922F7-6F98-49FC-9EBD-C62990803FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{09C23078-6379-480D-AED0-125E79990A9C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0A1E1029-52F3-4BFD-93FC-A13743FBF581}" = protocol=17 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe | 
"{0B5CACB7-0E62-4F84-9A28-675D6930414D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0D010D21-EE44-4884-93F9-18AC4C8FCE19}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{0FAFE8D1-276B-4CE7-BC05-690ABDC6CFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{151F9508-CCFC-4B4F-A9C9-97812748FFBC}" = protocol=6 | dir=in | app=e:\cod world at war\codwaw.exe | 
"{1A9C789E-E98B-4FB6-B70B-2DB45B1E3E53}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{20686F00-AF35-4F0E-A800-3D1A3A09E71B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{25802063-48BB-467F-8B62-D1638EED46D7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{2B35A30F-E478-4514-BB68-6DE616997264}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DA3DD04-3476-4CA5-BECF-BB225F3CC723}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{309750BD-5B83-4108-984F-C79A79E00E3C}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe | 
"{32281C68-56CE-4C58-9C6D-61252E0B0BE2}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3B236773-4AA0-48BB-AEA8-E5902247DBD7}" = protocol=6 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{3BF12050-978A-403B-854E-6644457A6415}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3C328BAA-6ED5-4680-BB6B-B0D4F030AC98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe | 
"{3EE35AD7-D4E4-4032-85D5-6B7F5B8049F2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{3EF49AB1-F066-47F5-9DE8-7320A4225A90}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe | 
"{4039DE82-DF4E-4AD4-B907-66E074E6C1C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4485E66F-1FC8-45AA-BC8B-F81308E6FA33}" = protocol=17 | dir=in | app=e:\cod world at war\codwawmp.exe | 
"{4655FC37-9712-4A6A-B6BD-E65377D70CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{47FD0414-E079-4C29-9BB1-479A07AAA296}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{49070DED-6DED-495A-9AE5-AC2A1735E3C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{4CF4B22E-7FB7-45ED-B6A7-FE7227F60F4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{55584D5D-5E52-4BAE-80A5-FD6EEBB48442}" = protocol=17 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{5DCDFCE3-D89A-48D1-A8EA-8AAA94E741AE}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe | 
"{61CE42C2-D7E6-4CA2-8060-49D4DC2E8DAA}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{66F4FA82-EE05-4FCE-9D9F-1C8485297B76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6BE67594-10E9-4829-A1D7-70D0DB2D795F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{70780BF9-178E-4B8E-8BCA-F42A3C63C151}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{71ED77E4-F442-4D60-A416-AAA0103A397C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{75C74060-95D8-4243-938C-F1026A7A73F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7902A92F-835A-43D5-902F-A530F1AFAEB8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7EBEFD8A-EA00-4018-8021-50E2C5CCE858}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe | 
"{8163645F-8030-4B7A-ABA1-BC207F7AB096}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{84EC53EA-A929-4AE3-9403-043AE2502FF2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{86357A2C-6688-4DDF-B0CE-77B0A7B3BE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{8D5ED9FF-EBFE-4667-8CDF-F38126B2C442}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe | 
"{8F00B418-487D-4E29-9CB1-8230BB014A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{914C7114-25D8-4E08-9F10-9787D7912BCE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{94D51E09-0B10-44DC-9872-C6BC6CAAD15B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{95619472-42E5-4E9D-9C2B-0C82AA7B45BD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{99F8985C-3F71-40E1-A9D3-A5A5C0879016}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9A71ED3E-A461-42D3-ADBB-1965F30EECB1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{9B81BB3F-DAD4-40A9-80CC-F3D608D2BA89}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{9D5C2826-BBB6-4980-AB4E-DEB952EE12D9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A097EADB-14A4-4D88-ABE0-C793B536A7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{A1B9B5E1-1DD7-4EA4-ABC2-9314AD111B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{A7EAD8C0-0141-4C29-BCE8-F2670DBCDC42}" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe | 
"{AAB81A5E-3F6C-452A-820A-F08C1E8FDF55}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B1050F42-28B3-49E0-916F-E155E88C125A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B1ED48C5-3988-4053-A167-421974B673F5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B49B0BCB-CAA5-4C0B-8456-E07AE68B2C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B53A8159-4C71-4433-8DEC-F740304CA99F}" = protocol=6 | dir=in | app=e:\cod world at war\codwawmp.exe | 
"{B748BB51-740E-4D19-90EB-AE23579D2369}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe | 
"{C035CF1E-5610-4853-B3D6-9A987B03117B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3E066FE-AEDA-48FE-B942-1168B32C8E35}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe | 
"{CB13451F-840E-4CEC-9363-ACD8FB2F275A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{CF6A45CB-EE69-4064-B15D-A2FD837306E2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D93F204F-A8DC-4344-ABF4-C8099FB9E9D8}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{E2BEE8E3-9819-46FF-98EE-2B6D482C83BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{E5E4106D-0CA3-40CD-8AEB-95D3A3F2E931}" = protocol=6 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe | 
"{F237DAC3-5281-4025-B76A-327C562F4B00}" = protocol=17 | dir=in | app=e:\cod world at war\codwaw.exe | 
"{F55C145B-F9CD-4C4C-9241-A0BAF034609A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F92C67C0-F532-485D-9B53-2782331948C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FAD1F8D0-A8B5-4567-8FCD-627C57B23482}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"TCP Query User{015D51E9-1141-48D0-AD80-D6B7E80FEF15}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe | 
"TCP Query User{2537371B-F767-46C0-93BC-FD17792168B5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{4D4468C5-583E-4F77-AC4E-31AEFC7E6CD4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{70012A36-95B6-4BFB-AE2E-9175BC28B594}E:\warcraft 3 1.16\war3.exe" = protocol=6 | dir=in | app=e:\warcraft 3 1.16\war3.exe | 
"TCP Query User{7B8D5C31-731F-4ABB-91CA-A1E6CC94BC66}E:\programme\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe | 
"TCP Query User{81403C92-3E43-4A32-AF53-74878DFEF932}E:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"TCP Query User{8AC64030-10B2-4405-91BD-BEDD71FD86D3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{8BC64F52-DCA2-4087-9D7F-81F07CCB86D0}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{93467EC8-D9C5-4BF3-BD78-F0ACCEF19741}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{A94C503E-B0BA-49A3-BD6C-7E9390A59C46}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"TCP Query User{C0BB8EF6-363F-41D9-AAD8-B652053067FB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{0F270C8E-EA37-4DFD-AB4A-55A6DB5AEE87}E:\warcraft 3 1.16\war3.exe" = protocol=17 | dir=in | app=e:\warcraft 3 1.16\war3.exe | 
"UDP Query User{110C3843-EA2B-40DA-BA81-51523E26D8F4}E:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"UDP Query User{22ACF218-0CF3-4239-A187-95BE70C783C1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{2739792A-0EA6-498C-BBD7-AB9C2F8D0C43}E:\programme\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe | 
"UDP Query User{56DA3E2A-A15E-4B92-B20B-1108D5E867CB}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{6DFB35FE-0E92-4159-8D7A-16C70EB48831}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{7186BADA-A952-4DB1-87E7-2FBF3E2C33F7}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"UDP Query User{76B25B5D-38F8-489E-9069-26B4F4DF5A03}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe | 
"UDP Query User{C93880FB-C5FA-4DA4-A27A-72C198D6083E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{CE36E0C9-6980-4B6C-8865-CAB299B89D1D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{DA4C820A-6ED6-41CE-8B41-1B671515879C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{EC87E256-B0A4-4A41-8682-AB57FF21196D}" = SweetIM for Messenger 2.7
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DivX Setup.divx.com" = DivX-Setup
"EXPERTool_is1" = EXPERTool 6.7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FXCM Trading Station" = FXCM Trading Station
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Steam App 24960" = Battlefield: Bad Company 2
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"flatex-Trader" = flatex-Trader
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Villt noch als zusätzliche Info:

Antivir meldete bei beiden Programmausführungen folgendes:

Larusso · 27.06.2010, 17:20

Die OTL.txt ist nicht komplett. Bitte erneut posten

KabaL · 27.06.2010, 17:31

Ups Sorry, hier nochmal:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.06.2010 18:00:39 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Rene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 69,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,76 Gb Free Space | 3,53% Space Free | Partition Type: NTFS
Drive D: | 7,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 154,76 Gb Total Space | 38,92 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
PRC - [2010.06.26 12:48:10 | 000,070,656 | RHS- | M] () -- C:\Users\Public\winvsrnc.exe
PRC - [2010.06.18 00:11:59 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009.12.04 16:34:52 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.04.10 19:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2008.10.28 02:01:00 | 001,794,048 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
MOD - [2010.03.07 22:14:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2008.05.02 05:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008.05.02 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.12.12 17:10:37 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.12.12 17:10:29 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 13:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.28 22:32:15 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 16:53:20 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.12.14 12:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymSMR110.SYS -- (SymSMR110)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.04 16:36:26 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV:64bit: - [2009.12.04 16:36:24 | 000,440,520 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.11.18 19:05:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.16 04:13:26 | 000,271,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.12 21:32:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.12 21:32:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.29 13:36:16 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.04.13 16:38:06 | 000,147,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv06.sys -- (acedrv06)
DRV:64bit: - [2009.04.13 16:38:06 | 000,132,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrvlg.sys -- (acedrvlg)
DRV:64bit: - [2009.04.13 16:38:06 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.28 02:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.10.28 02:01:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.04.22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 04:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007.03.07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV - [2009.04.13 16:38:06 | 000,089,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\acedrvlg.dll -- (acedrvlg)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv07.dll -- (acedrv07)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv06.dll -- (acedrv06)
DRV - [2008.12.31 02:43:20 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007.10.16 17:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ogame.de/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 14:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 12:32:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.25 18:19:25 | 000,000,000 | ---D | M]
 
[2009.10.11 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions
[2010.06.25 17:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.25 17:32:45 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2010.04.28 12:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.27 10:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.19 00:31:24 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.10.13 17:58:59 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010.06.25 17:32:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.06.27 12:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.04 14:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.28 22:32:54 | 000,001,648 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.28 22:32:54 | 000,002,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.28 22:32:54 | 000,007,015 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.28 22:32:54 | 000,001,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.28 22:32:54 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.27 10:05:22 | 000,395,582 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13663 more lines...
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
O4 - HKCU..\RunOnce: [*NMRUI] C:\Users\Rene\Desktop\NPE.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 01 00 00 00  [binary data]
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008.08.17 13:39:34 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2008.07.29 12:38:20 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008.01.21 05:08:35 | 000,000,000 | ---D | M]
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.27 17:55:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 16:55:25 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:51:34 | 000,072,240 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.06.27 13:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.27 13:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.27 13:57:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.27 13:56:44 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:16:53 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.27 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\NPE
[2010.06.27 12:08:21 | 005,501,296 | ---- | C] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:04:23 | 000,458,752 | ---- | C] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.27 10:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.02 22:45:59 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Onkelz
[2010.05.20 22:10:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Avira
[2010.05.20 22:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\Documents\ForceField Shared Files
[2010.05.20 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.05.20 21:53:23 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2010.05.20 21:53:19 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll
[2010.05.20 21:53:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010.05.20 21:45:47 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.20 21:45:47 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.05.20 21:45:47 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.20 21:45:47 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.05.20 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.20 21:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.05.18 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Candleworks
[2010.05.14 18:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Varengold Fox
[2010.05.11 16:22:21 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.04.28 22:32:54 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Opera
[2010.04.28 22:32:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.19 18:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2010.04.19 18:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.04.12 23:39:33 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\PokerStars.NET
[2010.04.12 23:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2010.03.31 03:58:24 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.27 17:59:54 | 007,176,192 | ---- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 17:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 16:55:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rene\Desktop\HiJackThis.exe
[2010.06.27 16:53:44 | 000,001,408 | ---- | M] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:51:34 | 000,072,240 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSMR110.SYS
[2010.06.27 16:51:30 | 000,000,184 | ---- | M] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:50:31 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job
[2010.06.27 14:51:08 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.27 14:51:07 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.27 14:50:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 14:50:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 14:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 14:04:12 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 14:04:12 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.06.27 14:04:00 | 001,698,323 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.06.27 13:57:10 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 13:56:53 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rene\Desktop\mbam-setup.exe
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 12:16:58 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Users\Rene\Desktop\ccsetup233.exe
[2010.06.27 12:12:55 | 000,731,136 | ---- | M] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:08:31 | 005,501,296 | ---- | M] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:05:22 | 000,395,582 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.06.27 10:04:29 | 000,458,752 | ---- | M] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.26 19:37:41 | 000,187,135 | ---- | M] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.26 00:47:15 | 007,036,928 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:39 | 005,462,016 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:54 | 004,931,584 | ---- | M] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:27 | 005,746,688 | ---- | M] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.26 00:28:43 | 000,319,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.26 00:27:33 | 580,749,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 20:10:56 | 000,198,082 | ---- | M] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | M] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | M] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:10 | 000,000,560 | ---- | M] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:52:48 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:18:41 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:18:41 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{9ee191b8-d4db-11dd-863c-001fd086c6fb}.TM.blf
[2010.05.22 11:41:33 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.20 21:53:48 | 000,422,437 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:53:20 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 20:13:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2010.05.18 18:30:23 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.05.13 16:16:52 | 000,034,304 | ---- | M] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.11 16:22:21 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2010.05.04 22:33:52 | 001,456,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.04 22:33:52 | 000,632,172 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.04 22:33:52 | 000,598,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.04 22:33:52 | 000,128,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.04 22:33:52 | 000,105,922 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.09 13:29:15 | 001,360,575 | ---- | M] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:25 | 001,355,991 | ---- | M] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.31 03:58:24 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2010.03.30 23:00:19 | 000,000,149 | ---- | M] () -- C:\Users\Rene\Desktop\Goldies.pls
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.27 16:53:36 | 000,601,224 | ---- | C] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:52:24 | 001,545,030 | ---- | C] () -- C:\Info20100627165138.xml
[2010.06.27 16:51:34 | 000,001,408 | ---- | C] () -- C:\Windows\SysNative\drivers\SymSMR110.dat
[2010.06.27 16:51:30 | 000,000,184 | ---- | C] () -- C:\Users\Rene\Desktop\NPE.ctl
[2010.06.27 13:57:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:22:18 | 001,538,775 | ---- | C] () -- C:\Info20100627122128.xml
[2010.06.27 12:12:53 | 000,731,136 | ---- | C] () -- C:\Users\Rene\Desktop\avenger.exe
[2010.06.27 12:10:33 | 001,541,269 | ---- | C] () -- C:\Info20100627120944.xml
[2010.06.26 19:37:29 | 000,187,135 | ---- | C] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 00:47:04 | 007,036,928 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:28 | 005,462,016 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:43 | 004,931,584 | ---- | C] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:15 | 005,746,688 | ---- | C] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.25 20:10:55 | 000,198,082 | ---- | C] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | C] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | C] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.05.22 17:59:08 | 000,000,560 | ---- | C] () -- C:\Users\Rene\Desktop\Technobase.pls
[2010.05.22 12:36:26 | 000,228,606 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924MSI02F6.txt
[2010.05.22 12:36:26 | 000,011,780 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL90SP1_KB973924UI02F6.txt
[2010.05.22 12:35:39 | 000,536,588 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923MSI0259.txt
[2010.05.22 12:35:38 | 000,011,684 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_ATL80SP1_KB973923UI0259.txt
[2010.05.22 12:19:59 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000002.regtrans-ms
[2010.05.22 12:19:58 | 000,524,288 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.05.22 12:19:58 | 000,065,536 | -HS- | C] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.05.20 21:53:20 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml
[2010.05.20 21:53:11 | 000,422,437 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010.05.20 21:45:05 | 000,435,038 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistMSI0A9E.txt
[2010.05.20 21:45:05 | 000,011,594 | ---- | C] () -- C:\Users\Rene\AppData\Local\dd_vcredistUI0A9E.txt
[2010.05.18 18:30:23 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\FXCM Trading Station.lnk
[2010.04.09 13:29:12 | 001,360,575 | ---- | C] () -- C:\Windows\SysNative\jk.jkö
[2010.04.09 13:29:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\jk.jkö
[2010.04.09 13:27:23 | 001,355,991 | ---- | C] () -- C:\Windows\SysNative\Pfizer
[2010.04.09 13:27:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Pfizer
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.30 23:00:18 | 000,000,149 | ---- | C] () -- C:\Users\Rene\Desktop\Goldies.pls
[2009.06.13 00:16:23 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.05.27 14:57:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.27 14:56:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.15 19:47:20 | 000,002,371 | ---- | C] () -- C:\Windows\WinRos.ini
[2009.05.15 19:47:19 | 000,003,868 | ---- | C] () -- C:\Windows\WinSig.ini
[2009.04.22 19:51:45 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\Imncb.dll
[2009.04.22 19:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Urncbc.dll
[2009.04.13 16:38:06 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrvlg.dll
[2009.04.13 16:38:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.04.13 14:54:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll
[2009.04.13 14:23:37 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.04.05 14:31:43 | 001,484,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.03.24 16:31:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.16 20:34:26 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\wk32.dll
[2009.02.16 20:34:26 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ic32.dll
[2008.12.28 23:40:23 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.28 23:40:23 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.12.19 03:06:28 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.12.18 22:12:20 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.12.18 13:46:50 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2009.05.02 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\apsec
[2009.07.30 23:12:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Atari
[2009.07.26 13:53:21 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\BOM
[2009.02.16 18:24:11 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Canneverbe_Limited
[2010.05.20 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\CheckPoint
[2010.02.05 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.05.15 19:47:35 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\counters
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools
[2009.11.18 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Lite
[2008.12.18 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DAEMON Tools Pro
[2009.05.15 19:46:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\eSignal
[2010.06.27 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ
[2009.05.16 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Leadertech
[2010.04.28 22:32:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\OCS
[2010.04.28 22:32:54 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera
[2009.10.10 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\PeerNetworking
[2009.01.10 23:44:46 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Red Alert 3
[2009.11.11 00:59:08 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Saxo Bank
[2009.11.09 19:39:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\tradesignal
[2010.06.24 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client
[2008.12.18 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TuneUp Software
[2009.08.13 21:11:29 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Ubisoft
[2009.03.28 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\WordToPDF
[2009.03.26 23:50:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\xproj
[2010.06.27 18:00:00 | 000,000,534 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.06.27 14:04:03 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.12.18 20:28:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008.12.18 13:57:59 | 000,000,237 | ---- | M] () -- C:\csb.log
[2010.06.27 12:17:46 | 000,000,444 | ---- | M] () -- C:\ietgq.txt
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 14:50:25 | 312,037,375 | -HS- | M] () -- C:\pagefile.sys
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2008.12.18 13:55:17 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2008.12.31 02:21:06 | 000,000,122 | ---- | M] () -- C:\service.log
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\SysWOW64\ws2_32.dll
< End of report >

--- --- ---

Larusso · 27.06.2010, 17:44

Was macht Avenger auf deinem System ?

Schritt 1

Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller

Doppelklick auf die revosetup.exe.
Installiere das Tool in den vorgegebenen Pfad.
Doppelklick auf das Revo Uninstall Icon.
Suche Dir nun folgende Software aus der Code-Box.
Code:
ATTFilter
```
 SweetIM for Messenger 2.7
Softonic_Deutsch Toolbar
         
```
Klicke darauf und bestätige mit Ja.
Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Starte den Rechner neu auf.

Schritt 2

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
PRC - [2010.06.26 12:48:10 | 000,070,656 | RHS- | M] () -- C:\Users\Public\winvsrnc.exe
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Windows System Updates] C:\Users\Public\winvsrnc.exe ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRunCD.exe -- [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek)
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell - "" = AutoRun
O33 - MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3

Grundreinigung mit SUPERAntiSpyware

Bitte lade Dir SUPERAntiSpyware FREE Edition herunter.
Das Programm ist geeignet für: Windows 98, 98SE, ME, 2000, 2003, XP und Vista.
Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Eine bebilderte Anleitung findest Du hier.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt 4

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 5

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 5
OTLfix Log
SASW Log
ESET Log
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort

KabaL · 27.06.2010, 21:28

OTL fix

Zitat:

All processes killed
========== OTL ==========
No active process named winvsrnc.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Prefs.js: "Softonic Deutsch Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.
File C:\Program Files (x86)\Softonic_Deutsch\tbSoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Updates not found.
File C:\Users\Public\winvsrnc.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f34845a-cee2-11de-9646-001fd086c6fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f34845a-cee2-11de-9646-001fd086c6fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f34845a-cee2-11de-9646-001fd086c6fb}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4433bf61-d466-11de-aac9-001fd086c6fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4433bf61-d466-11de-aac9-001fd086c6fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4433bf61-d466-11de-aac9-001fd086c6fb}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{476cd42f-e558-11dd-a0b6-001fd086c6fb}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cabae420-cd31-11dd-96ef-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cabae420-cd31-11dd-96ef-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cabae420-cd31-11dd-96ef-806e6f6e6963}\ not found.
File move failed. D:\AutoRunCD.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dea035d6-cd1a-11dd-857f-001fd086c6fb}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Rene
->Temp folder emptied: 17896399 bytes
->Temporary Internet Files folder emptied: 98476726 bytes
->Java cache emptied: 132584961 bytes
->FireFox cache emptied: 171311067 bytes
->Flash cache emptied: 166715 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15591 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 14883023 bytes

Total Files Cleaned = 415,00 mb

OTL by OldTimer - Version 3.2.7.0 log created on 06272010_185846

Files\Folders moved on Reboot...
File move failed. D:\AutoRunCD.exe scheduled to be moved on reboot.
C:\Users\Rene\AppData\Local\Temp\~DFBDCB.tmp moved successfully.
File\Folder C:\Windows\temp\ZLT01f01.TMP not found!

Registry entries deleted on Reboot...

SASW

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/27/2010 at 07:53 PM

Application Version : 4.39.1002

Core Rules Database Version : 5125
Trace Rules Database Version: 2937

Scan type : Complete Scan
Total Scan Time : 00:45:19

Memory items scanned : 570
Memory threats detected : 0
Registry items scanned : 13068
Registry threats detected : 0
File items scanned : 38209
File threats detected : 84

Adware.Tracking Cookie
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@discount24[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ww251.smartadserver[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@rts.pgmediaserve[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@serving-sys[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@revsci[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adultadworld[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@atwola[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@zbox.zanox[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@bs.serving-sys[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adsrv.admediate[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adfarm1.adition[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@smartadserver[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adserver.71i[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@xiti[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@trafficmp[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@track.webtrekk[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@media6degrees[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@tribalfusion[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.zanox[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@kaspersky.122.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@msnportal.112.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@eaeacom.112.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@partypoker[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@rotator.adjuggler[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads.net2day[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@unitymedia[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@a7.adserver01[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad2.doublepimp[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads.quartermedia[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@warnerbros.112.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads-dev.youporn[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@www.zanox-affiliate[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@2o7[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@media4less[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.adocean[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ice.112.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@audit.median[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@www.etracker[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@zanox-affiliate[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@tacoda[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.yieldmanager[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@webmasterplan[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@euros4click[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads.heias[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.dkb[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@tracking.mindshare[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@youporn[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@zanox[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads.monster[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@server.iad.liveperson[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@interclick[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@at.atwola[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adserver.adtechus[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@partygaming.122.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@gamecenter.oberon-media[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads4.net2day[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@tracking.quisma[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@dc.tremormedia[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad-hoc-news[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@track.adform[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.zedmobil[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@sevenoneintermedia.112.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adtech[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@tto2.traffictrack[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@invitemedia[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@www.discount24[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads.noisy[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@content.yieldmanager[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@questionmarket[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.71i[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@komtrack[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ads2.net2day[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@traffictrack[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@www9.discount24[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@axelspringer.122.2o7[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@count.spring[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@icq-banner-remover.softonic[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@adbrite[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@oberon-media[2].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@ad.performance-netzwerk[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@earlyexperience.partyaccount[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@pornhub[1].txt
C:\Users\Rene\AppData\Roaming\Microsoft\Windows\Cookies\rene@collective-media[1].txt

Trojan.Vundo-Variant/F
C:\WINDOWS\ASSEMBLY\NATIVEIMAGES1_V1.1.4322\SYSTEM.DRAWING.DESIGN\1.0.5000.0__B03F5F7F11D50A3A_52EABFC9\SYSTEM.DRAWING.DESIGN.DLL

ESET

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=341259301a973243b20a53d76389ae19
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-27 06:39:26
# local_time=2010-06-27 08:39:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 42421682 42421682 0 0
# compatibility_mode=1797 16775165 100 94 6492 36757059 522210 0
# compatibility_mode=5892 16776573 100 56 180822 115187872 0 0
# compatibility_mode=8192 67108863 100 0 201 201 0 0
# compatibility_mode=9217 16777214 75 66 3278704 17730294 0 0
# scanned=14
# found=0
# cleaned=0
# scan_time=84
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=341259301a973243b20a53d76389ae19
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-27 08:13:13
# local_time=2010-06-27 10:13:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 42421720 42421720 0 0
# compatibility_mode=1797 16775165 100 94 6530 36757097 522248 0
# compatibility_mode=5892 16776573 100 56 180860 115187910 0 0
# compatibility_mode=8192 67108863 100 0 239 239 0 0
# compatibility_mode=9217 16777214 75 66 3278742 17730332 0 0
# scanned=176021
# found=0
# cleaned=0
# scan_time=5588

OTL

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.06.2010 22:19:42 - Run 3
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Rene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,66 Gb Free Space | 3,41% Space Free | Partition Type: NTFS
Drive D: | 7,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 154,76 Gb Total Space | 38,92 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
PRC - [2010.06.25 12:32:33 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.06.18 00:11:59 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.04.10 19:29:08 | 000,037,888 | ---- | M] () -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2008.10.28 02:01:00 | 001,794,048 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2008.05.02 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
MOD - [2010.03.07 22:14:51 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2008.05.02 05:00:00 | 000,057,344 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\GameHook.dll
MOD - [2008.05.02 05:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\x86\lgscroll.dll
MOD - [2008.01.21 04:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.06.07 19:02:48 | 000,125,440 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.12.12 17:10:37 | 000,842,056 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV:64bit: - [2009.12.12 17:10:29 | 000,506,696 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV:64bit: - [2009.11.16 13:25:48 | 000,035,144 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.28 22:32:15 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.28 16:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.03.07 22:19:50 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.12.04 16:36:20 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.19 16:53:20 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2008.10.28 02:01:00 | 000,364,544 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.02 03:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.12.14 12:46:28 | 000,047,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.12.04 16:36:26 | 000,446,152 | ---- | M] (Check Point Software Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV:64bit: - [2009.12.04 16:36:24 | 000,440,520 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009.11.18 19:05:07 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.16 04:13:26 | 000,271,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.08.12 21:32:02 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.12 21:32:01 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.05.29 13:36:16 | 000,048,640 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.04.13 16:38:06 | 000,147,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv06.sys -- (acedrv06)
DRV:64bit: - [2009.04.13 16:38:06 | 000,132,320 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrvlg.sys -- (acedrvlg)
DRV:64bit: - [2009.04.13 16:38:06 | 000,125,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2009.03.19 16:34:18 | 000,029,544 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.10.28 02:01:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2008.10.28 02:01:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2008.04.22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008.02.29 04:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.02.29 04:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.02.29 04:16:20 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.01.21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007.03.07 14:13:20 | 000,017,920 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\pnetmdm64.sys -- (pnetmdm)
DRV - [2010.02.17 20:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2010.02.17 20:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.04.13 16:38:06 | 000,089,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\acedrvlg.dll -- (acedrvlg)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv07.dll -- (acedrv07)
DRV - [2009.04.13 16:38:06 | 000,081,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\acedrv06.dll -- (acedrv06)
DRV - [2008.12.31 02:43:20 | 000,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2007.10.16 17:15:26 | 000,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\ET5Drv.sys -- (ET5Drv)
DRV - [2007.09.07 15:55:04 | 000,012,744 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Entech64.sys -- (ENTECH64)
DRV - [2007.03.16 11:11:20 | 000,015,648 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TBPanelx64.sys -- (Cardex)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006.09.18 23:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1351351&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ogame.de/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.1
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {1acd747e-8470-11db-96a9-00e08161165f}:5.6.4.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010.03.06 14:01:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.06.25 12:32:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.27 20:33:57 | 000,000,000 | ---D | M]
 
[2009.10.11 22:38:24 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions
[2010.06.27 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions
[2010.06.25 17:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.06.25 17:32:45 | 000,000,000 | ---D | M] (Tradesignal Web Edition) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{1acd747e-8470-11db-96a9-00e08161165f}
[2010.04.28 12:45:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.27 10:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.19 00:31:24 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2009.10.13 17:58:59 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2010.06.25 17:32:53 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\0eh9801g.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.06.27 22:16:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.02.04 14:56:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.27 20:33:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.06.27 20:33:43 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.28 22:32:54 | 000,001,648 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.28 22:32:54 | 000,002,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.28 22:32:54 | 000,007,015 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.28 22:32:54 | 000,001,242 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.28 22:32:54 | 000,000,830 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.27 10:05:22 | 000,395,582 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13663 more lines...
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Rene\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Firefox] C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 01 00 00 00  [binary data]
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rene\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.10 14:00:09 | 004,990,176 | R--- | M] (Crytek) - D:\AutoRunCD.exe -- [ UDF ]
O32 - AutoRun File - [2008.08.17 13:39:34 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2008.07.29 12:38:20 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009.11.10 14:29:22 | 000,000,043 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.27 20:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.06.27 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.06.27 20:33:57 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.27 20:33:57 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.27 20:33:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.27 20:33:57 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.27 20:32:35 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Rene\Desktop\jre-6u20-windows-i586-iftw-rv.exe
[2010.06.27 19:05:04 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.27 19:05:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.27 19:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010.06.27 19:04:54 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.27 19:04:09 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Rene\Desktop\SUPERAntiSpyware.exe
[2010.06.27 18:58:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.06.27 18:54:38 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\exen
[2010.06.27 18:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2010.06.27 17:55:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes
[2010.06.27 13:57:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.27 13:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.27 13:57:05 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.27 13:57:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.27 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.27 12:08:34 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\NPE
[2010.06.27 12:08:21 | 005,501,296 | ---- | C] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:04:23 | 000,458,752 | ---- | C] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.27 10:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.06.25 18:21:09 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.06.25 18:21:09 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.06.25 18:21:09 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.06.25 18:21:09 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.06.25 18:21:09 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.06.25 18:21:09 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.06.25 18:21:09 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.06.25 18:21:09 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.06.25 18:14:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010.06.25 18:14:30 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010.06.25 18:14:30 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010.06.25 18:14:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010.06.25 18:14:19 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.06.25 18:14:18 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.06.25 18:14:18 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.06.25 18:14:18 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.06.25 18:14:17 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.06.25 18:14:17 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieencode.dll
[2010.06.25 18:14:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieencode.dll
[2010.06.25 18:14:16 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.06.25 18:14:16 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010.06.25 18:14:13 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.25 18:14:13 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.25 18:14:13 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.25 18:14:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.02 22:45:59 | 000,000,000 | ---D | C] -- C:\Users\Rene\Desktop\Onkelz
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.27 22:21:54 | 007,176,192 | ---- | M] () -- C:\Users\Rene\NTUSER.DAT
[2010.06.27 22:17:02 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 22:00:05 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.06.27 20:35:30 | 002,672,312 | ---- | M] () -- C:\Users\Rene\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 20:33:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.06.27 20:33:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.06.27 20:33:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.06.27 20:33:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.06.27 20:32:37 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Rene\Desktop\jre-6u20-windows-i586-iftw-rv.exe
[2010.06.27 20:30:04 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.27 20:30:03 | 000,306,646 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.27 20:29:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 20:29:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 20:29:26 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 20:29:25 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 20:29:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 20:28:21 | 000,524,288 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 20:28:21 | 000,065,536 | -HS- | M] () -- C:\Users\Rene\NTUSER.DAT{8ce6a30b-6586-11df-a64b-001fd086c6fb}.TM.blf
[2010.06.27 20:27:59 | 001,894,588 | -H-- | M] () -- C:\Users\Rene\AppData\Local\IconCache.db
[2010.06.27 20:22:30 | 000,071,798 | ---- | M] () -- C:\Users\Rene\Desktop\JavaRa.zip
[2010.06.27 19:04:56 | 000,001,756 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.27 19:04:42 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Rene\Desktop\SUPERAntiSpyware.exe
[2010.06.27 18:49:58 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.06.27 18:46:56 | 000,001,099 | ---- | M] () -- C:\Users\Rene\Desktop\Revo Uninstaller.lnk
[2010.06.27 17:55:41 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe
[2010.06.27 16:53:43 | 001,545,030 | ---- | M] () -- C:\Info20100627165138.xml
[2010.06.27 16:53:42 | 000,601,224 | ---- | M] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:15:14 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{799C4C2D-7EBD-4BBF-85AD-9B7D13BB4C69}.job
[2010.06.27 13:57:10 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:23:32 | 001,538,775 | ---- | M] () -- C:\Info20100627122128.xml
[2010.06.27 12:11:21 | 001,541,269 | ---- | M] () -- C:\Info20100627120944.xml
[2010.06.27 12:08:31 | 005,501,296 | ---- | M] (Symantec Corporation) -- C:\Users\Rene\Desktop\NPE.exe
[2010.06.27 10:04:29 | 000,458,752 | ---- | M] (Project OCS) -- C:\Users\Rene\Desktop\ICQ 7.2 Build 3129 Banner Remover.exe
[2010.06.26 19:37:41 | 000,187,135 | ---- | M] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.26 11:18:20 | 000,218,808 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.26 00:47:15 | 007,036,928 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:39 | 005,462,016 | ---- | M] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:54 | 004,931,584 | ---- | M] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:27 | 005,746,688 | ---- | M] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.26 00:28:43 | 000,319,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.26 00:27:33 | 580,749,434 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.25 20:10:56 | 000,198,082 | ---- | M] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | M] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | M] () -- C:\Users\Rene\Desktop\rocky.m3u
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.27 20:35:25 | 002,672,312 | ---- | C] () -- C:\Users\Rene\Desktop\esetsmartinstaller_enu.exe
[2010.06.27 20:22:30 | 000,071,798 | ---- | C] () -- C:\Users\Rene\Desktop\JavaRa.zip
[2010.06.27 19:04:56 | 000,001,756 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.27 18:49:57 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.06.27 18:46:56 | 000,001,099 | ---- | C] () -- C:\Users\Rene\Desktop\Revo Uninstaller.lnk
[2010.06.27 16:53:36 | 000,601,224 | ---- | C] () -- C:\Remediate2010062716513889711000000.dat
[2010.06.27 16:52:24 | 001,545,030 | ---- | C] () -- C:\Info20100627165138.xml
[2010.06.27 13:57:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:22:18 | 001,538,775 | ---- | C] () -- C:\Info20100627122128.xml
[2010.06.27 12:10:33 | 001,541,269 | ---- | C] () -- C:\Info20100627120944.xml
[2010.06.26 19:37:29 | 000,187,135 | ---- | C] () -- C:\Users\Rene\Desktop\w18_24042095.jpg
[2010.06.26 00:47:04 | 007,036,928 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - Missing You (Feat. Novel) + Lyrics.mp3
[2010.06.26 00:43:28 | 005,462,016 | ---- | C] () -- C:\Users\Rene\Desktop\David Guetta - On The Dancefloor.mp3
[2010.06.26 00:40:43 | 004,931,584 | ---- | C] () -- C:\Users\Rene\Desktop\Shakira feat Freshlyground- Waka Waka (This Time For Africa) OFFICIAL.mp3
[2010.06.26 00:38:15 | 005,746,688 | ---- | C] () -- C:\Users\Rene\Desktop\Katy Perry ft. Snoop Dogg California girls with lyrics.mp3
[2010.06.25 20:10:55 | 000,198,082 | ---- | C] () -- C:\Users\Rene\Desktop\sdfsdfsdf.jpg
[2010.06.09 14:08:36 | 001,637,985 | ---- | C] () -- C:\Users\Rene\Desktop\NL_Cashkurs_07.pdf
[2010.05.29 18:49:52 | 000,001,179 | ---- | C] () -- C:\Users\Rene\Desktop\rocky.m3u
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.06.13 00:16:23 | 000,000,130 | ---- | C] () -- C:\Windows\cfplogvw.INI
[2009.05.27 14:57:44 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.05.27 14:56:19 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.05.15 19:47:20 | 000,002,371 | ---- | C] () -- C:\Windows\WinRos.ini
[2009.05.15 19:47:19 | 000,003,868 | ---- | C] () -- C:\Windows\WinSig.ini
[2009.04.22 19:51:45 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\Imncb.dll
[2009.04.22 19:51:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Urncbc.dll
[2009.04.13 16:38:06 | 000,089,312 | ---- | C] () -- C:\Windows\SysWow64\acedrvlg.dll
[2009.04.13 16:38:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.04.13 14:54:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll
[2009.04.13 14:23:37 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2009.04.05 14:31:43 | 001,484,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.03.24 16:31:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.02.16 20:34:26 | 000,018,944 | ---- | C] () -- C:\Windows\SysWow64\wk32.dll
[2009.02.16 20:34:26 | 000,003,584 | ---- | C] () -- C:\Windows\SysWow64\ic32.dll
[2008.12.28 23:40:23 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.28 23:40:23 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008.12.19 03:06:28 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2008.12.18 22:12:20 | 000,000,283 | ---- | C] () -- C:\Windows\game.ini
[2008.12.18 13:46:50 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2008.11.21 23:47:52 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dtu100.dll.manifest
[2008.11.21 23:45:16 | 000,000,416 | ---- | C] () -- C:\Windows\SysWow64\dpl100.dll.manifest
[2008.11.21 23:44:16 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.10.21 12:14:30 | 000,007,718 | ---- | C] () -- C:\Windows\cadx2.ini
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.06.05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >

--- --- ---

KabaL · 27.06.2010, 21:29

Sorry für zwei posts aber in 30 sekunden bekommt der das andere net alles auf die reihe^^

Extras

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.06.2010 22:19:42 - Run 3
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Rene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 2,66 Gb Free Space | 3,41% Space Free | Partition Type: NTFS
Drive D: | 7,16 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 154,76 Gb Total Space | 38,92 Gb Free Space | 25,15% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: RENE-PC
Current User Name: Rene
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Value error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 2F FD A9 51 D3 DE C9 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2289016777-2642048843-1374912535-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- File not found
"C:\Users\Public\winvsrnc.exe" = C:\Users\Public\winvsrnc.exe:*:Enabled:Windows System Updates -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EBEA59-494C-4C76-8103-D16EBA2D2BE0}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{03642776-A8C6-42CC-8BA4-32554EDE52ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0769B0DD-DAE7-4E64-A2F0-6749E7CB00FF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0BE276F3-ABAB-490C-926D-60F2B810BAB8}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{10B0FFD3-F78D-4D19-A4E6-0F05D4785A4F}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{10E86EA8-C6C9-497A-A5F7-54DBF63FA63C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16B9D022-ED7B-4042-AA7B-0209ED39F766}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{18AC25A3-A05D-4670-90A8-8AE0D4A66ABB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{18FD29FE-44ED-428D-82A7-C77A09379578}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{28253E7F-008A-4AC6-B0A0-090F292EEC00}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{2E278437-869D-41C7-B00B-CDA36AFA384A}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{30C40839-892E-4D8E-B49B-EC190B970412}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{456C7CB1-2750-4E74-8F19-B4C56BA1643A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{48083F25-40A2-442F-A15F-2EA6C57E1EFE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{499312D4-56F1-43AE-B350-7032806477C6}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{54FA5F95-FAAA-4769-B274-886E3422DFC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{55022EDF-17D2-4ADB-9CA4-77BA33C7649F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5837E6FE-F796-4468-AA0F-E72BA045B7E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59252E3C-8BCF-43AF-A2B0-C408BE1078E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5DF7C210-4EB1-4540-8E49-CA0BEFB9E958}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{61D95C2C-6CA5-4320-BB71-05760BA7451F}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{65500DCC-0ADE-47A9-B159-CA32E0BFC134}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{657F8427-F48F-42C1-961D-B3798A04EF0F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{692F2B17-F8CF-4990-B670-4E15E5A50ADE}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{6EFE22CC-753C-4609-9789-5ECB76799107}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{77E64315-DAD0-4F2C-AE1F-E52275A9D1CA}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{7D4CD38A-E8BC-4D82-AF7B-4B456B8FA30A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{87429994-2C34-4154-9909-A8C9EB942C7B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8D44D8C3-FCCF-48C2-AFE0-DE63AE4A4883}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8F8C0CA5-6ED5-4D1D-9194-C5A2458573A5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{94A11F46-1C2E-48D9-B212-919D4777938D}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{9610002F-71E4-4DB3-BEE0-9D8CAFD9A46D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9735E09F-BD4E-4FBB-B48F-D00540C16A2A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{9B2616CE-237E-460E-AFE0-8DDFE798FD92}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D7C5A3D-05B8-4C49-B57E-DAF3BDBE09E8}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{A16DD12E-B645-4CDF-8B89-96694991206B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A53C7984-9FF4-49D3-9B5E-80B3608AD7C6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{AB40776B-A403-43AD-8AA0-4AFFC07E92B8}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{AC040F5E-9415-441C-9A2E-EF1DBB4B97B2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C161AAF6-94FF-4696-867F-8D4D321F3F75}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{C3A53FE1-49EC-4394-8769-9525423B5211}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{CB4CEA05-54E1-424F-8596-5DCF1EC279DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D4ABDED5-9010-4C4F-9CBB-2E163A4825A5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{E16D30D6-6765-49ED-95A9-9D396575A103}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EDF16B7C-1455-4BDB-A3D3-AC90F0236804}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{EF5E0984-346F-49B2-9F9C-5991F4C6736E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03210A6A-9865-4AE5-B716-B56BE09FF6BD}" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe | 
"{04AADD9E-2B8A-46DF-815A-B9587E610225}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{07B922F7-6F98-49FC-9EBD-C62990803FEB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{09C23078-6379-480D-AED0-125E79990A9C}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{0A1E1029-52F3-4BFD-93FC-A13743FBF581}" = protocol=17 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe | 
"{0B5CACB7-0E62-4F84-9A28-675D6930414D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0D010D21-EE44-4884-93F9-18AC4C8FCE19}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{0FAFE8D1-276B-4CE7-BC05-690ABDC6CFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{151F9508-CCFC-4B4F-A9C9-97812748FFBC}" = protocol=6 | dir=in | app=e:\cod world at war\codwaw.exe | 
"{1A9C789E-E98B-4FB6-B70B-2DB45B1E3E53}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{20686F00-AF35-4F0E-A800-3D1A3A09E71B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{25802063-48BB-467F-8B62-D1638EED46D7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{2B35A30F-E478-4514-BB68-6DE616997264}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2DA3DD04-3476-4CA5-BECF-BB225F3CC723}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{309750BD-5B83-4108-984F-C79A79E00E3C}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe | 
"{32281C68-56CE-4C58-9C6D-61252E0B0BE2}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{3B236773-4AA0-48BB-AEA8-E5902247DBD7}" = protocol=6 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{3BF12050-978A-403B-854E-6644457A6415}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3C328BAA-6ED5-4680-BB6B-B0D4F030AC98}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe | 
"{3EE35AD7-D4E4-4032-85D5-6B7F5B8049F2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"{3EF49AB1-F066-47F5-9DE8-7320A4225A90}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe | 
"{4039DE82-DF4E-4AD4-B907-66E074E6C1C9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{4485E66F-1FC8-45AA-BC8B-F81308E6FA33}" = protocol=17 | dir=in | app=e:\cod world at war\codwawmp.exe | 
"{4655FC37-9712-4A6A-B6BD-E65377D70CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{47FD0414-E079-4C29-9BB1-479A07AAA296}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{49070DED-6DED-495A-9AE5-AC2A1735E3C6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{4CF4B22E-7FB7-45ED-B6A7-FE7227F60F4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{55584D5D-5E52-4BAE-80A5-FD6EEBB48442}" = protocol=17 | dir=in | app=e:\gta 4\rockstar games social club\rgsclauncher.exe | 
"{5DCDFCE3-D89A-48D1-A8EA-8AAA94E741AE}" = protocol=17 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe | 
"{61CE42C2-D7E6-4CA2-8060-49D4DC2E8DAA}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{66F4FA82-EE05-4FCE-9D9F-1C8485297B76}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6BE67594-10E9-4829-A1D7-70D0DB2D795F}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{70780BF9-178E-4B8E-8BCA-F42A3C63C151}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{71ED77E4-F442-4D60-A416-AAA0103A397C}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{75C74060-95D8-4243-938C-F1026A7A73F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7902A92F-835A-43D5-902F-A530F1AFAEB8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{7EBEFD8A-EA00-4018-8021-50E2C5CCE858}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\lorenzenmighty\counter-strike source\hl2.exe | 
"{8163645F-8030-4B7A-ABA1-BC207F7AB096}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{84EC53EA-A929-4AE3-9403-043AE2502FF2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{86357A2C-6688-4DDF-B0CE-77B0A7B3BE4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{8D5ED9FF-EBFE-4667-8CDF-F38126B2C442}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2editor.exe | 
"{8F00B418-487D-4E29-9CB1-8230BB014A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{914C7114-25D8-4E08-9F10-9787D7912BCE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{94D51E09-0B10-44DC-9872-C6BC6CAAD15B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{95619472-42E5-4E9D-9C2B-0C82AA7B45BD}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{99F8985C-3F71-40E1-A9D3-A5A5C0879016}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9A71ED3E-A461-42D3-ADBB-1965F30EECB1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{9B81BB3F-DAD4-40A9-80CC-F3D608D2BA89}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{9D5C2826-BBB6-4980-AB4E-DEB952EE12D9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{A097EADB-14A4-4D88-ABE0-C793B536A7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{A1B9B5E1-1DD7-4EA4-ABC2-9314AD111B2A}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{A7EAD8C0-0141-4C29-BCE8-F2670DBCDC42}" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\launchgtaiv.exe | 
"{AAB81A5E-3F6C-452A-820A-F08C1E8FDF55}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{B1050F42-28B3-49E0-916F-E155E88C125A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{B1ED48C5-3988-4053-A167-421974B673F5}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{B49B0BCB-CAA5-4C0B-8456-E07AE68B2C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B53A8159-4C71-4433-8DEC-F740304CA99F}" = protocol=6 | dir=in | app=e:\cod world at war\codwawmp.exe | 
"{B748BB51-740E-4D19-90EB-AE23579D2369}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\fc2launcher.exe | 
"{C035CF1E-5610-4853-B3D6-9A987B03117B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C3E066FE-AEDA-48FE-B942-1168B32C8E35}" = protocol=6 | dir=in | app=e:\programme\far cry 2\bin\farcry2.exe | 
"{CB13451F-840E-4CEC-9363-ACD8FB2F275A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{CF6A45CB-EE69-4064-B15D-A2FD837306E2}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{D93F204F-A8DC-4344-ABF4-C8099FB9E9D8}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{E2BEE8E3-9819-46FF-98EE-2B6D482C83BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{E5E4106D-0CA3-40CD-8AEB-95D3A3F2E931}" = protocol=6 | dir=in | app=e:\programme\call of duty 4\iw3mp.exe | 
"{F237DAC3-5281-4025-B76A-327C562F4B00}" = protocol=17 | dir=in | app=e:\cod world at war\codwaw.exe | 
"{F55C145B-F9CD-4C4C-9241-A0BAF034609A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F92C67C0-F532-485D-9B53-2782331948C9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FAD1F8D0-A8B5-4567-8FCD-627C57B23482}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"TCP Query User{015D51E9-1141-48D0-AD80-D6B7E80FEF15}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe | 
"TCP Query User{2537371B-F767-46C0-93BC-FD17792168B5}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{4D4468C5-583E-4F77-AC4E-31AEFC7E6CD4}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{70012A36-95B6-4BFB-AE2E-9175BC28B594}E:\warcraft 3 1.16\war3.exe" = protocol=6 | dir=in | app=e:\warcraft 3 1.16\war3.exe | 
"TCP Query User{7B8D5C31-731F-4ABB-91CA-A1E6CC94BC66}E:\programme\crysis wars\bin32\crysis.exe" = protocol=6 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe | 
"TCP Query User{81403C92-3E43-4A32-AF53-74878DFEF932}E:\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"TCP Query User{8AC64030-10B2-4405-91BD-BEDD71FD86D3}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{8BC64F52-DCA2-4087-9D7F-81F07CCB86D0}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{93467EC8-D9C5-4BF3-BD78-F0ACCEF19741}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"TCP Query User{A94C503E-B0BA-49A3-BD6C-7E9390A59C46}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"TCP Query User{C0BB8EF6-363F-41D9-AAD8-B652053067FB}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{0F270C8E-EA37-4DFD-AB4A-55A6DB5AEE87}E:\warcraft 3 1.16\war3.exe" = protocol=17 | dir=in | app=e:\warcraft 3 1.16\war3.exe | 
"UDP Query User{110C3843-EA2B-40DA-BA81-51523E26D8F4}E:\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\anno 1404\tools\anno4web.exe | 
"UDP Query User{22ACF218-0CF3-4239-A187-95BE70C783C1}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{2739792A-0EA6-498C-BBD7-AB9C2F8D0C43}E:\programme\crysis wars\bin32\crysis.exe" = protocol=17 | dir=in | app=e:\programme\crysis wars\bin32\crysis.exe | 
"UDP Query User{56DA3E2A-A15E-4B92-B20B-1108D5E867CB}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{6DFB35FE-0E92-4159-8D7A-16C70EB48831}C:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis64.exe | 
"UDP Query User{7186BADA-A952-4DB1-87E7-2FBF3E2C33F7}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"UDP Query User{76B25B5D-38F8-489E-9069-26B4F4DF5A03}E:\gta 4\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=e:\gta 4\grand theft auto iv\gtaiv.exe | 
"UDP Query User{C93880FB-C5FA-4DA4-A27A-72C198D6083E}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{CE36E0C9-6980-4B6C-8865-CAB299B89D1D}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{DA4C820A-6ED6-41CE-8B41-1B671515879C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{3A25872A-0F1C-4989-9435-96C13230F818}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6F4B9839-F409-4D38-89D6-145321400FED}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"CutePDF Writer Installation" = CutePDF Writer 2.8
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v2.4.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DivX Setup.divx.com" = DivX-Setup
"EXPERTool_is1" = EXPERTool 6.7
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FXCM Trading Station" = FXCM Trading Station
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"PdaNet_is1" = PdaNet Desktop (64 bit) for iPhone 1.54
"PhotoFiltre" = PhotoFiltre
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.89
"Steam App 24960" = Battlefield: Bad Company 2
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"flatex-Trader" = flatex-Trader
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Larusso · 27.06.2010, 21:38

O da hat sich doch ein Formfehler im Post eingeschlichen

Noch Probleme ?

KabaL · 28.06.2010, 11:06

hmmm...

also bis jetzt noch nicht

Scheint alles geklappt zuhaben!!

Vielen dank für die schnelle und sehr gute Hilfe..

Ist ja wahnsinn was hier alles geht

Larusso · 28.06.2010, 11:42

Logfile ist sauber

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen.

Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Larusso · 04.07.2010, 09:47

Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.

27.06.2010, 17:20	#4
Larusso /// Selecta Jahrusso	ICQ öffnet Chatfenster nacheinander und schließt selbige wieder Die OTL.txt ist nicht komplett. Bitte erneut posten __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

27.06.2010, 21:38	#9
Larusso /// Selecta Jahrusso	ICQ öffnet Chatfenster nacheinander und schließt selbige wieder O da hat sich doch ein Formfehler im Post eingeschlichen Noch Probleme ? __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

ICQ öffnet Chatfenster nacheinander und schließt selbige wieder

Log-Analyse und Auswertung: ICQ öffnet Chatfenster nacheinander und schließt selbige wieder