Virus dank dem ich keine Bilder mehr hochladen kann

PhadPhil · 04.10.2010, 23:42

Hallo,
Ich bin neu hier aber ich hab ein Problem.
Also seit heute ist ein netter Virus auf meinen PC der mich daran hindert den task manager zu öffnen oder aber auch bilder auf eine Online Community zu laden. Mir viels schon auf als ich eine Datei nicht mehr löschen konnte.. Hab Avira Antivir Premium oben aber hat nix gefunden.. Bzw konnte nichts ausrichten. Hier die Logfile:
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:31:35, on 05.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Philipp\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Silvercrest OM1008 driver\StartAutorun.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Silvercrest OM1008 driver\KMConfig.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Silvercrest OM1008 driver\KMProcess.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Philipp\Desktop\HiJackThis204.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1209&m=aspire_5738
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1209&m=aspire_5738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1209&m=aspire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: @comres.dll,-947 (COMSysApp) - Unknown owner - C:\Windows\system32\dllhost.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Silvercrest OM1008 driver\KMWDSrv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing)
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: webcam 7 Service (w7Svc) - Unknown owner - C:\Program Files\webcam 7\wService.exe
 
--
End of file - 11198 bytes

--- --- ---

Hoffe ihr könnt mir helfen!

PhadPhil · 05.10.2010, 14:27

pls helft mir

Chris4You · 05.10.2010, 14:45

Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

PhadPhil · 05.10.2010, 17:12

Also Malwarebytes' Anti Malware hab ich installiert und ne vollständige Suche gestartet nach ca 1 1/2 Stunden spuckte es die folgende Logdatei aus.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4747

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

05.10.2010 18:09:33
mbam-log-2010-10-05 (18-09-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 324946
Laufzeit: 1 Stunde(n), 53 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X1JB1HX\header[2].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\Philipp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X1JB1HX\header[3].jpg (Extension.Mismatch) -> Quarantined and deleted successfully.
C:\Users\Philipp\Desktop\Anderes\Cryptload\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Philipp\Desktop\Anderes\Photoshop\All Adobe Photoshop KeyGen & Crack\Adobe Photoshop CS4 Extended v11.0.0.0 Full Crack\Adobe.Photoshop.CS4.Extended.v11.0.0.0.Crack\crack.exe (Trojan.Agent) -> Quarantined and deleted successfully.

PhadPhil · 05.10.2010, 17:25

Und das spuckt OTL aus:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.10.2010 18:19:41 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Philipp\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 59,10 Gb Free Space | 26,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIPP-PC
Current User Name: Philipp
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Users\Philipp\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Silvercrest OM1008 driver\KMProcess.exe (UASSOFT.COM)
PRC - C:\Programme\Silvercrest OM1008 driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\Programme\Silvercrest OM1008 driver\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Apoint2K\Hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Silvercrest OM1008 driver\StartAutorun.exe (UASSOFT.COM)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\p2phost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Philipp\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (VSS) -- C:\Windows\System32\vssvc.exe File not found
SRV - (TrustedInstaller) -- C:\Windows\servicing\TrustedInstaller.exe File not found
SRV - (ServiceLayer) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe File not found
SRV - (DFSR) -- C:\Windows\System32\DFSR.exe File not found
SRV - (COMSysApp) -- C:\Windows\System32\dllhost.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (w7Svc) -- C:\Program Files\webcam 7\wService.exe (Moonware Studios)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (KMWDSERVICE) -- C:\Programme\Silvercrest OM1008 driver\KMWDSrv.exe (UASSOFT.COM)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (hotcore3) -- C:\Windows\system32\DRIVERS\hotcore3.sys (Paragon Software Group)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
DRV - (PQNTDrv) -- C:\Windows\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1209&m=aspire_5738
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1209&m=aspire_5738
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "spin.de"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 06:26:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.17 06:26:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.07.15 17:17:58 | 000,000,000 | ---D | M]
 
[2009.12.26 00:46:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions
[2010.10.05 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions
[2010.06.25 19:24:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.11 18:14:53 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.07.15 01:17:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.24 02:27:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.11 14:45:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.07.19 20:51:22 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.05.13 19:16:06 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\battlefieldheroespatcher@ea.com
[2010.07.02 11:40:07 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\lydu8n93.default\extensions\toolbar@ask.com
[2010.09.28 20:06:24 | 000,000,944 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\FireFox\Profiles\lydu8n93.default\searchplugins\icqplugin.xml
[2010.07.19 20:51:19 | 000,003,915 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Mozilla\FireFox\Profiles\lydu8n93.default\searchplugins\sweetim.xml
[2010.06.08 00:49:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.20 19:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.08 00:49:31 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.05.13 18:55:27 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010.07.25 21:35:37 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.25 21:35:37 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.25 21:35:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.25 21:35:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.25 21:35:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.03.16 18:07:59 | 000,000,740 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CollaborationHost] C:\Windows\System32\p2phost.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ca37900-3758-11df-997d-001f16ba9a9a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{3ca3790d-3758-11df-997d-001f16ba9a9a}\Shell - "" = AutoRun
O33 - MountPoints2\{3ca3790d-3758-11df-997d-001f16ba9a9a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{500a36e8-f0fd-11de-a30a-001f16ba9a9a}\Shell - "" = AutoRun
O33 - MountPoints2\{500a36e8-f0fd-11de-a30a-001f16ba9a9a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6f919cd2-f168-11de-9ae2-001f16ba9a9a}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.05 18:13:54 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2010.10.05 16:10:09 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Malwarebytes
[2010.10.05 16:09:57 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.05 16:09:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.05 16:09:55 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.05 16:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.05 16:05:12 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Philipp\Desktop\mbam-setup.exe
[2010.10.05 00:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.05 00:46:05 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.10.05 00:30:13 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Philipp\Desktop\HiJackThis204.exe
[2010.10.04 15:29:19 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\ROBIN_HOOD
[2010.10.04 15:26:19 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\MagicSoftware
[2010.10.04 15:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MagicSoftware
[2010.10.04 15:26:10 | 000,000,000 | ---D | C] -- C:\Programme\MagicDVDRipper
[2010.10.04 15:24:16 | 003,567,003 | ---- | C] (Magic DVD Software, Inc.                                    ) -- C:\Users\Philipp\Desktop\MagicDVDRipper550.exe
[2010.09.22 16:39:29 | 000,000,000 | ---D | C] -- C:\Programme\AbiWord
[2010.09.18 17:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\webcam 7
[2010.09.18 17:07:13 | 000,000,000 | ---D | C] -- C:\Programme\webcam 7
[2010.09.18 16:44:43 | 000,094,208 | ---- | C] (sonix) -- C:\Windows\PLFSetL.exe
[2010.09.18 16:44:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\x64
[2010.09.18 16:44:43 | 000,000,000 | ---D | C] -- C:\Windows\SUYIN NB Cam
[2010.09.18 16:44:42 | 000,286,720 | ---- | C] (Sonix) -- C:\Windows\System32\vsnp2uvc.dll
[2010.09.18 16:44:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.09.18 16:44:42 | 000,094,208 | ---- | C] (sonix) -- C:\Windows\System32\PLFSetL.exe
[2010.09.18 16:44:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.09.18 16:44:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\snp2uvc
[2010.09.08 23:55:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Documents\DVDVideoSoft
[2009.12.25 13:18:51 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Philipp\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Philipp\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Philipp\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.05 18:21:27 | 002,883,584 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT
[2010.10.05 18:17:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2242718933-3101079157-3429913646-1000UA.job
[2010.10.05 18:15:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.05 18:15:33 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.05 18:15:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.05 18:15:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.05 18:15:23 | 3144,515,584 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.05 18:14:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.05 18:14:30 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.10.05 18:14:30 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.05 18:14:29 | 004,831,204 | -H-- | M] () -- C:\Users\Philipp\AppData\Local\IconCache.db
[2010.10.05 18:14:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe
[2010.10.05 16:16:32 | 076,859,232 | ---- | M] () -- C:\Users\Philipp\Desktop\std20sasfx.exe
[2010.10.05 16:10:00 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.05 16:08:08 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Philipp\Desktop\mbam-setup.exe
[2010.10.05 15:08:16 | 000,064,000 | ---- | M] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.05 00:51:44 | 001,844,576 | ---- | M] () -- C:\Users\Philipp\Desktop\taskmanager17(2).exe
[2010.10.05 00:45:58 | 001,564,264 | ---- | M] () -- C:\Users\Philipp\Desktop\taskmanager17.exe
[2010.10.05 00:30:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Philipp\Desktop\HiJackThis204.exe
[2010.10.05 00:06:47 | 000,000,043 | ---- | M] () -- C:\Users\Philipp\AppData\Roaming\Spin Chat Preferences
[2010.10.04 15:26:16 | 000,000,816 | ---- | M] () -- C:\Users\Philipp\Desktop\Magic DVD Ripper.lnk
[2010.10.04 15:25:25 | 003,567,003 | ---- | M] (Magic DVD Software, Inc.                                    ) -- C:\Users\Philipp\Desktop\MagicDVDRipper550.exe
[2010.10.04 15:14:36 | 008,838,550 | ---- | M] () -- C:\Users\Philipp\Desktop\ROBIN_HOOD1.ratDVD
[2010.10.04 15:06:44 | 008,836,502 | ---- | M] () -- C:\Users\Philipp\Desktop\ROBIN_HOOD.ratDVD
[2010.09.19 18:59:32 | 000,001,018 | ---- | M] () -- C:\Users\Philipp\Desktop\CrystalEye - Verknüpfung.lnk
[2010.09.17 05:17:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2242718933-3101079157-3429913646-1000Core.job
 
========== Files Created - No Company Name ==========
 
[2010.10.05 16:10:00 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.05 15:44:03 | 076,859,232 | ---- | C] () -- C:\Users\Philipp\Desktop\std20sasfx.exe
[2010.10.05 00:51:06 | 001,844,576 | ---- | C] () -- C:\Users\Philipp\Desktop\taskmanager17(2).exe
[2010.10.05 00:45:29 | 001,564,264 | ---- | C] () -- C:\Users\Philipp\Desktop\taskmanager17.exe
[2010.10.04 15:26:16 | 000,000,816 | ---- | C] () -- C:\Users\Philipp\Desktop\Magic DVD Ripper.lnk
[2010.10.04 15:10:42 | 008,838,550 | ---- | C] () -- C:\Users\Philipp\Desktop\ROBIN_HOOD1.ratDVD
[2010.10.04 15:02:45 | 008,836,502 | ---- | C] () -- C:\Users\Philipp\Desktop\ROBIN_HOOD.ratDVD
[2010.09.19 18:59:32 | 000,001,018 | ---- | C] () -- C:\Users\Philipp\Desktop\CrystalEye - Verknüpfung.lnk
[2010.09.19 18:58:50 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.09.18 16:44:43 | 001,792,128 | ---- | C] () -- C:\Windows\System32\drivers\x64\snp2uvc.sys
[2010.09.18 16:44:43 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.09.18 16:44:43 | 000,035,072 | ---- | C] () -- C:\Windows\System32\drivers\x64\sncduvc.sys
[2010.09.18 16:44:43 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.09.18 16:44:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2010.09.18 16:44:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2010.09.18 16:44:42 | 000,016,005 | ---- | C] () -- C:\Windows\System32\snp2uvc.cat
[2010.09.18 16:44:42 | 000,014,818 | ---- | C] () -- C:\Windows\System32\snp2uvc.inf
[2010.09.18 16:44:42 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2010.06.16 22:24:53 | 000,286,208 | ---- | C] () -- C:\Windows\System32\binkw32.dll
[2010.06.16 21:03:28 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.16 21:03:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.05.25 11:14:23 | 000,139,152 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\PnkBstrK.sys
[2010.05.14 16:42:29 | 000,000,095 | ---- | C] () -- C:\Users\Philipp\AppData\Local\fusioncache.dat
[2010.04.12 20:53:20 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.04.08 18:47:36 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010.04.08 18:47:35 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010.04.08 18:47:35 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010.04.08 14:21:31 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.01.30 18:54:45 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.01.27 22:15:11 | 000,001,473 | ---- | C] () -- C:\Users\Philipp\AppData\Local\RecConfig.xml
[2010.01.12 23:47:07 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2010.01.12 23:42:54 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.01.12 23:41:43 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.31 16:51:42 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2009.12.31 16:06:38 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.30 02:37:18 | 000,017,908 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\UserTile.png
[2009.12.26 01:26:11 | 000,000,043 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Spin Chat Preferences
[2009.12.25 13:05:16 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1624.dll
[2009.12.25 13:05:16 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009.12.25 03:46:31 | 000,000,000 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\wklnhst.dat
[2009.12.25 03:36:24 | 000,006,290 | ---- | C] () -- C:\Users\Philipp\AppData\Local\MyWinLockerInstaller.txt-20091225.log
[2009.12.25 01:17:04 | 000,006,080 | ---- | C] () -- C:\Users\Philipp\AppData\Local\d3d9caps.dat
[2009.12.24 21:42:50 | 000,003,276 | ---- | C] () -- C:\Users\Philipp\AppData\Local\MyWinLockerInstaller.txt-20091224.log
[2009.12.24 21:36:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.12.24 21:36:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.12.24 21:36:14 | 000,064,000 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.25 11:43:20 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.25 04:37:33 | 000,004,535 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Philipp\AppData\Local\lame_enc.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Philipp\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Philipp\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Philipp\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Philipp\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Philipp\AppData\Local\no23xwrapper.dll
< End of report >

--- --- ---

Und da der Extras.txtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 05.10.2010 18:19:41 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Philipp\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,12 Gb Total Space | 59,10 Gb Free Space | 26,49% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PHILIPP-PC
Current User Name: Philipp
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CCABE7-88D0-4ABA-8555-3611202171E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{04F7CEF6-3CBA-4854-AD61-EB2D8AB2B584}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0D561FD0-8F24-4A24-ADFB-F23F1787B42E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{0DE15610-04B7-4DD4-92B3-07791CA9CB05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FA67972-4E82-4AF3-8B8B-FEC3E337BBA9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{13AEECBD-F230-488C-882F-7C62D0FAC606}" = lport=139 | protocol=6 | dir=in | app=system | 
"{153AFB92-DE40-4D57-A7AF-43FE7D89236F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F346DB8-0605-4EF2-9244-406A84F9499D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{33BB1965-6FBF-4F42-B443-386BB5771829}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{37881AA4-DA12-4372-B36C-BC5F553F5066}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3B47CD7A-8AE8-4ED3-8461-C829A2A2734D}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{41E0C733-79D9-4E72-A888-008100C2B9F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{45503C41-5771-49CC-AABC-96E748EC6D76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4A20024B-7788-4430-9823-2EBACD8B66DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4F695654-C933-4AC0-A70E-67C0C16C6B1C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{53A8D2E0-E08B-4C60-93D9-A9AFFCF3094C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{56CA3FF4-88C3-4FB4-A97D-BDA55AF2D86D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{599D827C-9DDB-48B5-B451-2E668725C9F9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{64155283-BD1F-4BB7-AA50-8F412D1CC187}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{66535F2E-F4FB-4E1D-B578-BEA954365D2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{699CA27F-4D16-4523-97FE-28B4AFB31926}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{69A95B1D-15C0-413A-8D4B-8EF0ADFC76AA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A64B65F-85C5-4C83-8CFF-A642C2DD5734}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7163EA32-755D-47C9-9AF4-E5AEC56746FC}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{783A27E5-2B16-418D-A558-E738544BBB75}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{8A51ADC8-2D71-4739-AD04-C15080625535}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8FA179EA-FA62-4669-87FE-9790552FB03B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9229D2A1-7FB8-450D-A832-A53A27A59BF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9C56E7B5-E92B-46CF-B749-068EF0AE7AC6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A0D0FE5F-698B-4B43-92A5-7BE865BEF7C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ABC89B74-E208-4626-BC88-DDB455581BA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B544425E-DD58-4FFD-937A-5B79C1EDA598}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B78EEBF4-F8FA-4DFA-A3E0-77BF1B4DBF6F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{B966F721-F0A1-46D4-8DA8-23D813E979AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2A034A8-15A3-4681-A81C-D77144B6606D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C4EEEB54-A3E4-4C0F-81B8-D6A1BF81FB73}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7ACC296-5907-46A7-9832-62C6ECF8C2ED}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D34A250B-D9F8-4725-ADF4-52F27D318FA9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DD6AEEC8-EFCD-4C9E-878D-F0BD362AE13F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E687E123-FAA5-45EF-AEDB-5288B501F77F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FD6BED22-D33E-4517-BB11-0EE97C2E9696}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EC4A2A-F8C4-4F16-B0F0-33CC48F23926}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{02BB39F6-F6E5-4253-A164-743BBFB585B8}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wservice.exe | 
"{02FC7722-FED6-422E-AEDA-075254C842E6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{087CAB6E-F965-4657-A8C6-604F0E8D6DD8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D40D5B8-2CE6-44F0-814E-B172661F1131}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{0D8823B9-0797-4C75-A04A-F24D15686F00}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{13CA004B-0313-4F82-B868-FE3F716728E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{17BE1532-D798-4893-8D20-0C2521D3038C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{24105473-985B-467F-A4C6-4327A2E99CDC}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{2D877030-D646-41CD-B169-9AE52869BA0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{38855E5F-175D-424A-A6F3-BBF3DDB12BA0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3D4C7F37-CA3B-46A7-A85D-8B76A71C0A93}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{3DC84B2E-4424-4CEE-8966-C8580DE3496F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{411B8871-2704-4566-833B-9FD18F0974EC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{43B0CAC6-141A-40EE-B9E3-CC84AC6DF92B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{43B78501-EDA2-41F6-8021-2FA46F32E459}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47DEC58F-59DE-4CDF-9CC2-14C8CF965963}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47EAD146-6237-4645-B466-880FEE67E90C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{4D996407-DA2D-4F78-B854-7926C6592C03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4DB2D8BB-3E7C-4A88-A03B-5C0A46FFEEE2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{54849106-C1E3-4C1F-86F9-69F8D2048293}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wlite.exe | 
"{56A3EDB9-6C77-473A-A464-42C3B07CB246}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5FC95193-02DC-472D-930A-4B195C822342}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{643BABD7-EB6D-4F73-BF7F-A56C62368FAD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6973C7FA-0BB6-4FD2-B39A-C234B79591BA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{6DFFD93B-507A-4890-BDC5-85D266A8B962}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{786E2030-1256-4899-9466-FD1CEB68E13D}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{7A4E0745-6440-42A6-A5E7-1191B874ECF1}" = protocol=6 | dir=out | app=system | 
"{83BFD25F-8A04-4A9F-843F-FD4D459C6380}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{857888ED-01B5-4013-9759-CBC684979561}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8840E650-5D01-487F-8F36-EC0837F63D6A}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{8BC2530C-C3E2-4A6A-98B0-53DEAEF1A9BC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{9116048D-A25A-485A-A242-6252D552BD8C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{92A97569-A375-43EE-85B4-BE61D19A2A4F}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{9A40E516-2369-4FEA-8170-1371AF5A05A4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9AB4A1DB-8891-422A-95DF-7E81FB3F3FF4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9F78A3F2-B65A-4C0A-9CEC-34A957FAE07C}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{A576E81C-CE45-48F4-8929-CCB6848F1B2D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A77AFC7A-185F-4488-8378-C443926F81A4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{A936827B-16BB-416E-AF43-63DE1AEBD5EC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AB055701-EDA8-4260-ADC6-D5A16A43B7AE}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{B50A36F4-58B3-4FB4-B062-75A5957724C0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{B518C200-0E12-4FB5-954A-7C33605FFD37}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{B69C97B9-0500-47F0-BE04-6F36B0C095C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE4EC63C-DF96-4D9A-990C-C741799A8BD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0989538-A24A-4BF5-9760-26CEB5DF2E6F}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{C202DF60-3B2B-4B11-B51C-43DF0C01BB0D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{C56D55ED-855F-4B53-83D3-EEBAC13F3CEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C65A403B-E475-4779-95C0-A80392E79B3F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{C87B8D18-7CBC-4C5C-B8C4-172C95105CCA}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{CD55929F-A177-41EA-850B-A59AC7EF5101}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{D03952DA-30A5-4611-B23C-ED7B05B1CF76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D993076E-23C2-47F5-9F58-43F82D613E23}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{D9A764A6-7B4D-4D67-B209-54C792B1CF0B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DC62FFB5-3C79-45A4-8509-A4D62A1F1732}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{DF8D991B-2FDB-4D5C-8937-51942061CFA3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E65D0F87-857B-4E6F-992D-7CCFF41F0D4F}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{E7167CFB-A373-4851-B33E-A7E1EF1BA615}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{ECA18ADC-3736-4B4D-B854-3227ECBC6B5C}" = protocol=17 | dir=in | app=c:\program files\webcam 7\wlite.exe | 
"{F30DAA98-3CD0-4942-A1DA-25B6EB758B41}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{FAF7B78F-7CC4-4B0A-88AB-CC0434E8448D}" = protocol=6 | dir=in | app=c:\program files\webcam 7\wservice.exe | 
"{FE8DD362-D827-4841-B233-F32901B3C276}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"TCP Query User{270E95CC-E06C-4808-B1B0-44906EE96B92}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{6795C612-331A-48BF-8AD3-2B6186F464CD}C:\users\philipp\desktop\anderes\cryptload\routerclient.exe" = protocol=6 | dir=in | app=c:\users\philipp\desktop\anderes\cryptload\routerclient.exe | 
"UDP Query User{843F7787-2955-4205-B57A-7381A304DF2A}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{DB308B89-F6D7-4B29-B0CD-1365A8D31FB7}C:\users\philipp\desktop\anderes\cryptload\routerclient.exe" = protocol=17 | dir=in | app=c:\users\philipp\desktop\anderes\cryptload\routerclient.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{150C6C87-D187-4105-BF7A-090378D7AE2A}" = Nokia Ovi Suite
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera 
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73C0DA51-DB32-4F66-970B-7298F3CAF37F}" = Nokia Software Updater
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7AED71CD-5538-4A60-8ECF-B9C45CD21E9C}" = GameSpy Comrade
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{c2273118-62b8-4739-aabd-a353f3a1e185}" = Nero 9 Lite
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7CDB2AC-A0AB-4D83-B046-187E24D9EA68}" = Nokia Ovi System Utilities
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9E91711-8600-4919-AEF0-D4821F886797}_is1" = Gigaflat
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D6ADE4A4-4AF3-4D84-80C2-AB98DC9E2EF9}" = Silvercrest OM1008 driver
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"AbiWord2" = AbiWord 2.8.6
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Premium
"Driver Checker_is1" = Driver Checker v2.7.4
"DriverEasy_is1" = DriverEasy 2.6.0
"EASEUS Partition Master Professional Edition Demo_is1" = EASEUS Partition Master 5.0.1 Professional Edition Demo
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"GamersFirst LIVE!" = GamersFirst LIVE!
"GameSpy 3D" = GameSpy 3D
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{D6ADE4A4-4AF3-4D84-80C2-AB98DC9E2EF9}" = Silvercrest OM1008 driver
"IrfanView" = IrfanView (remove only)
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LManager" = Launch Manager
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"MAGIX Music Maker SE D" = MAGIX Music Maker SE 13.0.3.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3014
"Plasma Pong_is1" = Plasma Pong v1.3b
"PunkBusterSvc" = PunkBuster Services
"ratDVD" = ratDVD 0.78.1444
"Santa Claus in Trouble" = Santa Claus in Trouble
"Security Task Manager" = Security Task Manager 1.7i
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Spin Upload" = Spin Upload 1.0
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Usenet.nl_is1" = Usenet.nl
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"WavePad" = WavePad Sound Editor
"webcam 7" = webcam 7
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2010 10:47:39 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.09.2010 17:39:39 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 18.09.2010 17:40:16 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2010 05:25:16 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.09.2010 05:34:00 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 19.09.2010 12:58:50 | Computer Name = Philipp-PC | Source = VSS | ID = 13
Description = 
 
Error - 19.09.2010 12:58:50 | Computer Name = Philipp-PC | Source = VSS | ID = 8193
Description = 
 
Error - 19.09.2010 12:58:50 | Computer Name = Philipp-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 19.09.2010 15:53:13 | Computer Name = Philipp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 20.09.2010 00:31:15 | Computer Name = Philipp-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.10.2010 09:57:43 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2010 10:00:31 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2010 10:01:42 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2010 11:12:52 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2010 12:14:31 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.10.2010 12:15:27 | Computer Name = Philipp-PC | Source = Application Popup | ID = 262200
Description = Treiber RTSTOR hat eine ungültige ID für das untergeordnete Gerät 
(invalid character) zurückgegeben.
 
Error - 05.10.2010 12:15:31 | Computer Name = Philipp-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.10.2010 12:15:39 | Computer Name = Philipp-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 05.10.2010 12:15:50 | Computer Name = Philipp-PC | Source = DCOM | ID = 10000
Description = 
 
Error - 05.10.2010 12:16:59 | Computer Name = Philipp-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 05.07.2010 07:30:25 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 06.07.2010 12:04:34 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.07.2010 06:06:32 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.07.2010 12:47:14 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 07.07.2010 19:02:16 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 09.07.2010 06:41:44 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 09.07.2010 13:27:41 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 10.07.2010 12:25:13 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 10.07.2010 18:19:38 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 12.07.2010 03:45:08 | Computer Name = Philipp-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >

--- --- ---

PhadPhil · 05.10.2010, 17:43

Also ich denke der Virus war auf dem Magic DVD Ripper oben da ich ihn nicht mehr löschen kann und seit ich dieses Prog. oben habe tritt das problem auf

Chris4You · 05.10.2010, 19:13

Hi,

ach Jungs...

Nein, ich denke das Problem kommt daher:

Zitat:

C:\Users\Philipp\Desktop\Anderes\Photoshop\All Adobe Photoshop KeyGen & Crack\Adobe Photoshop CS4 Extended v11.0.0.0 Full Crack\Adobe.Photoshop.CS4.Extended.v11.0.0.0.Crack\crack.exe (Trojan.Agent)

Du setzt nicht erlaubte SW ein, und da wir nicht mit dem Gesetz hier in Konflikt kommen wollen, ist hier auch Schluß...

chris
Ps: Die meisten KeyGens sind keine KeyGens sondern Trojaner/Downloader

PhadPhil · 05.10.2010, 19:37

Das ist sicher nicht das Problem da ich den keygen schon ewig auf meinen PC hab. Ja und mir ist bewusst das dies illegal ist, aber das hilft mir auch nicht weiter.. Das keygen is schon n ein Jahr oben und das Problem besteht erst seit gestern mit dem Download von magic dvd ripper..

Virus dank dem ich keine Bilder mehr hochladen kann

Log-Analyse und Auswertung: Virus dank dem ich keine Bilder mehr hochladen kann