Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Banking Trojaner (40 TANs eingeben) los werden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2010, 21:18   #1
saccara
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



Hallo zusammen!
Ich hatte letzte Woche das Problem, dass ich beim online Banking nach dem Login bei der Postbank aufgefordert wurde, 40 TANs einzugeben.

Bei der Postbank Servicehotline sagte man mir, dass ich zum Entfernen des Trojaners das Programm Anti-Malware von Emsisoft benutzen soll.
Das habe ich getan und es wurden auch viele Probleme gefunden (ich finde leider kein Logfile, daher kann ich nicht genau sagen welche).

Man Frage ist nun, wie herausfinden kann, ob ich clean bin?
Ich habe noch nicht versucht mich beim Banking einzuloggen, da ich eine neue PIN und TAN-Liste bekommen habe. Sonst geraten die neuen Daten wieder in die falschen Hände.

Das selbe Problem gab es schon hier im Forum: http://www.trojaner-board.de/88974-t...e-banking.html



info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-08-16 21:38:09

======Uninstall list======

-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 6-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 6\Uninstall\BS6_Uninstall.EXE"
Ashampoo Magical Optimizer-->"C:\Program Files\Ashampoo\Ashampoo Magical Optimizer\Uninstall\1406_Uninstall.exe"
AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
Canon iP4300-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x0007
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
CanoScan Toolbox Ver4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}\Setup.exe" -l0x7 anything
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cossacks - Back To War-->C:\Windows\una2setup.exe
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
CPUID CPU-Z 1.53.1-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
Desktop Restore-->MsiExec.exe /I{116D1725-3193-49AF-8999-036D385F701E}
DiRT 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12840
DivX Converter-->C:\ProgramData\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe /CONVERTER
DivX Plus DirectShow Filters-->C:\ProgramData\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe /DSFILTERS
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
EA Download Manager UI-->msiexec /qb /x {4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}
EA Download Manager UI-->MsiExec.exe /I{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}
EA Download Manager-->C:\Program Files\Electronic Arts\EADownloadManager\EADMUninstall.exe
Emsisoft Anti-Malware 5.0-->"C:\Program Files\Emsisoft Anti-Malware\unins000.exe"
Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{B7B6C0BE-C919-425C-A493-DF9FF11249F5}\setup.exe -runfromtemp -l0x0409
FileZilla Client 3.3.2.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlatOut2-->MsiExec.exe /I{7E641E46-81DB-4D1D-906A-48342523051C}
Fraps-->"C:\programme\fraps\uninstall.exe"
Free 3GP Video Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free 3GP Video Converter\unins000.exe"
Free Studio version 4.7-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Free Video to Flash Converter version 4.2-->"C:\Program Files\DVDVideoSoft\Free Video to Flash Converter\unins000.exe"
Free Video to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
Free YouTube to Mp3 Converter version 2.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe"
Futuremark SystemInfo-->C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins001.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Gothic II Gold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{92510C2A-30E3-4F8D-AE8A-93AB7B63EE8F}\setup.exe" -l0x7  -removeonly
Gothic III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x7  -removeonly
Gothic_Patch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{302AC480-43D2-11D5-A818-00500435FC18}\Setup.exe"  -uninst 
Gothic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBF10B37-4ED3-11D5-A818-00500435FC18}\setup.exe" 
Grand Theft Auto IV-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12210
GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0007 -removeonly
Half-Life-->C:\Sierra\HALF-L~1\UNWISE.EXE C:\Sierra\HALF-L~1\INSTALL.LOG
Hamachi 1.0.1.5-->C:\Program Files\Hamachi\uninstall.exe
HLSW v1.3.1-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ7-->"C:\Program Files\InstallShield Installation Information\{88EB38EF-4D2C-436D-ABD3-56B232674062}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ijji REACTOR-->"C:\Program Files\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manhunt-->MsiExec.exe /X{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe"  -uninstall
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{8FB1B528-E260-451E-9B55-E9152F94B80B}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F97E3841-CA9D-4964-9D64-26066241D26F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mirror's Edge-->"C:\Program Files\Steam\steam.exe" steam://uninstall/17410
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
O&O Defrag Professional-->MsiExec.exe /I{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
Overlord-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11450
oZone3D.Net FurMark v1.6.5-->"C:\Program Files\oZone3D\Benchmarks\FurMark_v1.6.5\unins000.exe"
Parabellum Beta-->"C:\Program Files\GamersFirst\Parabellum Beta\uninstall.exe"
Parabellum-->"C:\Program Files\Acony Games GmbH\Parabellum\unins000.exe"
PDFCreator Toolbar-->"C:\Windows\PDFCreator_Toolbar_Uninstaller_6538.exe"  _?=C:\Program Files\PDFCreator Toolbar
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe"  -uninstall
Postal 2-->C:\Windows\unvise32.exe C:\Program Files\Postal2\uninstal.log
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
PowerBackup 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
PunkBuster Services-->C:\Windows\system32\pbsvc_bc2.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Rapture3D 2.3.26 Game-->"C:\Program Files\BRS\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x7  -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7  -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Risen-->"C:\Program Files\InstallShield Installation Information\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}\setup.exe" -runfromtemp -l0x0007 -removeonly
RPG Maker 2000 -  Super Columbine Massacre RPG!-->C:\Windows\gamedelete.exe "C:\Program Files\ASCII\RPG2000\ColumbineRPG\RPG_RT.ind"
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Serious Sam 2-->C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SuperRam-->"C:\Program Files\PGWARE\SuperRam\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Thrustmaster FFB Wheel driver-->C:\Program Files\InstallShield Installation Information\{57F9C8E9-A9B8-4E19-9AC2-F21EC5094B84}\setup.exe -runfromtemp -l0x0007 -removeonly
ToCA Race Driver 3-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11500
Torchlight-->"C:\Program Files\Steam\steam.exe" steam://uninstall/41500
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
UE3Redist-->"C:\Program Files\InstallShield Installation Information\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\setup.exe" -runfromtemp -l0x0409 -removeonly
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Versatel-->C:\WINDOWS\\Versatel_UTIL.exe -UnInstall
Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows Live installer-->MsiExec.exe /X{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}
Windows Live Writer-->MsiExec.exe /X{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
WinZip 14.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Z Engine-->MsiExec.exe /X{2AE2EFF4-A14B-42AB-B364-F04DB651180F}

======Hosts File======

84.38.66.128 datenklo.org 

======Security center information======

AS: Windows-Defender

======System event log======

Computer Name: Ims-PC
Event Code: 7036
Message: Dienst "Unterstützung in der Systemsteuerung unter Lösungen für Probleme" befindet sich jetzt im Status "Ausgeführt".
Record Number: 218969
Source Name: Service Control Manager
Time Written: 20100113112243.000000-000
Event Type: Informationen
User: 

Computer Name: Ims-PC
Event Code: 10029
Message: DCOM hat den Dienst wercplsupport mit den Argumenten "" gestartet, um den Server auszuführen:
{0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
Record Number: 218968
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100113112243.000000-000
Event Type: Informationen
User: 

Computer Name: Ims-PC
Event Code: 20003
Message: Der Prozess zum Hinzufügen von Dienst tunnel für Geräteinstanz-ID ROOT\*6TO4MP\0249 wurde mit folgendem Status beendet: 0.
Record Number: 218967
Source Name: Microsoft-Windows-User-PnP
Time Written: 20100113111407.256892-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Ims-PC
Event Code: 20003
Message: Der Prozess zum Hinzufügen von Dienst tunnel für Geräteinstanz-ID ROOT\*ISATAP\0075 wurde mit folgendem Status beendet: 0.
Record Number: 218966
Source Name: Microsoft-Windows-User-PnP
Time Written: 20100113111354.620892-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Ims-PC
Event Code: 20267
Message: CoID={43C790BC-6AF4-449E-9620-77C0E63B2ABD}: Der Benutzer *****@versatel hat unter Verwendung des Geräts PPPoE2-0 eine Verbindung mit Breitbandverbindung hergestellt.
Record Number: 218965
Source Name: RemoteAccess
Time Written: 20100113111312.000000-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: Ims-PC
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 29789
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080929135249.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Ims-PC
Event Code: 900
Message: Der Softwarelizenzierungsdienst wird gestartet.

Record Number: 29788
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20080929135249.000000-





Logfile of random's system information tool 1.08 (written by random/random)
Run by Ims at 2010-08-16 21:45:52
Microsoft® Windows Vista™ Home Premium  Service Pack 2
System drive C: has 8 GB (3%) free of 238 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:46:05, on 16.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ims\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Ims\Desktop\RSIT.exe
C:\Program Files\trend micro\Ims.exe
C:\Users\Ims\AppData\Local\Google\Update\GoogleUpdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.versatel.de/internet-cd/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 84.38.66.128 datenklo.org
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SuperRam] "C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ims\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Ims\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [{40600DC1-73CE-5E4C-36A4-7AFB0D1553AB}] C:\Users\Ims\AppData\Roaming\Piqaip\azom.exe
O4 - HKCU\..\Run: [{74EBC31A-57E4-0727-309F-4ED849E6E338}] C:\Users\Ims\AppData\Roaming\Loumu\iwyxx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Optimieren - Verknüpfung.lnk = C:\Users\Ims\Desktop\ClearMem\Optimieren.bat
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D809BC-1889-46D8-BFC6-A8702AAA84BE}: NameServer = 62.220.18.38 89.246.64.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{27D809BC-1889-46D8-BFC6-A8702AAA84BE}: NameServer = 62.220.18.38 89.246.64.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SuperRam Speicher Service (SuperRam) - PGWARE LLC - C:\Program Files\PGWARE\SuperRam\SuperRamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 8074 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3908416098-2138756303-2722824237-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3908416098-2138756303-2722824237-1000UA.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{B805C3A6-58FB-431E-B800-C9B792561349}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-08-09 341600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-21 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-05-15 352256]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-01 4702208]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"Zboard"=C:\Program Files\Ideazon\ZEngine\Zboard.exe [2009-06-04 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"SuperRam"=C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe [2009-04-01 988872]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-08-09 202256]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-05-16 213936]
""= []
"Google Update"=C:\Users\Ims\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-05 133104]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"BitTorrent DNA"=C:\Users\Ims\Program Files\DNA\btdna.exe [2010-08-11 323392]
"{40600DC1-73CE-5E4C-36A4-7AFB0D1553AB}"=C:\Users\Ims\AppData\Roaming\Piqaip\azom.exe []
"{74EBC31A-57E4-0727-309F-4ED849E6E338}"=C:\Users\Ims\AppData\Roaming\Loumu\iwyxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\Ims\Program Files\DNA\btdna.exe [2010-08-11 323392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Ims\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-05 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2010-07-09 13939816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe clear []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Windows\system32\oodtray.exe [2008-11-03 2540800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk]
C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE [2009-03-07 2641920]

C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Optimieren - Verknüpfung.lnk - C:\Users\Ims\Desktop\ClearMem\Optimieren.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Combat Arms\CombatArms.exe"="C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms\Engine.exe"="C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Combat Arms EU\CombatArms.exe"="C:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Program Files\Combat Arms EU\Engine.exe"="C:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe"
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-16 21:37:13 ----D---- C:\rsit
2010-08-16 21:37:13 ----D---- C:\Program Files\trend micro
2010-08-16 20:48:37 ----D---- C:\Users\Ims\AppData\Roaming\Malwarebytes
2010-08-16 20:48:18 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-16 20:48:17 ----D---- C:\ProgramData\Malwarebytes
2010-08-16 20:48:17 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-16 20:48:17 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-16 20:40:17 ----D---- C:\Program Files\CCleaner
2010-08-10 21:26:30 ----A---- C:\Windows\system32\mshtml.dll
2010-08-10 21:26:30 ----A---- C:\Windows\system32\iertutil.dll
2010-08-10 21:26:29 ----A---- C:\Windows\system32\ieframe.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\wininet.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\urlmon.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\occache.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\mstime.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\msfeedssync.exe
2010-08-10 21:26:28 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\msfeeds.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\jsproxy.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\ieUnatt.exe
2010-08-10 21:26:28 ----A---- C:\Windows\system32\ieui.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\iesysprep.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\iesetup.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\iernonce.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\iepeers.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\iedkcs32.dll
2010-08-10 21:26:28 ----A---- C:\Windows\system32\ie4uinit.exe
2010-08-10 21:26:24 ----A---- C:\Windows\system32\win32k.sys
2010-08-10 21:26:22 ----A---- C:\Windows\system32\iccvid.dll
2010-08-10 21:26:21 ----A---- C:\Windows\system32\schannel.dll
2010-08-10 21:26:19 ----A---- C:\Windows\system32\rtutils.dll
2010-08-10 21:26:11 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-08-10 21:26:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-08-10 21:26:08 ----A---- C:\Windows\system32\msxml3.dll
2010-08-10 21:26:07 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-08-10 21:26:07 ----A---- C:\Windows\system32\drivers\srv.sys
2010-08-10 21:26:06 ----A---- C:\Windows\system32\drivers\tcpip.sys
2010-08-10 16:41:27 ----D---- C:\Users\Ims\AppData\Roaming\DNA
2010-08-10 16:41:27 ----D---- C:\Program Files\DNA
2010-08-09 15:52:08 ----D---- C:\Program Files\Emsisoft Anti-Malware
2010-08-09 01:45:39 ----D---- C:\Program Files\Common Files\xing shared
2010-08-03 13:27:23 ----A---- C:\Windows\system32\shell32.dll
2010-07-29 18:16:19 ----D---- C:\Windows\system32\WindowsPowerShell
2010-07-29 18:15:26 ----A---- C:\Windows\system32\winrsmgr.dll
2010-07-29 18:15:06 ----A---- C:\Windows\system32\wsmprovhost.exe
2010-07-29 18:15:06 ----A---- C:\Windows\system32\winrshost.exe
2010-07-29 18:15:06 ----A---- C:\Windows\system32\winrs.exe
2010-07-29 18:15:05 ----A---- C:\Windows\system32\wsmplpxy.dll
2010-07-29 18:15:05 ----A---- C:\Windows\system32\winrssrv.dll
2010-07-29 18:15:02 ----A---- C:\Windows\system32\WsmRes.dll
2010-07-29 18:15:02 ----A---- C:\Windows\system32\wevtfwd.dll
2010-07-29 18:15:02 ----A---- C:\Windows\system32\wecutil.exe
2010-07-29 18:15:02 ----A---- C:\Windows\system32\wecsvc.dll
2010-07-29 18:15:02 ----A---- C:\Windows\system32\wecapi.dll
2010-07-29 18:15:01 ----A---- C:\Windows\system32\pwrshplugin.dll
2010-07-29 18:14:58 ----A---- C:\Windows\system32\winrm.vbs
2010-07-29 18:14:57 ----A---- C:\Windows\system32\WsmWmiPl.dll
2010-07-29 18:14:57 ----A---- C:\Windows\system32\WsmAuto.dll
2010-07-29 18:14:57 ----A---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-07-29 18:14:57 ----A---- C:\Windows\system32\winrscmd.dll
2010-07-29 18:14:56 ----A---- C:\Windows\system32\WsmSvc.dll
2010-07-29 18:14:56 ----A---- C:\Windows\system32\WSManHTTPConfig.exe
2010-07-26 21:51:48 ----D---- C:\Program Files\Mass Effect
2010-07-26 18:07:03 ----D---- C:\ProgramData\EA Core
2010-07-26 18:06:15 ----D---- C:\ProgramData\Electronic Arts
2010-07-25 23:48:07 ----D---- C:\ProgramData\RegCure
2010-07-25 23:48:06 ----D---- C:\Program Files\RegCure
2010-07-25 22:12:42 ----D---- C:\ProgramData\NVIDIA Corporation
2010-07-25 22:07:41 ----A---- C:\Windows\system32\OpenCL.dll
2010-07-25 22:07:41 ----A---- C:\Windows\system32\nvwgf2um.dll
2010-07-25 22:07:41 ----A---- C:\Windows\system32\nvoglv32.dll
2010-07-25 22:07:41 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2010-07-25 22:07:39 ----A---- C:\Windows\system32\nvcuvid.dll
2010-07-25 22:07:39 ----A---- C:\Windows\system32\nvcuvenc.dll
2010-07-25 22:07:38 ----A---- C:\Windows\system32\nvcuda.dll
2010-07-25 22:07:38 ----A---- C:\Windows\system32\nvcompiler.dll
2010-07-25 22:07:38 ----A---- C:\Windows\system32\nvcod1922.dll
2010-07-25 22:07:38 ----A---- C:\Windows\system32\nvcod.dll
2010-07-25 14:31:57 ----D---- C:\ProgramData\Media Center Programs
2010-07-24 22:04:48 ----D---- C:\Users\Ims\AppData\Roaming\NVIDIA
2010-07-24 21:37:10 ----D---- C:\Program Files\Common Files\BioWare
2010-07-24 00:41:51 ----D---- C:\Program Files\c&c

======List of files/folders modified in the last 1 months======

2010-08-16 21:45:57 ----D---- C:\Windows\Temp
2010-08-16 21:43:26 ----D---- C:\Windows\Prefetch
2010-08-16 21:37:52 ----D---- C:\Windows\system32\Tasks
2010-08-16 21:37:13 ----D---- C:\Program Files
2010-08-16 21:30:13 ----D---- C:\Windows\inf
2010-08-16 21:28:33 ----D---- C:\Windows\tracing
2010-08-16 21:06:35 ----D---- C:\Windows\Tasks
2010-08-16 21:04:22 ----D---- C:\ProgramData\NVIDIA
2010-08-16 21:03:16 ----D---- C:\Windows\RegisteredPackages
2010-08-16 21:03:15 ----D---- C:\Windows\system32\drivers
2010-08-16 21:01:29 ----D---- C:\Users\Ims\AppData\Roaming\Piqaip
2010-08-16 21:01:29 ----D---- C:\Users\Ims\AppData\Roaming\Loumu
2010-08-16 20:52:23 ----D---- C:\Users\Ims\AppData\Roaming\Uctifo
2010-08-16 20:48:17 ----D---- C:\ProgramData
2010-08-16 20:41:29 ----D---- C:\Windows\Debug
2010-08-16 20:41:29 ----D---- C:\Windows
2010-08-16 20:31:07 ----D---- C:\Users\Ims\AppData\Roaming\Okag
2010-08-16 17:51:24 ----D---- C:\ProgramData\Google Updater
2010-08-16 17:35:10 ----SHD---- C:\System Volume Information
2010-08-13 15:00:09 ----D---- C:\Windows\system32\catroot2
2010-08-12 00:15:07 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-08-12 00:11:54 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-08-11 14:46:33 ----D---- C:\Windows\Microsoft.NET
2010-08-11 14:46:12 ----RSD---- C:\Windows\assembly
2010-08-11 14:30:31 ----D---- C:\Windows\winsxs
2010-08-11 03:07:52 ----D---- C:\Windows\system32\migration
2010-08-11 03:07:52 ----D---- C:\Windows\System32
2010-08-11 03:07:52 ----D---- C:\Program Files\Movie Maker
2010-08-11 03:07:52 ----D---- C:\Program Files\Internet Explorer
2010-08-11 03:00:43 ----D---- C:\Windows\system32\catroot
2010-08-11 03:00:38 ----D---- C:\Program Files\Windows Mail
2010-08-09 19:12:10 ----D---- C:\Program Files\Common Files\DivX Shared
2010-08-09 01:46:16 ----D---- C:\Program Files\Common Files\Real
2010-08-09 01:46:15 ----A---- C:\Windows\system32\rmoc3260.dll
2010-08-09 01:45:49 ----A---- C:\Windows\system32\pndx5032.dll
2010-08-09 01:45:49 ----A---- C:\Windows\system32\pndx5016.dll
2010-08-09 01:45:46 ----SHD---- C:\Windows\Installer
2010-08-09 01:45:46 ----D---- C:\Program Files\Real
2010-08-09 01:45:39 ----D---- C:\Program Files\Common Files
2010-08-09 01:45:13 ----A---- C:\Windows\system32\pncrt.dll
2010-08-08 22:16:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-07 00:13:16 ----D---- C:\Users\Ims\AppData\Roaming\ICQ
2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe
2010-07-30 16:17:46 ----D---- C:\ProgramData\Xfire
2010-07-29 21:45:17 ----D---- C:\Windows\rescache
2010-07-29 18:16:21 ----D---- C:\Windows\system32\de-DE
2010-07-29 18:16:21 ----D---- C:\Windows\PolicyDefinitions
2010-07-26 18:05:58 ----D---- C:\Program Files\Electronic Arts
2010-07-26 17:50:17 ----D---- C:\Windows\system32\config
2010-07-26 17:35:31 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-26 17:35:30 ----D---- C:\Users\Ims\AppData\Roaming\Samsung
2010-07-25 22:12:59 ----D---- C:\Program Files\NVIDIA Corporation
2010-07-25 21:58:37 ----A---- C:\Windows\system32\CmdLineExt.dll
2010-07-25 14:36:22 ----D---- C:\Users\Ims\AppData\Roaming\Xfire
2010-07-25 12:47:01 ----D---- C:\Program Files\Steam
2010-07-25 11:54:36 ----D---- C:\Program Files\Adobe
2010-07-25 11:54:34 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-25 11:30:23 ----D---- C:\Program Files\Mozilla Firefox
2010-07-25 02:31:29 ----D---- C:\ProgramData\DivX
2010-07-25 02:30:42 ----D---- C:\Program Files\DivX
2010-07-24 01:55:21 ----D---- C:\Program Files\Common Files\Steam
2010-07-23 16:15:02 ----D---- C:\Users\Ims\AppData\Roaming\Adobe
2010-07-20 18:29:26 ----A---- C:\Windows\disney.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys [2006-08-11 59776]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2008-10-18 717296]
R1 a2injectiondriver;a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys [2010-05-15 39576]
R1 a2util;a-squared Malware-IDS utility driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
R1 BIOS;BIOS; \??\C:\Windows\system32\drivers\BIOS.sys [2005-03-16 13696]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-09-30 5632]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-01 281760]
R2 cpuz132;cpuz132; \??\C:\Windows\system32\drivers\cpuz132_x32.sys [2009-03-27 12672]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-01 25888]
R2 SVKP;SVKP; \??\C:\Windows\system32\SVKP.sys [2008-06-23 2368]
R3 Alpham1;Ideazon Merc USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Merc MM USB Human Interface Device; C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-02 1967576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-17 98816]
S1 ATITool;ATITool Overclocking Utility; C:\Windows\system32\DRIVERS\ATITool.sys [2007-08-08 28968]
S3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]
S3 Alpham;Ideazon Merc Composite Keyboard Driver; C:\Windows\system32\DRIVERS\Alpham.sys [2006-03-12 37248]
S3 asot5hqv;asot5hqv; C:\Windows\system32\drivers\asot5hqv.sys []
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-08-20 27672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2007-10-05 17480]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 imhidusb;Immersion's HID USB Driver; C:\Windows\system32\DRIVERS\imhidusb.sys [2007-04-19 17920]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 XDva020;XDva020; \??\C:\Windows\system32\XDva020.sys []
S3 XDva342;XDva342; \??\C:\Windows\system32\XDva342.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2008-11-03 1332480]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-01-15 75064]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
R2 SuperRam;SuperRam Speicher Service; C:\Program Files\PGWARE\SuperRam\SuperRamService.exe [2009-04-01 977600]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-21 183280]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-06-07 2837852]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-24 407336]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2009-06-02 361728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------
         
--- --- ---




Emsisoft Anti-Malware - Version 5.0
Letztes Update: 09.08.2010 15:54:19

Scan Einstellungen:

Scan Methode: N/A
Objekte: Speicher, Traces, Cookies, C:\
Archiv Scan: Aus
Heuristik: Aus
ADS Scan: An

Scan Beginn: 09.08.2010 15:59:53

Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure gefunden: Trace.Registry.RegCure!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker\casino gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker\casino\SDL gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker\init gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker\SDL gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pokerinstaller gefunden: Trace.Registry.PacificPoker!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems gefunden: Trace.Registry.Trymedia!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software gefunden: Trace.Registry.Trymedia!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211} gefunden: Trace.Registry.BijbelBar!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore gefunden: Trace.Registry.BijbelBar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> fullpath gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> INSTALLER_GUID gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> URL_CASINO_2 gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> COOKIE_ID gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> DEMO_PASSWORD gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> DEMO_USERNAME gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> P gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> P1 gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> serial gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> test_data gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\Movies --> LobbyMovAct gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\SDL --> Upd_Flag gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\SDL --> Upg_Date gefunden: Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AlertMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoComplete gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoSearch gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> autoUpdateMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoWild gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> closeAllWindowsForUpdate gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> connectionError gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> contextMenuItemName gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> contextSearch gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> corruptedMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> DescriptiveText gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ErrorMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> firstTime gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> firstURL gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> KeepHistory gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> lastVersionMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> OpenNew gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> PopStop gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> RunSearchAutomatically gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> RunSearchDragAutomatically gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> serverpath gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ShowFindButtons gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ShowHighlightButton gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> TBShow gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> toolbar_id gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> toolbar_version gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> uninstallMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> UpdateAutomatically gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> updateMsg gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> updateUrl gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> urlAfterUninstall gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> urlAfterUpdate gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> versionError gefunden: Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_Elapse gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_Not_Response gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_TimeOut gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> serial gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> test_data gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Version gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\SDL --> Upd_Flag gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\SDL --> Upg_Date gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> fullpath gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> INSTALLER_GUID gefunden: Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> URL_CASINO_2 gefunden: Trace.Registry.Pacific Poker!A2
C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Cookies\ims@doubleclick[1].txt gefunden: Trace.TrackingCookie.doubleclick!A2
C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Cookies\ims@tradedoubler[2].txt gefunden: Trace.TrackingCookie.tradedoubler!A2
C:\Program Files\Common Files\DivX Shared\libdivx.dll gefunden: Backdoor.Win32.IRCNite.po!A2
C:\Program Files\DivX\DivX Converter\libdivx.dll gefunden: Backdoor.Win32.IRCNite.po!A2
C:\Users\Ims\AppData\Roaming\Adobe\Update\flacor.dat gefunden: Trojan-PWS.Win32.Yaludle!IK

Gescannt

Dateien: 226380
Traces: 619200
Cookies: 41
Prozesse: 53

Gefunden

Dateien: 3
Traces: 70
Cookies: 2
Prozesse: 0
Registry Keys: 0

Scan Ende: 09.08.2010 18:28:56
Scan Zeit: 2:29:03

C:\Users\Ims\AppData\Roaming\Adobe\Update\flacor.dat Quarantäne Trojan-PWS.Win32.Yaludle!IK
C:\Program Files\Common Files\DivX Shared\libdivx.dll Quarantäne Backdoor.Win32.IRCNite.po!A2
C:\Program Files\DivX\DivX Converter\libdivx.dll Quarantäne Backdoor.Win32.IRCNite.po!A2
C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Cookies\ims@tradedoubler[2].txt Quarantäne Trace.TrackingCookie.tradedoubler!A2
C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Cookies\ims@doubleclick[1].txt Quarantäne Trace.TrackingCookie.doubleclick!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_Elapse Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_Not_Response Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Reconnection_TimeOut Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> serial Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> test_data Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\init --> Version Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\SDL --> Upd_Flag Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pacificpoker\poker\SDL --> Upg_Date Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> fullpath Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> INSTALLER_GUID Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\pokerinstaller --> URL_CASINO_2 Quarantäne Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AlertMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoComplete Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoSearch Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> autoUpdateMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> AutoWild Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> closeAllWindowsForUpdate Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> connectionError Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> contextMenuItemName Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> contextSearch Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> corruptedMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> DescriptiveText Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ErrorMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> firstTime Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> firstURL Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> KeepHistory Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> lastVersionMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> OpenNew Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> PopStop Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> RunSearchAutomatically Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> RunSearchDragAutomatically Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> serverpath Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ShowFindButtons Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> ShowHighlightButton Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> TBShow Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> toolbar_id Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> toolbar_version Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> uninstallMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> UpdateAutomatically Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> updateMsg Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> updateUrl Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> urlAfterUninstall Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> urlAfterUpdate Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\XTTB00001\Toolbar --> versionError Quarantäne Trace.Registry.Eqiso Toolbar!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> fullpath Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> INSTALLER_GUID Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\CasinonetInstaller --> URL_CASINO_2 Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> COOKIE_ID Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> DEMO_PASSWORD Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> DEMO_USERNAME Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> P Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> P1 Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> serial Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\init --> test_data Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\Movies --> LobbyMovAct Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\SDL --> Upd_Flag Quarantäne Trace.Registry.CasinoOnNet!A2
Value: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\casinoonnet\casino\SDL --> Upg_Date Quarantäne Trace.Registry.CasinoOnNet!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211} Quarantäne Trace.Registry.BijbelBar!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E69986-A054-4C52-ABE8-EF63DF1C5211}\iexplore Quarantäne Trace.Registry.BijbelBar!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems Quarantäne Trace.Registry.Trymedia!A2
Key: HKEY_LOCAL_MACHINE\software\Trymedia Systems\ActiveMARK Software Quarantäne Trace.Registry.Trymedia!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker\casino Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\casinopoker\casino\SDL Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker\init Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pacificpoker\poker\SDL Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\software\pokerinstaller Quarantäne Trace.Registry.PacificPoker!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\RegCure Quarantäne Trace.Registry.RegCure!A2

Quarantäne

Dateien: 3
Traces: 70
Cookies: 2

Alt 17.08.2010, 10:14   #2
markusg
/// Malware-holic
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide logs.
sichere schon mal deine daten, du wirst wohl formatieren müssen, aber zu erst möchte ich nen blick auf dein system werfen, und unbekannte dateien einsammeln.
__________________


Alt 17.08.2010, 18:24   #3
saccara
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.08.2010 18:10:46 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Ims\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 7,10 Gb Free Space | 3,05% Space Free | Partition Type: NTFS
Drive D: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IMS-PC
Current User Name: Ims
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ims\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ims\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe (PGWARE LLC)
PRC - C:\Program Files\PGWARE\SuperRam\SuperRamService.exe (PGWARE LLC)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ims\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (SuperRam) -- C:\Program Files\PGWARE\SuperRam\SuperRamService.exe (PGWARE LLC)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva342) -- C:\Windows\System32\XDva342.sys File not found
DRV - (XDva020) -- C:\Windows\System32\XDva020.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (SVKP) -- C:\Windows\System32\SVKP.sys (AntiCracking)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (ATITool) -- C:\Windows\System32\drivers\ATITool.sys ()
DRV - (Alpham1) -- C:\Windows\System32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (imhidusb) -- C:\Windows\System32\drivers\imhidusb.sys (Immersion Corporation)
DRV - (Alpham2) -- C:\Windows\System32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (Alpham) -- C:\Windows\System32\drivers\Alpham.sys (Ideazon Corporation)
DRV - (BIOS) -- C:\Windows\System32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.versatel.de/internet-cd/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.08.09 01:46:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.09 01:46:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.09 01:46:38 | 000,000,000 | ---D | M]
 
[2010.07.24 01:44:44 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\mozilla\Extensions
[2010.01.31 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.08.17 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\mozilla\Firefox\Profiles\e9mreen7.default\extensions
[2010.07.29 23:37:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ims\AppData\Roaming\mozilla\Firefox\Profiles\e9mreen7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.29 23:37:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ims\AppData\Roaming\mozilla\Firefox\Profiles\e9mreen7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.07.29 23:38:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ims\AppData\Roaming\mozilla\Firefox\Profiles\e9mreen7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.17 17:54:00 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Ims\AppData\Roaming\mozilla\Firefox\Profiles\e9mreen7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.07.24 00:27:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007.10.04 13:48:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.05.03 21:31:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.07.03 01:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009.08.17 08:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009.04.08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files\Mozilla Firefox\plugins\NPOP7PlugIn.dll
[2010.07.14 00:04:04 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.14 00:04:04 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.14 00:04:04 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.14 00:04:04 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.14 00:04:04 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.04.18 10:57:54 | 000,000,789 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 84.38.66.128 datenklo.org 
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SuperRam] C:\Program Files\PGWARE\SuperRam\SuperRamTray.exe (PGWARE LLC)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000..\Run: [{40600DC1-73CE-5E4C-36A4-7AFB0D1553AB}] C:\Users\Ims\AppData\Roaming\Piqaip\azom.exe File not found
O4 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000..\Run: [{74EBC31A-57E4-0727-309F-4ED849E6E338}] C:\Users\Ims\AppData\Roaming\Loumu\iwyxx.exe File not found
O4 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000..\Run: [BitTorrent DNA] C:\Users\Ims\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3908416098-2138756303-2722824237-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\Ims\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Optimieren - Verknüpfung.lnk = C:\Users\Ims\Desktop\ClearMem\Optimieren.bat ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ims\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ims\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.01.11 07:29:34 | 000,000,041 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{63d04c46-7268-11dc-9806-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{63d04c46-7268-11dc-9806-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Start.exe -- [2006.05.23 19:51:46 | 000,878,592 | R--- | M] ()
O33 - MountPoints2\{66fcc041-7584-11dc-9233-00e04d3f913f}\Shell - "" = AutoRun
O33 - MountPoints2\{66fcc041-7584-11dc-9233-00e04d3f913f}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{78d3ea3a-769c-11dc-85ad-00e04d3f913f}\Shell - "" = AutoRun
O33 - MountPoints2\{78d3ea3a-769c-11dc-85ad-00e04d3f913f}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe - (pdfforge  hxxp://www.pdfforge.org/)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Ims\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Ims\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe File not found
MsConfig - StartUpReg: OODefragTray - hkey= - key= -  File not found
MsConfig - StartUpReg: Pando Media Booster - hkey= - key= - C:\Program Files\Pando Networks\Media Booster\PMB.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{B271CFE5-41FE-4B2C-9731-05E5CABF2C38} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.mp42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.17 17:55:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ims\Desktop\OTL.exe
[2010.08.17 17:34:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Ims\Documents\OTL.exe
[2010.08.16 21:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.16 21:37:13 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.16 20:48:37 | 000,000,000 | ---D | C] -- C:\Users\Ims\AppData\Roaming\Malwarebytes
[2010.08.16 20:48:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.16 20:48:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.16 20:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.16 20:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.16 20:47:45 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Ims\Documents\mbam-setup.exe
[2010.08.16 20:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.16 20:38:13 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Users\Ims\Documents\ccsetup234.exe
[2010.08.11 02:19:24 | 000,000,000 | ---D | C] -- C:\Users\Ims\Program Files
[2010.08.10 21:26:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.10 21:26:28 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.10 21:26:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.10 21:26:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.10 21:26:28 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.10 21:26:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.10 21:26:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.10 21:26:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.10 21:26:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.10 21:26:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.10 21:26:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.10 21:26:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.10 21:26:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.10 21:26:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.10 21:26:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.10 21:26:24 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.10 21:26:22 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.10 21:26:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.10 21:26:11 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.10 21:26:10 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 16:41:28 | 000,000,000 | ---D | C] -- C:\Users\Ims\AppData\Local\DNA
[2010.08.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Users\Ims\AppData\Roaming\DNA
[2010.08.10 16:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\DNA
[2010.08.09 15:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010.08.09 15:52:08 | 000,000,000 | ---D | C] -- C:\Users\Ims\Documents\Anti-Malware
[2010.08.09 15:48:41 | 109,741,896 | ---- | C] (Emsi Software GmbH                                          ) -- C:\Users\Ims\Documents\a2AntiMalwareSetup.exe
[2010.08.09 01:45:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010.07.29 18:16:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.07.29 18:15:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010.07.29 18:15:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010.07.29 18:15:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010.07.29 18:15:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010.07.29 18:15:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010.07.29 18:15:05 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010.07.29 18:15:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010.07.29 18:15:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010.07.29 18:15:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010.07.29 18:15:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010.07.29 18:15:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010.07.29 18:14:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010.07.29 18:14:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010.07.29 18:14:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010.07.29 18:14:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010.07.29 18:14:56 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010.07.28 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Ims\AppData\Local\AOL
[2010.07.26 22:16:18 | 000,000,000 | ---D | C] -- C:\Users\Ims\Documents\BioWare
[2010.07.26 21:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010.07.26 18:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010.07.26 18:06:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.07.26 17:57:38 | 022,098,480 | ---- | C] (Electronic Arts, Inc.) -- C:\Users\Ims\Documents\_Assets_Richmedia_File_eadm-installer.exe
[2010.07.25 23:53:32 | 100,273,008 | ---- | C] (Microsoft Corporation) -- C:\Users\Ims\Documents\directx_Jun2010redist.exe
[2010.07.25 23:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2010.07.25 23:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010.07.25 23:47:47 | 001,940,640 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Ims\Documents\RegCureSetup_CB.exe
[2010.07.25 22:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.07.25 22:07:41 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.25 22:07:41 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.25 22:07:41 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.07.25 22:07:41 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.25 22:07:41 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.25 22:07:39 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.25 22:07:39 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.25 22:07:38 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.25 22:07:38 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.25 22:07:38 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.07.25 22:07:38 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.25 22:03:50 | 130,692,640 | ---- | C] (NVIDIA Corporation) -- C:\Users\Ims\Documents\258.96_desktop_win7_winvista_32bit_international_whql.exe
[2010.07.25 15:41:12 | 074,354,694 | ---- | C] (BioWare) -- C:\Users\Ims\Documents\MassEffect_EFIGS_1.02.exe
[2010.07.25 14:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.07.24 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\Ims\AppData\Roaming\NVIDIA
[2010.07.24 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010.07.24 00:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\c&c
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2040.07.10 14:58:38 | 001,116,388 | ---- | M] () -- C:\Users\Ims\Desktop\100_0109.JPG
[2010.08.17 18:09:55 | 005,242,880 | ---- | M] () -- C:\Users\Ims\ntuser.dat
[2010.08.17 18:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.17 17:46:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3908416098-2138756303-2722824237-1000UA.job
[2010.08.17 17:46:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.17 17:34:48 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ims\Documents\OTL.exe
[2010.08.17 17:32:16 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.17 17:29:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.17 17:29:29 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.17 17:29:17 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.17 17:29:04 | 000,036,725 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.17 17:29:01 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 17:29:01 | 000,003,952 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.17 17:28:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.17 17:28:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.17 17:28:52 | 001,040,734 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.08.17 00:25:06 | 000,524,288 | -HS- | M] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TMContainer00000000000000000001.regtrans-ms
[2010.08.17 00:25:06 | 000,065,536 | -HS- | M] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TM.blf
[2010.08.17 00:24:58 | 003,830,741 | -H-- | M] () -- C:\Users\Ims\AppData\Local\IconCache.db
[2010.08.16 23:46:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3908416098-2138756303-2722824237-1000Core.job
[2010.08.16 22:04:18 | 000,000,392 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B805C3A6-58FB-431E-B800-C9B792561349}.job
[2010.08.16 21:34:34 | 000,339,991 | ---- | M] () -- C:\Users\Ims\Desktop\RSIT.exe
[2010.08.16 20:48:20 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 20:47:47 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Ims\Documents\mbam-setup.exe
[2010.08.16 20:40:18 | 000,000,764 | ---- | M] () -- C:\Users\Ims\Desktop\CCleaner.lnk
[2010.08.16 20:40:05 | 000,000,538 | ---- | M] () -- C:\Users\Ims\Documents\ccsetup234 - Verknüpfung.lnk
[2010.08.16 20:38:18 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Users\Ims\Documents\ccsetup234.exe
[2010.08.16 17:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2010.08.16 00:34:19 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ims\Desktop\OTL.exe
[2010.08.12 00:15:16 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.08.12 00:15:07 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.08.11 14:20:03 | 000,423,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.10 00:54:44 | 010,221,404 | ---- | M] () -- C:\Users\Ims\Documents\Gianna Michaels in MonsterCock Mania - BangBros Network.flv
[2010.08.09 15:52:23 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.08.09 15:50:38 | 109,741,896 | ---- | M] (Emsi Software GmbH                                          ) -- C:\Users\Ims\Documents\a2AntiMalwareSetup.exe
[2010.08.09 01:46:15 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2010.08.09 01:45:49 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2010.08.09 01:45:49 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2010.08.09 01:45:13 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.08.08 22:16:20 | 001,568,034 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.08 22:16:20 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.08 22:16:20 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.08 22:16:20 | 000,145,834 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.08 22:16:20 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.08 22:06:40 | 001,411,549 | ---- | M] () -- C:\Users\Ims\Desktop\IMAG0058.jpg
[2010.08.08 22:06:28 | 001,153,727 | ---- | M] () -- C:\Users\Ims\Desktop\IMAG0057.jpg
[2010.08.08 21:25:44 | 000,776,465 | ---- | M] () -- C:\Users\Ims\Desktop\IMAG0056.jpg
[2010.08.08 21:25:26 | 001,033,703 | ---- | M] () -- C:\Users\Ims\Desktop\IMAG0055.jpg
[2010.08.02 19:44:28 | 000,113,664 | ---- | M] () -- C:\Users\Ims\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.02 19:36:17 | 733,446,144 | ---- | M] () -- C:\Users\Ims\Documents\2007-300-a-cineonws251.avi
[2010.08.02 19:29:44 | 734,513,152 | ---- | M] () -- C:\Users\Ims\Documents\2007-300-b-cineonws251.avi
[2010.08.02 13:37:36 | 038,960,014 | ---- | M] () -- C:\Users\Ims\Documents\Vista_Win7_R250_x86.zip
[2010.07.27 00:15:17 | 000,524,288 | -HS- | M] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 22:53:45 | 000,000,922 | ---- | M] () -- C:\Users\Ims\Desktop\MassEffect - Verknüpfung.lnk
[2010.07.26 22:49:23 | 003,723,528 | ---- | M] () -- C:\Users\Ims\Documents\rld-m102.7z
[2010.07.26 18:06:19 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.07.26 17:59:33 | 022,098,480 | ---- | M] (Electronic Arts, Inc.) -- C:\Users\Ims\Documents\_Assets_Richmedia_File_eadm-installer.exe
[2010.07.26 17:50:28 | 005,242,880 | ---- | M] () -- C:\Users\Ims\ntuser.dat_BAK_53227
[2010.07.26 17:50:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ims\ntuser.dat{378f0a0a-2395-11df-91c1-c9bc70e0e62d}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 17:50:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ims\ntuser.dat{378f0a0a-2395-11df-91c1-c9bc70e0e62d}.TM.blf
[2010.07.26 17:03:03 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2010.07.25 23:54:54 | 100,273,008 | ---- | M] (Microsoft Corporation) -- C:\Users\Ims\Documents\directx_Jun2010redist.exe
[2010.07.25 23:48:09 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2010.07.25 23:47:49 | 001,940,640 | ---- | M] (ParetoLogic Inc.) -- C:\Users\Ims\Documents\RegCureSetup_CB.exe
[2010.07.25 22:05:41 | 130,692,640 | ---- | M] (NVIDIA Corporation) -- C:\Users\Ims\Documents\258.96_desktop_win7_winvista_32bit_international_whql.exe
[2010.07.25 21:58:37 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2010.07.25 15:42:18 | 074,354,694 | ---- | M] (BioWare) -- C:\Users\Ims\Documents\MassEffect_EFIGS_1.02.exe
[2010.07.24 13:13:06 | 000,001,558 | ---- | M] () -- C:\Users\Ims\Desktop\Game - Verknüpfung.lnk
[2010.07.24 00:27:43 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.24 00:04:32 | 000,036,523 | ---- | M] () -- C:\Users\Ims\Desktop\bookmarks-2010-07-24.json
[2010.07.20 18:29:26 | 000,000,121 | ---- | M] () -- C:\Windows\disney.ini
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.16 21:34:34 | 000,339,991 | ---- | C] () -- C:\Users\Ims\Desktop\RSIT.exe
[2010.08.16 20:48:20 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 20:40:18 | 000,000,764 | ---- | C] () -- C:\Users\Ims\Desktop\CCleaner.lnk
[2010.08.16 20:40:05 | 000,000,538 | ---- | C] () -- C:\Users\Ims\Documents\ccsetup234 - Verknüpfung.lnk
[2010.08.10 00:54:34 | 010,221,404 | ---- | C] () -- C:\Users\Ims\Documents\Gianna Michaels in MonsterCock Mania - BangBros Network.flv
[2010.08.09 15:52:23 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2010.08.08 22:17:47 | 001,411,549 | ---- | C] () -- C:\Users\Ims\Desktop\IMAG0058.jpg
[2010.08.08 22:17:47 | 001,153,727 | ---- | C] () -- C:\Users\Ims\Desktop\IMAG0057.jpg
[2010.08.08 22:17:47 | 001,033,703 | ---- | C] () -- C:\Users\Ims\Desktop\IMAG0055.jpg
[2010.08.08 22:17:47 | 000,776,465 | ---- | C] () -- C:\Users\Ims\Desktop\IMAG0056.jpg
[2010.08.02 18:10:40 | 733,446,144 | ---- | C] () -- C:\Users\Ims\Documents\2007-300-a-cineonws251.avi
[2010.08.02 18:09:20 | 734,513,152 | ---- | C] () -- C:\Users\Ims\Documents\2007-300-b-cineonws251.avi
[2010.08.02 13:34:04 | 038,960,014 | ---- | C] () -- C:\Users\Ims\Documents\Vista_Win7_R250_x86.zip
[2010.07.29 18:14:58 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.07.29 18:14:58 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.07.29 18:14:58 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.07.26 22:53:45 | 000,000,922 | ---- | C] () -- C:\Users\Ims\Desktop\MassEffect - Verknüpfung.lnk
[2010.07.26 22:49:20 | 003,723,528 | ---- | C] () -- C:\Users\Ims\Documents\rld-m102.7z
[2010.07.26 18:06:19 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\EA Download Manager.lnk
[2010.07.26 17:51:50 | 000,524,288 | -HS- | C] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TMContainer00000000000000000002.regtrans-ms
[2010.07.26 17:51:50 | 000,524,288 | -HS- | C] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TMContainer00000000000000000001.regtrans-ms
[2010.07.26 17:51:50 | 000,065,536 | -HS- | C] () -- C:\Users\Ims\ntuser.dat{d8ec50d6-98c6-11df-8956-9523cad989bf}.TM.blf
[2010.07.26 17:50:18 | 000,262,144 | -H-- | C] () -- C:\Users\Ims\ntuser.dat_TU_53227.LOG1
[2010.07.26 17:50:18 | 000,000,000 | -H-- | C] () -- C:\Users\Ims\ntuser.dat_TU_53227.LOG2
[2010.07.25 23:48:12 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2010.07.25 23:48:11 | 000,000,368 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2010.07.25 23:48:09 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2010.07.24 13:13:06 | 000,001,558 | ---- | C] () -- C:\Users\Ims\Desktop\Game - Verknüpfung.lnk
[2010.07.24 00:27:43 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.24 00:04:32 | 000,036,523 | ---- | C] () -- C:\Users\Ims\Desktop\bookmarks-2010-07-24.json
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.05.30 17:08:47 | 000,000,121 | ---- | C] () -- C:\Windows\disney.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.01.28 22:47:23 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.28 22:47:23 | 000,036,725 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.20 18:16:58 | 000,000,552 | ---- | C] () -- C:\Users\Ims\AppData\Local\d3d8caps.dat
[2009.09.11 16:53:58 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.23 17:03:18 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.08.15 15:08:31 | 000,001,356 | ---- | C] () -- C:\Users\Ims\AppData\Local\d3d9caps.dat
[2009.03.03 23:54:49 | 000,000,096 | ---- | C] () -- C:\Users\Ims\AppData\Roaming\DelinvFile.ini
[2009.02.10 18:24:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.02.10 18:24:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.01.30 00:15:30 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.01.30 00:15:30 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.01.30 00:15:30 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.01.23 22:06:23 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.01.01 20:29:57 | 000,000,000 | ---- | C] () -- C:\Windows\OODCNT.INI
[2008.12.25 13:46:05 | 000,000,091 | ---- | C] () -- C:\Users\Ims\AppData\Local\fusioncache.dat
[2008.12.10 12:57:23 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2008.11.17 17:51:33 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2008.10.06 19:33:10 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.10.02 13:16:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.09.30 18:59:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.09.30 18:40:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.07.21 18:13:49 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008.07.21 18:13:49 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.04.18 13:44:55 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2008.01.26 11:48:19 | 000,000,031 | ---- | C] () -- C:\Windows\wwwbatch.ini
[2008.01.26 11:20:55 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll
[2007.10.30 23:28:44 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2007.10.16 15:20:28 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2007.10.15 21:28:16 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.10.15 21:28:16 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.10.11 02:26:29 | 000,000,000 | ---- | C] () -- C:\Users\Ims\AppData\Roaming\AVSDVDPlayer.m3u
[2007.10.07 02:00:33 | 000,138,056 | ---- | C] () -- C:\Users\Ims\AppData\Roaming\PnkBstrK.sys
[2007.10.05 13:14:04 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2007.10.05 02:19:18 | 000,113,664 | ---- | C] () -- C:\Users\Ims\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.04 15:05:55 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2007.10.02 10:30:30 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2007.08.08 18:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.09.08 17:56:40 | 000,158,208 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.11.17 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Ashampoo
[2009.06.30 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Azureus
[2009.05.14 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Bioshock
[2010.03.25 19:37:06 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\BitTorrent
[2009.07.28 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\BlackBean
[2008.10.16 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Canneverbe_Limited
[2010.06.06 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Canon
[2008.12.24 00:53:41 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Capcom
[2007.11.10 16:09:45 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\CDZilla
[2008.03.20 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.10.18 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DAEMON Tools
[2010.05.30 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Disney Interactive Studios
[2010.08.17 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DNA
[2010.06.24 23:04:14 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.08 22:23:35 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\FileZilla
[2010.05.04 23:26:35 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\FUEL
[2009.08.18 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\GrabPro
[2010.01.03 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\gtk-2.0
[2009.04.18 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\HLSW
[2010.08.07 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQ
[2008.02.17 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQ Toolbar
[2008.04.03 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQLite
[2008.12.25 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Ideazon
[2009.11.22 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ijjigame
[2010.01.31 15:58:05 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\IMVUClient
[2009.03.29 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\IrfanView
[2009.04.18 10:22:21 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\L4dOgerLauncher
[2008.11.26 01:11:19 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Leadertech
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Loumu
[2010.08.16 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Okag
[2009.04.18 10:49:08 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\OpenOffice.org
[2010.01.22 03:16:18 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Orbit
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Piqaip
[2009.06.13 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\QIP
[2009.12.18 17:33:43 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\runic games
[2010.07.26 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Samsung
[2009.11.03 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Silver Style Entertainment
[2008.09.21 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\SpeedSim
[2008.10.15 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Thunderbird
[2010.03.22 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\TS3Client
[2008.09.08 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\TuneUp Software
[2010.08.16 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Uctifo
[2010.01.31 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Vivox
[2009.10.25 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\VOWSoft
[2008.06.26 07:37:18 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Warsow
[2009.09.15 09:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Wekoif
[2009.10.12 05:35:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Wywyim
[2010.08.17 18:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.08.16 17:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2010.07.26 17:03:03 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2010.08.17 00:25:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.16 22:04:18 | 000,000,392 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B805C3A6-58FB-431E-B800-C9B792561349}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.07.23 16:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Adobe
[2008.11.17 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Ashampoo
[2009.01.01 17:58:42 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\AVS4YOU
[2009.06.30 21:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Azureus
[2009.05.14 08:30:24 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Bioshock
[2010.03.25 19:37:06 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\BitTorrent
[2009.07.28 15:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\BlackBean
[2008.10.16 23:36:00 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Canneverbe_Limited
[2010.06.06 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Canon
[2008.12.24 00:53:41 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Capcom
[2007.11.10 16:09:45 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\CDZilla
[2008.03.20 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.11.17 16:58:37 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\CyberLink
[2008.10.18 14:31:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DAEMON Tools
[2010.05.30 17:14:21 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Disney Interactive Studios
[2010.06.01 00:50:25 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DivX
[2010.08.17 18:09:39 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DNA
[2010.06.24 23:04:14 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.08 22:23:35 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\FileZilla
[2010.05.04 23:26:35 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\FUEL
[2008.11.02 23:26:52 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Google
[2009.08.18 20:41:44 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\GrabPro
[2010.01.03 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\gtk-2.0
[2009.04.18 10:52:46 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Hamachi
[2009.04.18 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\HLSW
[2010.08.07 00:13:16 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQ
[2008.02.17 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQ Toolbar
[2008.04.03 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ICQLite
[2008.12.25 13:46:17 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Ideazon
[2007.10.04 13:11:28 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Identities
[2009.11.22 19:00:34 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\ijjigame
[2010.01.31 15:58:05 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\IMVUClient
[2007.10.04 13:46:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\InstallShield
[2009.03.29 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\IrfanView
[2009.04.18 10:22:21 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\L4dOgerLauncher
[2008.11.26 01:11:19 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Leadertech
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Loumu
[2007.10.04 13:49:09 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Macromedia
[2010.08.16 20:48:37 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Media Center Programs
[2008.10.16 23:42:07 | 000,000,000 | --SD | M] -- C:\Users\Ims\AppData\Roaming\Microsoft
[2008.06.22 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Microsoft Game Studios
[2010.05.16 16:06:03 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\mIRC
[2008.10.15 20:53:41 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Mozilla
[2010.07.24 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\NVIDIA
[2010.08.16 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Okag
[2009.04.18 10:49:08 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\OpenOffice.org
[2009.04.16 23:47:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\OpenOffice.org2
[2010.01.22 03:16:18 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Orbit
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Piqaip
[2009.06.13 13:18:04 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\QIP
[2010.06.25 00:39:25 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Real
[2009.12.18 17:33:43 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\runic games
[2010.07.26 17:35:30 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Samsung
[2007.10.04 14:30:43 | 000,000,000 | RH-D | M] -- C:\Users\Ims\AppData\Roaming\SecuROM
[2009.11.03 16:28:12 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Silver Style Entertainment
[2010.05.18 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Skype
[2010.05.18 22:31:03 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\skypePM
[2008.09.21 18:34:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\SpeedSim
[2009.08.15 21:19:39 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\teamspeak2
[2008.03.06 17:41:17 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\THQ
[2008.10.15 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Thunderbird
[2010.03.22 22:06:37 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\TS3Client
[2008.09.08 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\TuneUp Software
[2010.08.16 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Uctifo
[2009.01.23 22:15:21 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Ventrilo
[2010.01.31 15:41:10 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Vivox
[2009.10.25 02:21:20 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\VOWSoft
[2008.06.26 07:37:18 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Warsow
[2009.09.15 09:59:28 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Wekoif
[2010.03.25 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\WinRAR
[2009.10.12 05:35:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Wywyim
[2010.07.25 14:36:22 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2010.07.25 11:54:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ims\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.01.06 17:41:18 | 000,010,134 | R--- | M] () -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{116D1725-3193-49AF-8999-036D385F701E}\_07FC79487A9632D69318B3.exe
[2008.08.23 13:14:34 | 000,011,502 | R--- | M] () -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\ARPPRODUCTICON.exe
[2008.08.23 13:14:34 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2008.08.23 13:14:34 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2008.08.23 13:14:34 | 000,015,086 | R--- | M] () -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2008.08.23 13:14:34 | 000,008,854 | R--- | M] () -- C:\Users\Ims\AppData\Roaming\Microsoft\Installer\{7E641E46-81DB-4D1D-906A-48342523051C}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe
[2010.08.09 01:44:08 | 000,497,160 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ims\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100730.exe
[2009.12.07 18:21:11 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Ims\AppData\Roaming\Real\Update\setup3.09\setup.exe
[2009.10.12 05:35:11 | 000,133,120 | ---- | M] (ls) -- C:\Users\Ims\AppData\Roaming\Wywyim\wetu.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 01:24:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 01:24:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 01:24:08 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.04 20:03:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.10.04 20:03:04 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.10.18 14:31:37 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 481 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B623B5B8
< End of report >
         
--- --- ---
__________________

Alt 17.08.2010, 18:25   #4
saccara
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.08.2010 18:10:46 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Ims\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 7,10 Gb Free Space | 3,05% Space Free | Partition Type: NTFS
Drive D: | 6,88 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: IMS-PC
Current User Name: Ims
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Combat Arms\CombatArms.exe" = C:\Program Files\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files\Combat Arms\Engine.exe" = C:\Program Files\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Combat Arms EU\CombatArms.exe" = C:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Program Files\Combat Arms EU\Engine.exe" = C:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{921F68EA-91B8-4F8D-A1ED-DD8914867E4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{C3E5C1A2-F2A7-47E6-B150-249E5D55CEC2}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A51E2B-A341-401D-B6D9-381C8C971BE5}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{12FD6D5B-2834-43E2-A03C-4D5719BB3E25}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe | 
"{14E069E7-B1FC-40D0-9544-EB0A5A5524AF}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{1A2DFD02-DB1F-44CF-B6ED-B914FA6F5DD0}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{1B7E5AC2-6D4D-4BEB-B77C-00D81C32E017}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1D30C2CF-B6E4-4AB0-A966-FC98E3C3A663}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe | 
"{1E871E46-7E06-4379-8233-BBC8B9CC3D37}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{1F1DAA4D-EAB7-4C2E-BEA2-9DEBF019B07C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{24160F7F-36CC-4042-8161-7C9A4FD5239B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{29BE64DC-4A80-46FD-8C49-8314B246281D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{2B3C7EB4-B47A-4C24-93F9-E9E44E66DDA0}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{3204ABED-81B5-4D84-9AC6-CFD865899053}" = protocol=17 | dir=in | app=c:\program files\combat arms eu\nmservice.exe | 
"{3269101F-29BA-4097-AC85-2A18339FD9BF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\config.exe | 
"{33A3985F-0F80-4908-B5B7-0C94C222BAFB}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{36027752-C259-42DB-A7AB-B1E332D1106A}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe | 
"{3EE7ADED-6109-4677-AA48-23716410128B}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe | 
"{4264994F-091C-44A7-8CEC-FBBBCE05DE1E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4658B7CB-5E1E-45FA-8DC6-FBD99CE45F40}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{4F404DDE-EC4F-4EBF-AD36-203B84AF4659}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{51EE7113-55F5-4D5B-9CDA-A9710191E63A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{52D23774-8959-438B-A578-7AA4B702C006}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{5401897E-85FE-4BDB-9AA5-4696DF1651A7}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{55944A6A-D197-47A8-8A52-11444A06CB24}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{57E91438-F067-4688-8616-750E23C7602A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{5AE25D04-D720-4B1A-876C-3913F4E8145F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{5F211CC7-809A-4ED3-BBBE-04479A7E6244}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{64267F87-E5D0-454E-9D24-48927843A685}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{64C528A6-C34A-496F-861B-3E66B4EE906A}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{65FF29EF-C6AD-482A-8A2C-D1E1E5F87295}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6838AB4A-6FD0-4A84-B216-C200B9EBC1CC}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{6DB215C6-750B-4523-BDE2-AAB32E8E46D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"{6ECEEECA-1DF2-4B3E-B03D-4A022BFFABC1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{7085EB33-D086-48E4-BF99-07B092DE5A26}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{726F5DB1-A6CE-4B37-8944-64436027B402}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{73ACBF29-D70D-4969-A736-BE3BF372CA05}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{74922D10-5A60-466E-B328-F6EBCB6D0CD1}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{7A92ADC1-EF19-4465-ABCF-F5CBCBF3B0E1}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{7BC772AB-24CE-41F2-B124-42C2B70D0078}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{80A5C957-1CB4-49BB-B6DB-E9C003EACC1D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{814FA37A-452D-445D-BBF4-0E31C98464DE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{85055879-62A1-4691-A746-C7969ED8341C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe | 
"{879C3C97-937B-417E-8941-9327CCFA2E37}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{883457E0-EF55-4739-A05B-F367710BE1C0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\race driver 3\rd3.exe | 
"{88DE4AA6-C70D-4887-9958-1C0C54202EFC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\race driver 3\rd3.exe | 
"{88F7A4BE-7DF1-43BC-8F97-D6F4D426E89E}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{897230F8-73B1-40BD-8028-A04A8474EF89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{8DF032A1-DB4B-42BE-B3EF-F8BCE647515E}" = protocol=6 | dir=in | app=c:\program files\combat arms eu\nmservice.exe | 
"{8E1EDEB7-BF97-40D3-A438-79A3712C85EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{95332257-C189-428D-AAF2-1E0888B85BC1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe | 
"{98492E2B-ED8B-4CAC-B8DA-807B65FF291C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\overlord\overlord.exe | 
"{99960DA5-14AC-4CA9-A7EB-9F87A5064FBC}" = protocol=6 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{9D65C77C-32C6-497B-B768-B6C0567E1059}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9DBED8B0-4820-4B7B-BBDA-9987A332F408}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{A3393CB1-88A5-4B0A-B58A-33CDED8403D5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AA616AA9-D131-4887-A740-4FBAE46AF6ED}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\rgsc\rgsclauncher.exe | 
"{B0177F00-1746-4B20-9E47-35923C280C31}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe | 
"{B0EA1605-1860-415E-A3C5-9785443394CC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{B58C85D0-0707-45E4-8E30-42DF701CD560}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe | 
"{BAFFEF68-3D95-4E96-A50D-5DA844E8A7B2}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{BEA323C1-131A-481F-A74C-C45C85CA09C9}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{C181CEB0-2180-4616-A96B-7B60C11C3775}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{C7F461F9-81FB-4C35-992D-E47A2C28FADB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{C9265D27-AEBA-420B-A4A4-230FF9282115}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{C9E8924E-CFC4-4185-A941-1CC0D5DA2C4E}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{CA85DA90-A63B-4CE3-8D2D-DD69429F020A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{D2C968F7-C67A-44B0-8594-A1671D2EB5E9}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D65268F9-9ADE-47DB-9545-834F8A148213}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{DCA330AE-5679-485B-8B7A-48CF6B84ACC1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{E03DB262-5F81-4198-B10B-D0B42DDD39EE}" = protocol=17 | dir=in | app=c:\program files\cyanide\gamecenter\gamecenter.exe | 
"{E11357C5-06D4-4B8D-AB93-A2333EA8EC55}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\america's army 3\binaries\aa3game.exe | 
"{E5F59ECF-602B-4D6C-A98F-46E4E2F0684B}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe | 
"{E9A1B9CD-96DB-4008-AC5E-6974530B9BDA}" = protocol=6 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
"{E9C53513-B5F9-4B77-B2F7-5A29F4989FA3}" = protocol=17 | dir=in | app=c:\program files\codemasters\grid\grid.exe | 
"{FD3F03FB-EFCA-4CAD-A507-0D518D0FEE61}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe | 
"{FED4939F-BE6B-42BE-B837-45793F36D854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2.exe | 
"{FEDF7CDD-0966-4B07-BE72-10DB5BEC01B5}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{FF56C8B7-710F-4E13-803F-585245745C03}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\torchlight\torchlight.exe | 
"TCP Query User{01847FA3-05E9-4772-BD42-E1B13A963D20}C:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=c:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe | 
"TCP Query User{033D47D8-F371-4117-8994-A461F8B7B47F}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{05174EAF-6015-43E7-9F21-2D10A8750CC4}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{0596B30B-6302-497A-9F5D-123D24551268}C:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{065223D4-4EE9-4974-A1F7-52B26190636C}C:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe | 
"TCP Query User{092EAED2-0F47-43AB-8C53-F10CB7AD9A67}C:\program files\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"TCP Query User{0BAEF487-1D7E-4CA1-8B7B-1E0221A9548C}C:\program files\cossacks - back to war\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks - back to war\dmcr.exe | 
"TCP Query User{0CB0A406-92D2-4857-A69A-A37486AF23D1}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{0FEE20DC-DF3B-4E71-A137-9070D5E382CC}C:\age of empires ii\empires2.exe" = protocol=6 | dir=in | app=c:\age of empires ii\empires2.exe | 
"TCP Query User{1308F415-2181-4CF8-ACE4-BE471CEE629E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{1407A6CF-DDF3-41E9-8D14-913E80EB94A8}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe | 
"TCP Query User{1505C2EF-65F5-4BBC-9DCC-F0756C1CECAA}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"TCP Query User{159DB877-74E0-4CF0-B1D4-2EC06992408C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{1AFE1859-57AA-46E5-ADE7-E11245B2ECBE}C:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"TCP Query User{1DB71E4A-03AD-48D9-A85C-0D899C3D6CD6}C:\program files\steam\steamapps\clown-alex\eternal-silence\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\eternal-silence\hl2.exe | 
"TCP Query User{1E902752-F620-4602-A1C8-55D9B6C74D56}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{1F82CC1C-7CA8-41DA-8B8A-EBDC6F7CB534}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe | 
"TCP Query User{2157D4A6-6656-4E18-9695-746F74FA78B3}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{276A2053-036B-4B85-A0C2-8A1B7CE57080}C:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe | 
"TCP Query User{28341492-E8AB-469F-B7B7-9387517573E6}C:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe | 
"TCP Query User{2B567124-D4E8-4498-A9AB-2FCEC573620F}C:\users\ims\documents\aoc-live-eu.exe" = protocol=6 | dir=in | app=c:\users\ims\documents\aoc-live-eu.exe | 
"TCP Query User{2DD7237C-823C-48BE-8459-B1A76EBDDD3D}C:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe | 
"TCP Query User{2EAD31DF-019B-494E-9486-027992066D04}C:\program files\steam\steamapps\clown-alex\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\zombie panic! source\hl2.exe | 
"TCP Query User{326220DA-63F7-4A5E-96AE-3593B099A88D}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{327EAE92-9955-4AE0-BFF0-F7B4CC255069}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{337AE87B-FF4D-4006-AA16-AF8DC0D49B98}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{341427C1-953C-4E48-9F58-F1114744739D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3D720AC3-8CA8-48AF-82FD-2EE4AC9F1E2B}C:\users\ims\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\ims\appdata\roaming\imvuclient\1vivoxvoice.exe | 
"TCP Query User{43EE98D0-0011-4D8E-B3C5-2A8C9F4423DF}C:\program files\left 4 dead\left4dead.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\left4dead.exe | 
"TCP Query User{479DA0D5-DB50-4296-B8F6-973AE166DD3E}C:\program files\serious sam 2\bin\sam2.exe" = protocol=6 | dir=in | app=c:\program files\serious sam 2\bin\sam2.exe | 
"TCP Query User{49C8F27B-2E38-4EDA-94AD-BC0A9A9CA379}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{51F28C3D-8D32-45E7-8DB8-080C1088E716}C:\program files\world of warcraft\wow-2.4.2-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.4.2-dede-downloader.exe | 
"TCP Query User{52AE6AE7-C656-46AF-AF6C-B2EA27E5BD14}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe | 
"TCP Query User{56315AB8-75C9-41E7-8353-B832637E3851}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 
"TCP Query User{577C9BD1-FB24-4236-BB99-06E978F3EF53}C:\program files\call of duty\codmp.exe" = protocol=6 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"TCP Query User{59993366-1E9E-43B2-AF70-FA171316E74E}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{73B87E8D-E7B6-489F-8508-772A5AFA2C13}C:\program files\left 4 dead\hl2.exe" = protocol=6 | dir=in | app=c:\program files\left 4 dead\hl2.exe | 
"TCP Query User{7709250B-8C75-4D87-9314-893AC30E8674}C:\program files\steam\steamapps\common\left 4 dead\srcds.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"TCP Query User{776D4F72-4631-4B79-B4DD-EDEE1BE48729}C:\program files\cossacks\dmcr.exe" = protocol=6 | dir=in | app=c:\program files\cossacks\dmcr.exe | 
"TCP Query User{7A39C428-3589-4417-BEDA-A82016D47606}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"TCP Query User{7C3DD0B0-9373-4383-BCB0-0EDF94F7233D}C:\program files\bmw m3 challenge\bmw.exe" = protocol=6 | dir=in | app=c:\program files\bmw m3 challenge\bmw.exe | 
"TCP Query User{7D87E671-FCED-4A3D-BADA-FC8371C05043}C:\program files\sierra entertainment\timeshift\bin\timeshift.exe" = protocol=6 | dir=in | app=c:\program files\sierra entertainment\timeshift\bin\timeshift.exe | 
"TCP Query User{7F2539FF-E337-44CC-8574-8EA6DA726B22}C:\users\ims\desktop\aoe\empires2.exe" = protocol=6 | dir=in | app=c:\users\ims\desktop\aoe\empires2.exe | 
"TCP Query User{7FCDFE65-A70F-4A0B-93F8-C22B589CA842}C:\program files\sega\universe at war earth assault (demo)\uawea.exe" = protocol=6 | dir=in | app=c:\program files\sega\universe at war earth assault (demo)\uawea.exe | 
"TCP Query User{8394A78B-5C7D-42F0-BEDE-6CFD0170C14E}C:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{8A00E4D5-9834-4DD7-821F-F78CEDABF3D2}C:\program files\hlsw\hlsw.exe" = protocol=6 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"TCP Query User{901F6E6B-5AD2-40D6-A180-FA027F74657B}C:\program files\winpcap\rpcapd.exe" = protocol=6 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"TCP Query User{91CB2CED-C5A7-4BAC-B0D2-878622071C26}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{A08F3CEE-24FB-4B8B-BB9C-F521F4355FD5}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{A9582488-354B-4002-AA6F-569F3EBB129D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AFA6F861-7F19-4417-B309-FF28EAD157AF}C:\program files\parabellum beta\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=c:\program files\parabellum beta\binaries\parabellumthegame.exe | 
"TCP Query User{B3E18145-06B3-4B76-B3BC-E47202D406FC}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{BDB221DE-A534-4B55-A71D-C7D9CB1DA086}C:\program files\world of warcraft\wow-2.3.0-dede-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-dede-downloader.exe | 
"TCP Query User{BF5645F8-E0BB-4E3A-A980-05927135832D}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | 
"TCP Query User{C4B652AB-B4DD-45ED-8CAC-979AEA46C576}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{C5CCFDCB-2236-49AC-B44D-BCE78F459008}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{C61A35D8-CF3E-4E8B-BB54-101EDAF3A1B5}C:\users\ims\documents\aoe\empires2.exe" = protocol=6 | dir=in | app=c:\users\ims\documents\aoe\empires2.exe | 
"TCP Query User{D18DB0BB-E4A3-47FA-8D42-6292F811BF11}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe | 
"TCP Query User{D3008C3B-D4C4-4663-8DAB-AF6A98F4AD64}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{D3451E9A-F3C2-4720-8678-5F311B0D0D65}C:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe | 
"TCP Query User{D5C3AFB2-ED26-4595-A3A7-F4C81A3829D9}C:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=6 | dir=in | app=c:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked | 
"TCP Query User{D7647BD1-A5AB-410F-9C47-D679179AAB7A}C:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe | 
"TCP Query User{D97F3492-C1E5-4A0F-A64B-CCC497DF9F58}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | 
"TCP Query User{DE685D73-89EC-46AE-8862-F3806BB12F89}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{E2D5257C-55EC-4368-884A-6B936CB9A62F}C:\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=c:\age of empires ii\age2_x1.exe | 
"TCP Query User{E57238F7-01D2-4D2B-9BCC-75A8BECC27FD}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe | 
"TCP Query User{E5DF6C27-1838-4E89-82DE-689AE29604A6}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E765B40C-3997-4497-B1C3-B727DAB10FA4}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{EA64378B-7DC1-460B-ADB7-7941402476F1}C:\users\ims\desktop\quake iii arena\quake3.exe" = protocol=6 | dir=in | app=c:\users\ims\desktop\quake iii arena\quake3.exe | 
"TCP Query User{EDC8E816-E520-4722-A467-017B045F648A}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{EF5B9DAA-58C0-4ECA-8FE8-2703D41C4249}C:\program files\steam\steamapps\common\fuel\fuel.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\fuel\fuel.exe | 
"TCP Query User{F3D85F4C-0456-4A34-93D8-9BCEA3F557B9}C:\program files\steam\steamapps\pascal_germany\team fortress classic\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\team fortress classic\hl.exe | 
"TCP Query User{F44CBEC1-93EE-4D5D-B325-A0326D9A1D6D}C:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe | 
"TCP Query User{F5C655B1-6362-4708-B67D-B4DBE4BD8D7C}C:\program files\codemasters\dirt\dirt.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"TCP Query User{F705956A-0FDB-4B53-A9A5-6C24CB974408}C:\users\ims\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\ims\program files\dna\btdna.exe | 
"TCP Query User{F7B5B797-7808-43E5-B9F4-DE5899885E4F}C:\program files\acony games gmbh\parabellum\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=c:\program files\acony games gmbh\parabellum\binaries\parabellumthegame.exe | 
"TCP Query User{F896C8D6-4C3C-4A8A-8335-310781F971F9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{FEF0D610-52CD-4885-AF3A-724A0E03C0BD}C:\program files\steam\steamapps\pascal_germany\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\half-life\hl.exe | 
"UDP Query User{124BF6C0-0547-490D-8D45-C824B35F071D}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{13DD043C-8D29-4540-9B83-15AE53B4F154}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{1756E512-2AD3-459C-A447-35B74723C5E7}C:\users\ims\documents\aoe\empires2.exe" = protocol=17 | dir=in | app=c:\users\ims\documents\aoe\empires2.exe | 
"UDP Query User{1772901C-280F-4E23-BE84-5CA2AF3318A8}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{1C242A24-214E-4A01-833F-5EA493765501}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe | 
"UDP Query User{1CC3D4F4-9F33-4C58-AD47-97D10BBCA60D}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"UDP Query User{2186A0F2-F8C7-4CD4-BA9C-82E9E9DFD0CA}C:\users\ims\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\ims\program files\dna\btdna.exe | 
"UDP Query User{2AD90BD2-6BAC-4A27-9D84-75DEA2392ED3}C:\users\ims\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\ims\appdata\roaming\imvuclient\1vivoxvoice.exe | 
"UDP Query User{2B53C1F5-20E5-467D-A981-11AEAF559278}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe | 
"UDP Query User{30FE150D-B7A2-4735-A6ED-45AB81AEA733}C:\program files\left 4 dead\left4dead.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\left4dead.exe | 
"UDP Query User{38543B48-FB54-46BF-B687-2E56BD516EE7}C:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe | 
"UDP Query User{38793CA5-73A9-4E9D-ADD0-65E6A0FA25CA}C:\users\ims\documents\aoc-live-eu.exe" = protocol=17 | dir=in | app=c:\users\ims\documents\aoc-live-eu.exe | 
"UDP Query User{3D8122B2-439B-4197-A84A-8E3104C116B1}C:\program files\serious sam 2\bin\sam2.exe" = protocol=17 | dir=in | app=c:\program files\serious sam 2\bin\sam2.exe | 
"UDP Query User{45B0DB07-26D1-4891-9E1B-D16F72C02E44}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe | 
"UDP Query User{47D61172-136B-4966-B483-703BA6B82D2D}C:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked" = protocol=17 | dir=in | app=c:\program files\thq\pandemic studios\full spectrum warrior\launcher.locked | 
"UDP Query User{4813CAEF-31AF-46F2-8A72-C724DB192382}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{484B81A9-2B54-4AF7-B82D-559698683E96}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 
"UDP Query User{49260648-B7DF-4BE2-91CF-80D904452A67}C:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe | 
"UDP Query User{510EFB49-8CD3-4EAF-A3E9-90AE67ED3411}C:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{53E186B3-E29D-40D0-BE5A-08F9E6CF3B73}C:\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=c:\age of empires ii\age2_x1.exe | 
"UDP Query User{57398432-D6C9-42E4-998A-72E9F2775789}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{578D89C1-3CA7-4688-9110-1CD326C69A3B}C:\program files\left 4 dead\hl2.exe" = protocol=17 | dir=in | app=c:\program files\left 4 dead\hl2.exe | 
"UDP Query User{5BBB8338-6D1B-4C0C-96F2-DA39D047D90D}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | 
"UDP Query User{5E9492B6-7F3B-46D3-8EA4-BB2AD8FF780E}C:\program files\sierra\fearcombat\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\sierra\fearcombat\fpupdate.exe | 
"UDP Query User{6073ED2B-0569-4745-B2F8-44DEA142E437}C:\program files\parabellum beta\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=c:\program files\parabellum beta\binaries\parabellumthegame.exe | 
"UDP Query User{615ACD38-D77D-46AC-9A44-A9E93B86A360}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{640FF4B5-7B17-4BAF-9CB2-04E8AEDB340E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{67E87076-228D-48B5-9690-4DF7537BE803}C:\program files\bmw m3 challenge\bmw.exe" = protocol=17 | dir=in | app=c:\program files\bmw m3 challenge\bmw.exe | 
"UDP Query User{68D84CC2-7274-42E5-B74D-770EA35FC4C7}C:\program files\winpcap\rpcapd.exe" = protocol=17 | dir=in | app=c:\program files\winpcap\rpcapd.exe | 
"UDP Query User{6B52764B-1377-4009-A2A8-E0D2517BCE29}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{7009DAD7-43AF-486D-96D2-9760B5B0E423}C:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files\warcraft iii\war3.exe | 
"UDP Query User{7AE8BC41-AD96-4D67-869C-53A8D7FE2FBB}C:\program files\acony games gmbh\parabellum\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=c:\program files\acony games gmbh\parabellum\binaries\parabellumthegame.exe | 
"UDP Query User{7C17171F-2A36-4279-85E5-A17AC5634B78}C:\program files\hlsw\hlsw.exe" = protocol=17 | dir=in | app=c:\program files\hlsw\hlsw.exe | 
"UDP Query User{7D9CA488-39FF-47DC-B21F-75B3D60A8586}C:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe | 
"UDP Query User{7FF8D79E-AD98-4611-9514-288EE88E8ACF}C:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{810DEAC2-EDB9-4802-A03C-5B05CC0D6A7B}C:\program files\steam\steamapps\clown-alex\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\zombie panic! source\hl2.exe | 
"UDP Query User{81748A8C-8AAA-450A-A419-845F457B28A9}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{81BD9E4A-FC9D-4917-9F00-923C4A77100E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{863CE62A-46A3-4F36-9E10-E2FC5D05002A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{972F1A69-4FFC-4324-99A8-629F7A98738A}C:\program files\emule.de 0.48a v18\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule.de 0.48a v18\emule.exe | 
"UDP Query User{9C08A162-8C67-4AB9-A96E-5BFC1F978F55}C:\program files\steam\steamapps\pascal_germany\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\half-life\hl.exe | 
"UDP Query User{A15E8A39-7F8D-431E-9796-198541F1A78B}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{A4000285-7B14-45AC-9823-43B0DF3020F8}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{A4468E6C-C2FB-48D7-AEE3-D43E3B03E416}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{A49710F2-36CC-4422-BB08-127FBFC6517E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{A4B33FD2-1E1D-42CC-A0D0-D39365BBF653}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{A69FBFCD-5F90-4402-8E03-B818DB3553B0}C:\program files\cossacks\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks\dmcr.exe | 
"UDP Query User{A90B7707-8611-4772-8B1F-2E57A9B21BF3}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{ABD3C2DC-84EC-4CFA-8909-D79715929651}C:\program files\world of warcraft\wow-2.4.2-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.4.2-dede-downloader.exe | 
"UDP Query User{B231B72A-1AFD-4B73-8EBF-976DF8A17660}C:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\source sdk base\hl2.exe | 
"UDP Query User{B7B420D8-46D2-45D6-9A55-096D08FDA1AA}C:\program files\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files\hamachi\hamachi.exe | 
"UDP Query User{BBC1D2B6-DDFF-40C1-B2C8-18F80AA5954E}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"UDP Query User{BD91C828-1762-4C3B-92ED-E8054053C1FE}C:\program files\steam\steamapps\common\fuel\fuel.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\fuel\fuel.exe | 
"UDP Query User{BFE08B17-35D9-4851-88BA-8AE8ABDE5F45}C:\program files\codemasters\dirt\dirt.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\dirt\dirt.exe | 
"UDP Query User{C5B6828C-5814-462E-827F-5897841F473B}C:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe | 
"UDP Query User{C80CFB48-4FFD-4027-A97B-5C7841D1A92D}C:\age of empires ii\empires2.exe" = protocol=17 | dir=in | app=c:\age of empires ii\empires2.exe | 
"UDP Query User{C8213A85-36C6-4F0E-99AD-EB6C9B7E4655}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{CA3D33D3-7E87-4DC8-86E6-5C206BAE8519}C:\users\ims\desktop\aoe\empires2.exe" = protocol=17 | dir=in | app=c:\users\ims\desktop\aoe\empires2.exe | 
"UDP Query User{CBC6B5B1-9540-4F52-80FF-2DF92B372BA2}C:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{D19616BD-A498-4E8D-A8C4-7B8C4B262145}C:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\counter-strike\hl.exe | 
"UDP Query User{D2F26216-6300-4E57-BA09-F40D5D4DBBFC}C:\program files\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{D8235E42-C087-41E3-93B5-B759A34E26C9}C:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\counter-strike source\hl2.exe | 
"UDP Query User{DF4CC852-7EAE-4C06-891A-37B01FA15BC2}C:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=c:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe | 
"UDP Query User{E0E1AF7C-480D-4789-ABF5-14AD862904EC}C:\program files\steam\steamapps\common\left 4 dead\srcds.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead\srcds.exe | 
"UDP Query User{E3048EA6-EA8E-47DC-BE5C-A2CD2FDCB4FF}C:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\day of defeat\hl.exe | 
"UDP Query User{E7FE17EC-E3FF-49E2-90EE-5BE4A463FF65}C:\program files\steam\steamapps\pascal_germany\team fortress classic\hl.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\pascal_germany\team fortress classic\hl.exe | 
"UDP Query User{E92964F8-17AB-4035-A367-49E100231B95}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{EA641B04-E02C-4897-9BFA-3EDC82B0E5C8}C:\program files\call of duty\codmp.exe" = protocol=17 | dir=in | app=c:\program files\call of duty\codmp.exe | 
"UDP Query User{EABF9F5D-FAD9-4EF9-93F2-84C41B93EBEB}C:\program files\sierra entertainment\timeshift\bin\timeshift.exe" = protocol=17 | dir=in | app=c:\program files\sierra entertainment\timeshift\bin\timeshift.exe | 
"UDP Query User{EE166F85-E2B9-43D8-B97B-31A751D7C76F}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe | 
"UDP Query User{F00A865E-490A-48FE-8A7C-2B1D558FAB29}C:\program files\cossacks - back to war\dmcr.exe" = protocol=17 | dir=in | app=c:\program files\cossacks - back to war\dmcr.exe | 
"UDP Query User{F0169514-DB81-475C-9C5F-BD99923C841F}C:\program files\sega\universe at war earth assault (demo)\uawea.exe" = protocol=17 | dir=in | app=c:\program files\sega\universe at war earth assault (demo)\uawea.exe | 
"UDP Query User{F0FEB3D9-B120-43FB-93BC-DB5C3A997FDB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{F2B5012F-2EA6-43A7-8FD9-C6A554EA92A8}C:\program files\world of warcraft\wow-2.3.0-dede-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-2.3.0-dede-downloader.exe | 
"UDP Query User{F91C47C2-E950-4BE6-9A0A-C37EDEE52591}C:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dirt 2\dirt2_game.exe | 
"UDP Query User{F9EBF53D-F699-48B4-978E-F9106D8ABE0B}C:\users\ims\desktop\quake iii arena\quake3.exe" = protocol=17 | dir=in | app=c:\users\ims\desktop\quake iii arena\quake3.exe | 
"UDP Query User{FB43E52E-101A-4B12-A2CD-7DEAAF4448F4}C:\program files\steam\steamapps\clown-alex\eternal-silence\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\clown-alex\eternal-silence\hl2.exe | 
"UDP Query User{FD590F15-18B0-459B-ADB7-6506E1F7D3E9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{116D1725-3193-49AF-8999-036D385F701E}" = Desktop Restore
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = CanoScan Toolbox Ver4.5
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{2AE2EFF4-A14B-42AB-B364-F04DB651180F}" = Z Engine
"{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"{302AC480-43D2-11D5-A818-00500435FC18}" = Gothic_Patch
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5EE953-0D92-A385-E3A0-FBFCB2DE15AA}" = EA Download Manager UI
"{57F9C8E9-A9B8-4E19-9AC2-F21EC5094B84}" = Thrustmaster FFB Wheel driver
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DEE1190-389E-4A19-B8C2-B3D84B9AEE21}}_is1" = Parabellum
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A62C8DA-2DB7-4D94-B5BA-1D38FC36E830}" = Manhunt
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{92510C2A-30E3-4F8D-AE8A-93AB7B63EE8F}" = Gothic II Gold
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = PowerBackup 2.5
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7B6C0BE-C919-425C-A493-DF9FF11249F5}" = Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch 
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BBF10B37-4ED3-11D5-A818-00500435FC18}" = Gothic
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.26 Game
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo Burning Studio 6" = Ashampoo Burning Studio 6
"Ashampoo Magical Optimizer" = Ashampoo Magical Optimizer
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CanonMyPrinter" = Canon Utilities My Printer
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cossacks : Back To War" = Cossacks - Back To War
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"FileZilla Client" = FileZilla Client 3.3.2.1
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free Studio_is1" = Free Studio version 4.7
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.2
"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 2.5
"GamersFirst Parabellum Beta" = Parabellum Beta
"Google Updater" = Google Updater
"Half-Life" = Half-Life
"Hamachi" = Hamachi 1.0.1.5
"HLSW_is1" = HLSW v1.3.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{2FB04107-7BC2-449C-915A-530B29B5E0FE}" = UE3Redist
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{B7B6C0BE-C919-425C-A493-DF9FF11249F5}" = Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"oZone3D.Net FurMark_is1" = oZone3D.Net FurMark v1.6.5
"PDFCreator Toolbar" = PDFCreator Toolbar
"Postal 2" = Postal 2
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"RPG Maker 2000  ColumbineRPG" = RPG Maker 2000 -  Super Columbine Massacre RPG!
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SeriousSam2" = Serious Sam 2
"SpeedFan" = SpeedFan (remove only)
"Steam App 10" = Counter-Strike
"Steam App 11450" = Overlord
"Steam App 11500" = ToCA Race Driver 3
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12840" = DiRT 2
"Steam App 17410" = Mirror's Edge
"Steam App 215" = Source SDK Base
"Steam App 240" = Counter-Strike: Source
"Steam App 41500" = Torchlight
"SuperRam_is1" = SuperRam
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Versatel" = Versatel
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3908416098-2138756303-2722824237-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 17.08.2010, 18:37   #5
markusg
/// Malware-holic
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Loumu
[2010.08.16 20:31:07 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Okag
[2010.08.16 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Piqaip
[2010.08.16 20:52:23 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Uctifo
[2009.10.12 05:35:11 | 000,000,000 | ---D | M] -- C:\Users\Ims\AppData\Roaming\Wywyim
[2009.10.12 05:35:11 | 000,133,120 | ---- | M] (ls) -- C:\Users\Ims\AppData\Roaming\Wywyim\wetu.exe
:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


danach öffne "mein computer" (arbeitsplatz. dort öffne _OTL und dort nen rechtsklick auf moved files
packe den ordner mit winzip oder rar. lad ihn zu uns hoch, wie unter punkt2 beschrieben.
http://www.trojaner-board.de/54791-a...ner-board.html


Alt 17.08.2010, 19:28   #6
markusg
/// Malware-holic
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



du hast ja auf scan geklickt, steht aber nicht so in meinem letzten post, bitte genau lesen.

Alt 17.08.2010, 19:50   #7
saccara
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



All processes killed
========== OTL ==========
C:\Users\Ims\AppData\Roaming\Loumu folder moved successfully.
C:\Users\Ims\AppData\Roaming\Okag folder moved successfully.
C:\Users\Ims\AppData\Roaming\Piqaip folder moved successfully.
C:\Users\Ims\AppData\Roaming\Uctifo folder moved successfully.
C:\Users\Ims\AppData\Roaming\Wywyim folder moved successfully.
File C:\Users\Ims\AppData\Roaming\Wywyim\wetu.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Ims
->Flash cache emptied: 61945 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User

User: Ims
->Temp folder emptied: 599784 bytes
->Temporary Internet Files folder emptied: 314886 bytes
->Java cache emptied: 62404882 bytes
->FireFox cache emptied: 88438596 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 757760 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3252 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 147,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08172010_203833

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




.rar ist up
Sorry, hatte mich im ersten Anlauf ein wenig verlesen.

Alt 17.08.2010, 20:05   #8
markusg
/// Malware-holic
 
Banking Trojaner (40 TANs eingeben) los werden - Standard

Banking Trojaner (40 TANs eingeben) los werden



ok, nun können wir formatieren.
formatiere bitte, dann besuche die windows update seite, spiele alle servicepacks auf und sonstigen updates.
instaliere antivirus software, setze folgendes um, um sicher zu bleiben:
1. solltest du nur noch als eingeschrenkter nutzer arbeiten , das admin konto ist nur für instalationen gedacht.
klicke start, tippe unter suchen (ausführen) systemsteuerung. wähle dort Benutzerkonten hinzufügen/entfernen.
wähle "neues konto erstellen"
Wähle standard benutzer.

die konten sollten mit einem passwort geschützt werden.
dazu auf konto endern klicken und passwörter vergeben.
Die folgenden konfigurationen als admin ausführen:
2. dep aktivieren:
dep für alle prozesse:
Datenausführungsverhinderung (DEP)
• "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:".
wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen.

3. sehop aktivieren:
SEHOP aktivieren:
Aktivieren von SEHOP &#40;Structured Exception Handling Overwrite Protection&#41; in Windows-Betriebssystemen
klicke auf "Feature automatisch aktivieren"
und folge den anweisungen

4. als browser den firefox nutzen:
Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe
5. als adon noscript, es werden dadurch alle scripts (java) zb blockiert, du kannst diese dann frei geben, in dem du auf der seite, die freigegeben werden
soll, nen rechtsklick machst, noscript wählst, und temporär alle berectigungen aufheben wählst, somit werden sie für den besuch aufgehoben, oder alle beschrenkungen
aufheben, somit wird die seite freigegeben. das kann man natürlich wieder rückgängig machen.
http://filepony.de/download-adblock_firefox//
hier gibt es noch filterlisten:
Adblock Plus: Bekannte Filterlisten für Adblock Plus
hier würde ich 2 oder 3 deutsche filter auswählen.

unter sonstiges die malware blocklist.
7.
um das surfen sicherer zu machen, würde ich Sandboxie empfehlen.
Download:
drop.io
(als pdf)
wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 25 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.
ab sofort also nur noch in der sanbox surfen bitte.
8. autorun für usb deaktivieren:
über diesen weg werden sehr häufig schaddateien verbreitet, schalte die funktion also ab.
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
9. um deine software aktuell zu halten, instaliere secunia.
http://www.trojaner-board.de/83959-s...ector-psi.html
und file hippo update checker:
FileHippo.com Update Checker - FileHippo.com
10.
regelmäßige Backups des systems sind sehr wichtig, du weist nie, ob deine festplatte mal kaputt geht.
Acronis True Image 2010 - Festplatten-Backup-Software, Datei-Backup und Disk Imaging, Wiederherstellung von Anwendungseinstellungen, Backup von Musik, Videos, Fotos und Outlook-Mails
außerdem kannst du, bei neuerlichem malware befall das system zurücksetzen.
Das Backup sollte möglichst auf eine externe festplatte etc emacht werden, nicht auf die selbe, wo sich die zu sichernden daten befinden.
Von sehr wichtigen Daten könnte man noch eine zusätzliche Sicherung auf dvds/cds erstellen, dazu könnte man auch wiederbeschreibbare verwenden (rws) falls die sammlung mal erneuert werden soll.
11. endere alle passwörter.
12. lasse dich über sicheres online banking beraten, folgende verfahren währen möglich:
kombination aus hbci /FinTS verfahren
das FinTS verfahren als einzel lösung
oder
hbci-verfahren
kommen da warscheinlich geringe zusatzkosten auf dich zu, erhöt aber die sicherheit.

Antwort

Themen zu Banking Trojaner (40 TANs eingeben) los werden
40 tans, banking trojaner, benutzerprofildienst, bho, converter, cpu-z, device driver, downloader, emsisoft, entfernen, error, firefox, flash player, fontcache, frage, hdaudio.sys, hijack, hijackthis, home, home premium, hotfix.exe, iexplore, install.exe, logfile, media center, mp3, msiexec, msiexec.exe, notepad.exe, pando media booster, plug-in, problem, programdata, programm, registry, security, security update, server, sierra, software, sptd.sys, staropen, start menu, studio, super, svchost.exe, system, tan-liste, timeout, torrent.exe, trace.registry.trymedia, traces, trojaner, trymedia, tunnel, updates, video converter, windows, world at war, wscript.exe




Ähnliche Themen: Banking Trojaner (40 TANs eingeben) los werden


  1. Trojaner TR/Bublik.I.11 fordert beim Online-Banking TANs an
    Log-Analyse und Auswertung - 24.05.2013 (23)
  2. 1. Java lädt Viren runter, 2. Online Banking TANs gesperrt
    Log-Analyse und Auswertung - 21.07.2011 (3)
  3. Online Banking Sparkasse- mehrere Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (14)
  4. Sparkasse 20 Tans eingeben
    Log-Analyse und Auswertung - 16.05.2011 (7)
  5. Postbank Online-Banking: Aufforderung zur Eingabe von 40 TANs
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (3)
  6. 20 Tans bei Sparkasse eingeben - Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.02.2011 (7)
  7. Sparkasse Banking - Aufforderung 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (14)
  8. 40 TANs Eingabe beim Online Banking
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (17)
  9. Trojaner Sparkasse Banking Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 09.01.2011 (13)
  10. Sparkasse Banking - Aufforderung 40 TANs und Antivir meldet TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (10)
  11. Sparkasse Banking - Aufforderung 20 TANs
    Plagegeister aller Art und deren Bekämpfung - 03.01.2011 (8)
  12. Meine Lösung des Problems 20 Tans eingeben bei der Sparkasse
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (1)
  13. 20 Tan eingeben Sparkasse Online Banking
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (7)
  14. Banking Trojaner Sparkasse 20 Tans
    Plagegeister aller Art und deren Bekämpfung - 12.12.2010 (17)
  15. Trojaner - Fishing der TANs beim Online Banking der Postbank
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (17)
  16. Trojaner: Online Banking Sparkasse - 50 Tans eingeben
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (10)
  17. Trojaner möchte 40 Tans zum Sparkassen Online Banking
    Plagegeister aller Art und deren Bekämpfung - 03.08.2010 (16)

Zum Thema Banking Trojaner (40 TANs eingeben) los werden - Hallo zusammen! Ich hatte letzte Woche das Problem, dass ich beim online Banking nach dem Login bei der Postbank aufgefordert wurde, 40 TANs einzugeben. Bei der Postbank Servicehotline sagte man - Banking Trojaner (40 TANs eingeben) los werden...
Archiv
Du betrachtest: Banking Trojaner (40 TANs eingeben) los werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.