Internet Explorer öffnet sich automatisch

thranduil · 30.11.2010, 11:23

Hallo,
seit neustem öffnet sich mein Internet Explorer automatisch mit Werbeseiten. Mein Standard-Browser ist eigentlich Firefox. Eine Suche mit AntiVir hat nichts ergeben. Wäre super, wenn sich jemand mein HijackThis file angucken könnte.
Vielen Dank schon mal im Voraus.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:56:01, on 30.11.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\Yryvia.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\***\AppData\Local\Temp\Yby.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\***\AppData\Local\Temp\Ybx.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\Qttask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\***\AppData\Local\Temp\Ybx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\XX\AppData\Roaming\Dropbox\bin\Dropbox.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: ecowin - {6152AF4B-A2CE-4A83-A305-E2139D12F3E0} - C:\Program Files (x86)\Common Files\Vinga System\EWDBI2.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11676 bytes

markusg · 30.11.2010, 11:29

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

thranduil · 30.11.2010, 12:37

Hier der OTL.Txt Report:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.11.2010 11:38:57 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 1,51 Gb Free Space | 1,01% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 42,76 Gb Free Space | 30,70% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Local\Temp\Yby.exe (jens.plugin.npp@gmx.de)
PRC - C:\Users\***\AppData\Local\Temp\Ybx.exe (jens.plugin.npp@gmx.de)
PRC - C:\Windows\Yryvia.exe (jens.plugin.npp@gmx.de)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft                                                              )
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe ()
PRC - C:\Programme\ATKOSD2\ATKOSD2.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files (x86)\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_5632d69.dll ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (ASLDRService) -- C:\Program Files (x86)\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RMCAST) RMCAST (Pgm) -- C:\Windows\SysNative\DRIVERS\RMCAST.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\DRIVERS\kbfiltr.sys ( )
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (Agere Systems)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (irda) -- C:\Windows\SysNative\DRIVERS\irda.sys (Microsoft Corporation)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\DRIVERS\irsir.sys (Microsoft Corporation)
DRV:64bit: - (MODEMCSA) -- C:\Windows\SysNative\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\DRIVERS\ATK64AMD.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ghaio) -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
IE - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "h**p://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.7.2
FF - prefs.js..extensions.enabledItems: {49f9fedb-233a-47ee-975e-8edb8b8f4fbe}:2.7.2.0
FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.27 20:16:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.06.12 19:59:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.30 09:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.30 03:17:24 | 000,000,000 | ---D | M]
 
[2009.12.20 12:20:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2009.12.20 12:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.29 16:23:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions
[2010.04.28 03:02:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.20 00:52:28 | 000,000,000 | ---D | M] (RWTH Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{49f9fedb-233a-47ee-975e-8edb8b8f4fbe}
[2010.11.28 16:23:09 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.11.23 23:50:00 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.09.12 15:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.28 15:33:35 | 000,000,000 | ---D | M] (Ecosia (eco-friendly search engine)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}
[2010.11.03 16:59:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.14 01:27:22 | 000,000,000 | ---D | M] (QuickJava) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}
[2009.05.06 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\moveplayer@movenetworks.com
[2010.06.12 23:12:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\dduow7yc.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010.11.29 16:23:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.25 21:06:31 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.23 23:54:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 23:08:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.28 16:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\np32asw.dll
[2004.07.02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\np32asw.dll
[2006.05.31 17:28:48 | 000,249,856 | ---- | M] (Icenet LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npalnn.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.08.16 09:10:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.16 09:10:55 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.16 09:10:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.16 09:10:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.16 09:10:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.27 16:31:43 | 000,000,937 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMEDIA.EXE ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [JP595IR86O] C:\Users\***\AppData\Local\Temp\Ybx.exe (jens.plugin.npp@gmx.de)
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [Metropolis] C:\Windows\SysWow64\sshnas21.DLL (jens.plugin.npp@gmx.de)
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ecowin {6152AF4B-A2CE-4A83-A305-E2139D12F3E0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ecowin {6152AF4B-A2CE-4A83-A305-E2139D12F3E0} - C:\Program Files (x86)\Common Files\Vinga System\EWDBI2.dll (Reuters Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{40e2479f-9ae0-11de-8aff-00221587f745}\Shell - "" = AutoRun
O33 - MountPoints2\{40e2479f-9ae0-11de-8aff-00221587f745}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a71eaba3-d500-11dd-879e-00221587f745}\Shell - "" = AutoRun
O33 - MountPoints2\{a71eaba3-d500-11dd-879e-00221587f745}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{a9e74273-b023-11dd-a2b3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e74273-b023-11dd-a2b3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{b81049d9-b1ca-11dd-9def-00221587f745}\Shell - "" = AutoRun
O33 - MountPoints2\{b81049d9-b1ca-11dd-9def-00221587f745}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{c2d12fce-f001-11de-890c-00221587f745}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe -- File not found
O33 - MountPoints2\{f47a58fe-f1c8-11df-8a65-00221587f745}\Shell - "" = AutoRun
O33 - MountPoints2\{f47a58fe-f1c8-11df-8a65-00221587f745}\Shell\AutoRun\command - "" = H:\laucher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.ffds - ff_vfw.dll ()
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32:64bit: wave2 - serwvdrv.dll (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioD 
 FileDescription)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\Windows\SysWow64\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.30 11:42:41 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.11.30 11:42:37 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.11.30 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software
[2010.11.30 11:32:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.11.30 11:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.11.30 11:30:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.11.30 10:04:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.11.30 10:04:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.30 10:04:29 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.30 10:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.30 10:04:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.11.30 09:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.11.30 01:31:12 | 000,178,176 | ---- | C] (jens.plugin.npp@gmx.de) -- C:\Windows\Yryvia.exe
[2010.11.30 01:31:02 | 000,242,688 | ---- | C] (jens.plugin.npp@gmx.de) -- C:\Windows\SysWow64\sshnas21.dll
[2010.11.28 16:24:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.28 16:24:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.28 16:24:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.25 21:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.11.23 20:29:18 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\My Dropbox
[2010.11.17 22:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.11.02 13:56:38 | 000,000,000 | ---D | C] -- C:\Programme\WS_FTP
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.30 11:45:59 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.30 11:42:34 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.11.30 11:40:09 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.30 11:40:07 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.30 11:32:15 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.30 11:17:29 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E334771D-33CB-474B-A1E3-4AF3B20796FA}.job
[2010.11.30 11:09:35 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 11:09:35 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.30 08:47:48 | 000,002,759 | ---- | M] () -- C:\Users\***\Desktop\Outlook 2007.lnk
[2010.11.30 03:17:39 | 000,406,684 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.11.30 03:17:08 | 000,406,684 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.11.30 03:15:56 | 001,453,910 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.30 03:15:56 | 000,632,252 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.11.30 03:15:56 | 000,598,368 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.30 03:15:56 | 000,127,464 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.11.30 03:15:56 | 000,104,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.30 03:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.30 03:08:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.11.30 02:33:25 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.30 01:31:04 | 000,178,176 | ---- | M] (jens.plugin.npp@gmx.de) -- C:\Windows\Yryvia.exe
[2010.11.30 01:31:02 | 000,242,688 | ---- | M] (jens.plugin.npp@gmx.de) -- C:\Windows\SysWow64\sshnas21.dll
[2010.11.29 07:08:00 | 000,000,680 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.11.28 07:54:02 | 000,000,732 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2010.11.25 21:06:07 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.11.22 23:44:08 | 000,019,968 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.21 03:19:36 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.11.19 01:18:00 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.17 22:56:04 | 000,001,663 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.11.07 00:50:47 | 005,031,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.11.30 11:32:15 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.30 01:31:14 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.30 01:31:08 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.30 01:31:05 | 000,000,248 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.25 21:06:07 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.11.17 22:56:04 | 000,001,663 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.06.13 22:59:16 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010.06.12 21:43:57 | 000,038,431 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010.06.12 21:37:22 | 000,029,092 | ---- | C] () -- C:\Users\***\AppData\Roaming\Tabulatorgetrennte Werte (DOS).ADR
[2010.06.12 21:35:28 | 000,029,096 | ---- | C] () -- C:\Users\***\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR
[2010.06.12 21:03:07 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.04.26 12:39:38 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.03.25 19:11:26 | 000,440,316 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI2B7E.txt
[2010.03.25 19:11:26 | 000,011,666 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI2B7E.txt
[2009.12.22 00:54:54 | 000,029,091 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2009.08.14 22:49:37 | 000,000,046 | ---- | C] () -- C:\Windows\Speed.INI
[2009.08.14 21:29:47 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2009.08.14 21:28:41 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.08.05 06:47:47 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.05 06:45:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.14 23:42:48 | 000,811,810 | ---- | C] () -- C:\Users\***\AppData\Local\dd_NET_Framework35_LangPack_MSI7569.txt
[2009.07.14 23:42:45 | 000,036,228 | ---- | C] () -- C:\Users\***\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
[2009.07.14 23:42:42 | 000,080,562 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35install_lp.txt
[2009.07.14 23:42:42 | 000,005,340 | ---- | C] () -- C:\Users\***\AppData\Local\uxeventlog.txt
[2009.07.14 23:42:42 | 000,000,002 | ---- | C] () -- C:\Users\***\AppData\Local\dd_dotnetfx35error_lp.txt
[2009.03.31 01:55:58 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2009.03.23 02:28:50 | 000,420,668 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI2950.txt
[2009.03.23 02:28:49 | 000,011,450 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI2950.txt
[2009.01.21 14:28:04 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2009.01.02 22:50:14 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.02 19:19:38 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.01.02 19:19:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009.01.02 19:18:20 | 000,000,231 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.01.02 19:18:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.01.02 19:15:25 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.01.02 19:15:24 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2009.01.02 19:13:14 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.12.13 02:23:54 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.12 17:02:31 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2008.12.04 00:59:59 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.11.23 20:29:52 | 001,449,296 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.11.11 22:23:28 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008.11.11 22:20:03 | 000,000,084 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2008.11.11 21:17:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008.11.11 21:09:42 | 000,406,684 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.11.11 21:09:34 | 000,406,684 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.11 20:32:08 | 000,019,968 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.11 20:20:18 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2008.09.19 22:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.09.19 22:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\DivXWMPExtType.dll
[2008.06.12 20:36:38 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.01.21 03:48:25 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2004.12.14 12:04:48 | 000,266,240 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004.12.14 12:02:49 | 001,175,552 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[1997.07.10 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\Docobj.dll
 
========== LOP Check ==========
 
[2010.10.30 00:32:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.11.14 23:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.11.13 22:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.11.30 03:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.10.16 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.28 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2009.08.14 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2008.11.14 23:09:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2010.06.12 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.06.12 19:22:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.06.12 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.12.20 12:20:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.11.13 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2010.11.30 03:08:29 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.30 11:17:29 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E334771D-33CB-474B-A1E3-4AF3B20796FA}.job
[2010.11.30 11:40:07 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.30 11:40:09 | 000,000,248 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.30 11:45:59 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.05 20:36:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2008.12.02 01:44:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.08.10 01:26:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2009.01.02 19:33:49 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2010.10.30 00:32:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008.11.14 23:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2008.11.13 22:32:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools
[2010.03.15 22:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2010.11.30 03:18:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2010.10.10 19:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.10.16 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.28 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2008.11.11 20:20:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2008.11.11 20:55:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2009.01.10 17:08:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2009.08.14 22:12:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.11.30 10:04:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.05.17 10:04:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathematicaPlayer
[2009.01.03 01:40:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2010.04.13 19:00:33 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2009.05.06 22:58:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Move Networks
[2008.11.11 21:52:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2009.09.05 19:00:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2008.11.14 23:09:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2010.06.12 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.06.12 19:22:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.06.12 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2008.11.27 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2009.01.02 19:29:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Reallusion
[2008.11.13 23:21:27 | 000,000,000 | RH-D | M] -- C:\Users\***\AppData\Roaming\SecuROM
[2010.11.26 00:44:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.11.26 00:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2009.12.20 12:20:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2008.11.13 22:54:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2009.12.13 02:17:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2008.11.12 00:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.08.10 22:50:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp
[2008.11.13 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.02.26 06:10:20 | 021,979,992 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2010.02.26 12:13:56 | 000,091,696 | ---- | M] () -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2009.01.10 17:08:57 | 000,839,680 | ---- | M] (Macromedia, Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Authorware Web Player\NP32ASW\webplr08\webplr.exe
[2010.10.30 08:35:45 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\w*w.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.02.02 19:58:13 | 001,924,744 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\w*w.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.11.30 09:59:59 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.02.12 19:37:34 | 000,097,144 | ---- | M] () -- C:\Users\***\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.05.06 22:58:02 | 000,034,062 | ---- | M] () -- C:\Users\***\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.04.18 14:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dduow7yc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2010.04.18 14:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\dduow7yc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\***\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2001.01.10 12:23:58 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:45:04 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 07:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 08:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 03:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 07:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 06:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 03:47:02 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 03:47:42 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:45:13 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:49:23 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:46:46 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:48:49 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:48:07 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:46:48 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:47:33 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:48:05 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:48:57 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:47:58 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 03:48:38 | 000,403,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:E4DA7E87688CAE4B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8CEFE51A

< End of report >

--- --- ---

Hier der Extras.Txt Report:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.11.2010 11:38:57 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Downloads
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 24,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 1,51 Gb Free Space | 1,01% Space Free | Partition Type: NTFS
Drive D: | 139,28 Gb Total Space | 42,76 Gb Free Space | 30,70% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 62 71 2D 74 DC 5B C8 01  [binary data]
"VistaSp2" = 8D C1 F5 58 A9 15 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1444A893-1973-4C3C-B427-041A564A0CE9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{15B47B10-3CA7-4E8E-936A-BE2F2B6D01ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2D145666-6F89-459C-8613-23FE3EB43EA8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3AB3F682-2605-421C-ADAF-224DF307155D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{3B382671-21FE-475F-B133-0E3DDA749FED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{40DD6111-1575-4ACE-AF7B-93F1DC3B8391}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{443105F7-10BE-4D97-941E-5806042D263C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{5058B238-1561-447B-B009-DDAC4F1A2D8F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5513DE74-3485-4E5B-B1FA-890DF9960D38}" = lport=49160 | protocol=6 | dir=in | name=akamai netsession interface | 
"{5F1563B7-0498-4DD3-AC11-57830309176E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6144F2C7-6FCC-4505-886A-68992BB80380}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{62769D64-36C0-4C52-BE16-9539A8048D48}" = lport=138 | protocol=17 | dir=in | app=system | 
"{658AD707-B5CA-48B5-AB89-02AA32017F13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{659F1E3A-A7C1-4F07-82A4-42D99A22BF2C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{72CE25A7-4E91-44A9-A371-5AA808C16252}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7969AB75-5EB2-435A-B3D3-418A4AFFF8AF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7EE8C51C-8830-4E94-B018-3BD735686A80}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{82261642-15B4-44E9-8293-9AFD5962AF27}" = lport=49446 | protocol=6 | dir=in | name=akamai netsession interface | 
"{8239F2FA-30EB-4435-9C9E-2A6D3EF30CDB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8F2674B8-DE0E-41A1-96A3-78CFA358EE6A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9799E6FE-EA77-487A-B04B-3DB77E39BD59}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9C4BB090-CBF2-4F01-BBF3-FFBCB672769D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7A93EA1-CE23-40CF-B450-D7B8A667E51F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A91124E4-5D5B-4466-9ED9-919BEA3B5601}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B295EE97-9C12-4D10-AB55-1FA2946E5B59}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BBD0ED6E-9100-4089-98ED-4B5ECA81F733}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{C651213B-158E-4A01-A6E1-D86F036549BD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{CC171380-FD38-46D3-A1B9-C363219B4FAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CF3C1870-102F-41D2-BF9D-00C64AF7FAE2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{D7B11D4A-23F6-443E-AE70-C657AA04D1BB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D94F409D-9154-4D56-BF82-25A8C04DAF6E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{DAEEAD78-E120-4947-BF6F-4335FDE50E84}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDC71DB8-6DF0-40B5-8B7A-420364FD5015}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DDEA2416-2AD7-4CA2-8B94-D956667B11E7}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{E1C036E9-C7C6-4624-9A80-3962087CE797}" = rport=445 | protocol=6 | dir=out | app=system | 
"{E3E4C2F2-A3D0-4A69-8529-BD09CFCE5C3D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E4C5C701-789C-4D00-9948-2C373AEB06B3}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{E7B13A0F-7607-4BBA-9896-5728CEA31680}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F1D4D600-5DEC-47C2-B6B5-5AD1C352B736}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FEE4D4EB-0820-4FA3-BCDC-224C092F79FB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D10A64-3AF0-4181-BDB5-FF5332677F91}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{0EEFF6B6-771C-4DC3-B2F2-ED1C8FA107E8}" = protocol=6 | dir=out | app=system | 
"{0FAC5D32-429E-4404-A5FD-2163D598F1BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1508B03E-7749-42F7-A5E1-AD9C0BF0CC31}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{1A7EF50A-879F-4E1B-B6A9-BD2ADFD3E7E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{20D230FC-883C-492D-AEE2-550846BB50D4}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{20F85C06-042B-444E-B9EE-19BA7C9A0A8C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{221C66E7-8EFB-4B2E-8BA0-2FB5F8237645}" = protocol=17 | dir=in | app=c:\program files (x86)files\wolfram research\mathematica player\7.0\mathematicaplayer.exe | 
"{250A6286-EF58-456E-97E7-7694BC772EAF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2696C695-713D-4069-AEFF-2C22FE6D6172}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{26B5F28B-FC81-46A2-9159-AC5C633A0925}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{283F50CB-2DCA-4BEF-8CF7-65A3B26CE353}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{2A6557DB-C8AA-493B-BA8C-C4EC5CEE4D67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E1A214B-6B6B-4CD5-A91E-1FABF10EA1CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2F1FDAE4-6B7C-41CA-A860-7649C7BC2213}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{30A02ADF-1F09-40E1-82A6-4DE217FF37D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{33147B2F-7065-4666-A16C-8396016BA06B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3DB86205-F10C-4F6B-BAF7-ECF107A272E5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3E858EB7-86C8-4BDE-A452-01D6768641EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41D96B9A-BD79-425E-818D-EFA111B37388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BD26DE8-9B5D-4391-A8C2-35B4DABABAF2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4DEBA46B-995E-4334-B2E7-F4F1326B45E5}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{4FACC213-8F44-4727-B2DF-65719C386A49}" = protocol=6 | dir=in | app=c:\program files (x86)files\wolfram research\mathematica player\7.0\mathematicaplayer.exe | 
"{50DDC328-C06A-4AAA-AD91-C7232D63F264}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{51BC88FD-F39B-472A-BF91-74D100E4EACA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{51CF05E0-D8AA-430C-B695-298C58A59ACB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{51D8D22B-316A-438F-91E2-B237A9C9FBBC}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{535E8DA8-2983-491C-8051-8BB7AA4DC1AF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{599926C9-B1A2-45F7-8551-2EBE097B84F2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{59F91EC3-F217-4DAA-8901-EC5A497197F0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5A66886C-B483-443E-BA4D-B446FA375DF0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5E574A39-6078-4CEC-8911-E6A71EC807F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{633EDFB3-6BF7-4A38-BFCB-9E3A434598D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7190D04E-D139-45FC-A165-34B2F5939D1B}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{7954C293-9BCC-4B4C-AA15-C4E98A6A12A1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{79A5D504-3B3E-49C8-8B9D-A75B68209976}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{7D76FC26-5CC8-4BCE-9135-932BFC840A8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{86B5AC0B-39DA-4B23-8FC6-26ECAA518064}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{8BB40E14-7A8C-447E-8BF1-B03B7217B2A9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F3711AE-4488-44BF-963A-674FE5F069E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{90291ECC-90FE-4CA2-A3A8-E06F3B9160B9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{905D2087-FA6D-4592-8C8B-6CE5139BC673}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9291C094-80F9-4993-84EC-96D1679B9BED}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{97D1A511-F014-47A6-8F52-750B4475E655}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{98BAFE11-87E1-4DE4-A16B-68A4D662C638}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{99491F9F-005A-4FD9-BB78-301FE0AE2E80}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9CCE5CCA-DA17-4419-B83D-7F65A7277861}" = dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3\retailexe\1.9\cnc3game.dat | 
"{9EEBD0DF-D882-4D8C-BF62-617441228A7D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{A0CC9B23-EB8D-4057-899D-FB9F96F4D599}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{A84D828E-92C1-4251-9F1C-C93A87B6CDF3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"{B3348779-DCBF-4254-BD19-986E0691B1B8}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{B6E1E325-C358-47B1-8399-68E4206B9C7C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{BBB6D6D3-03E6-4766-B293-885AC6805A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{BFAD550F-638E-4864-A7E8-3EA6FA1B6DC2}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{C383C4A2-8B3D-4E2D-9F2C-6DB0597C8C4B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C4EEA3C7-2525-49D0-B446-CAC24969B5D3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"{C6667FC2-C300-42F9-A6C2-1C93DCE54092}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{CDC7CC4C-55C5-47D9-8A59-423F98F9AA32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{D51062D5-56C2-48C5-B81B-C4EBDD7AE134}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{D6913E1C-FB4A-4DEF-898C-B8FDAC309C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E3E9C52D-B89E-4A14-9A08-5BA8540804AB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E3FB83C7-F23A-4694-8643-AC3BBE59EAF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5E3D74D-81BD-4FBC-A036-9BEE749A0112}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E919F2CD-ED6A-4A77-9C32-22413CC312B8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{EAB57BE2-E1E6-401F-A81E-92B7967914AC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EC2E94AE-0F52-45F9-8673-E7BCB7262994}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{F4B31B10-44FC-4A70-835D-8989DD39BE58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FA15DC5F-E033-4314-87C3-34C4807AD860}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{FAE07E11-404E-4D4B-A495-F31B10E244FD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe | 
"TCP Query User{01DCA480-4B78-4AE8-BBE1-2BBE648EFBA6}C:\program files (x86)\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe | 
"TCP Query User{19CE7DE6-9955-4312-AAF7-22C2344E91CC}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{1A8E6F3F-EBB3-4E94-8A40-3A3C4321C970}C:\program files (x86)\command & conquer generals\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\command & conquer generals\game.dat | 
"TCP Query User{23B5DC4B-8A89-4302-9F49-12B3D1D7CFE8}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{2D324E1C-7B46-4231-AD19-3EF3974CE68D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{43DF6EA1-97AC-414E-BB8F-3ABD7644D3E1}C:\users\***\downloads\patrick\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\patrick\counter-strike source\hl2.exe | 
"TCP Query User{4860F1F1-35D0-4305-8403-E158793D3A06}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"TCP Query User{4ED04BCF-6D83-404B-8B6D-0FDDF9AEC36B}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"TCP Query User{543C262E-ED37-4909-834E-5CFC50DA90D8}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"TCP Query User{5CD60869-B81A-40AD-94E7-143662AAB415}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"TCP Query User{65402990-14D5-4CAC-85B2-330445873FB6}C:\program files (x86)\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"TCP Query User{6C54A29A-E7D3-40BA-BC13-46257DEBD67C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{71EC6314-D36A-4D06-9AAE-BF21623C6C38}C:\users\***\downloads\patrick\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\patrick\counter-strike source\hl2.exe | 
"TCP Query User{7A8FD581-8832-4214-AE78-80649E1315F4}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{87E25C17-536A-4B0E-95B0-6CE548AED9E2}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{91C70639-E280-48B4-9172-4BB13A9E8AE4}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{93B6A17F-EA66-4A66-B478-4110AA1ABDE9}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{A0ED51B4-1BCB-433F-B26A-D81323ED1D22}C:\program files (x86)\mozilla firefox\plugins\alhlp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugins\alhlp.exe | 
"TCP Query User{CE41C503-C43B-41A8-8A93-A848D3DEE62B}C:\program files (x86)\ugs\nx 5.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ugs\nx 5.0\ugii\ugraf.exe | 
"TCP Query User{E0B4B7C7-C255-4649-A668-521CCADDDFAA}C:\program files (x86)\icq7.0\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"TCP Query User{E167A9CB-6899-40A4-B644-DCE661C65539}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{F02F4FF8-C0A8-4817-AF60-B557270A02C4}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{FB0D4147-591F-47E1-8E84-6AD8BD8131D2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{FB10E1EE-E46D-4A3A-AF14-567903219DD9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{FBA95AE3-1889-4721-BE55-69C69B57255B}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"TCP Query User{FC6C02C8-14BC-4CC1-B56A-4DB2FA97CAB3}C:\program files (x86)\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe | 
"UDP Query User{0A319F2F-505E-4DB5-BF12-F1201D58289A}C:\program files (x86)\icq7.0\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe | 
"UDP Query User{0DB403A7-1289-444A-BC6E-1000CC514A70}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{188A701D-8591-4F84-9EB8-9481C808D88F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{22DC0A48-4419-4632-885D-16AB1F4A7DC1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{2429BD6D-2726-4F8F-9637-9F26E45F5679}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{2AD2260B-835D-4FC9-88F8-4B4A404BA239}C:\users\***\downloads\patrick\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\patrick\counter-strike source\hl2.exe | 
"UDP Query User{32183EB8-0EC8-4AD1-A1BF-58657CA7C236}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{366D92E1-40B4-4267-8400-630BFB0412AA}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{3FA95D90-9652-4207-A0ED-0AA14DFEAE44}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{4625A3ED-244C-4E3A-AF3B-3A80FD94BD4B}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"UDP Query User{4B169B1D-C98F-4F4E-9DB2-32E8FC5663EE}C:\program files (x86)\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe | 
"UDP Query User{4E839BA4-9720-46DC-9A46-E787F0E268B5}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{82699403-BA4A-4E5C-8F96-AA54DA77E1A8}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{83406794-5601-46FD-BF30-DCF948BDAFC6}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{83C20419-656D-4F22-BCE1-E34D4AF83E3A}C:\program files (x86)\command & conquer generals\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\command & conquer generals\game.dat | 
"UDP Query User{8941ADCC-0C58-4C47-BA95-B76D0A1BF393}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{95C49358-843F-4371-9865-F2B7D141328D}C:\program files (x86)\mozilla firefox\plugins\alhlp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugins\alhlp.exe | 
"UDP Query User{9C1ED185-5404-439B-BB71-7258B3CA848C}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{9FAF923B-3669-4BAB-AB03-99E5B76E7CFB}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{ABD0A882-6AD0-4365-B196-FC1AA1D7B833}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{B251F2C9-DC74-4A27-869A-DA204841820B}C:\program files (x86)\ugs\nx 5.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ugs\nx 5.0\ugii\ugraf.exe | 
"UDP Query User{BD6A5183-C225-430E-B60D-2E2A6D65207C}C:\program files (x86)\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattoo.exe | 
"UDP Query User{CF72C82E-5734-4500-91B8-AABFACF0C82F}C:\users\***\downloads\patrick\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\patrick\counter-strike source\hl2.exe | 
"UDP Query User{DB316632-47AB-488A-8519-4A0ECB8D4FDD}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{E044F3C8-5C7E-4328-A9FA-272976082DC5}C:\program files (x86)\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files (x86)\zattoo\zattood.exe | 
"UDP Query User{EE1EBA99-526B-49BD-AC48-3B61C22AC2B6}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6E79D0B1-5954-4A96-89ED-D39057733457}" = AIMMS 3.8 x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9CC5470D-6C5A-4835-8CDE-CD590FB26329}" = UGS NX 5.0 Documentation
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"M-WIN-D 7.0.1 1223367_is1" = Mathematica Player (M-WIN-D 7.0.1 1223367)
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"Vista Codec x64 Components_is1" = Vista Codec x64 Components
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18756A46-652E-4ED4-A029-C4940D59F09B}" = Nokia PC Suite
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E765B16-84C0-40FD-A33D-D58CC7C75603}" = UGS NX 5.0
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5caa78ba-7844-4502-86ec-3c39db69e93b}" = Nero 9
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{8448D435-7543-411F-A0CC-7AA40D815E8F}" = Express Gate
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C91D53E-0C23-4A79-A480-68A443D80100}" = PC Connectivity Solution
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB358C5B-9397-4E19-BF2D-7439945F12B3}" = Reuters EcoWin Pro 6.0
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC1F75C6-760C-4F4B-912F-1F213C4F7550}" = UGS NX 5.0 CAST
"ABC Amber NBU Converter" = ABC Amber NBU Converter
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Anti-Leech ALNN" = Anti-Leech Plugin for Mozilla, Opera, Netscape
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Latein-Wörterbuch_is1" = Das Latein-Wörterbuch 2.1.1
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NetMeter_is1" = NetMeter 1.1.3
"Nokia PC Suite" = Nokia PC Suite
"OpenVPN" = OpenVPN 2.1_rc13a
"PartyPoker" = PartyPoker
"SuperTux 0.3.1" = SuperTux 0.3.1
"TOPSIM - easyStartup! - BPlan" = TOPSIM - easyStartup! - BPlan
"Uninstall_is1" = Uninstall 1.0.0.1
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VLC media player 0.9.6
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XviD" = XviD MPEG-4 Codec
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.05.2010 05:47:00 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.05.2010 08:15:00 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.05.2010 08:15:00 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.05.2010 08:17:52 | Computer Name = ***-PC | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 22.05.2010 17:35:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 22.05.2010 17:35:38 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.05.2010 05:53:43 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.05.2010 05:53:43 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.05.2010 15:12:52 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 23.05.2010 15:12:52 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 04.11.2009 12:01:05 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1098
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 02.02.2010 17:16:04 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 07.10.2010 11:00:00 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2318
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 28.11.2010 18:58:07 | Computer Name = ***-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.4 für die Netzwerkkarte mit der Netzwerkadresse
 0016EA831F32 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 28.11.2010 18:58:09 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 28.11.2010 18:58:20 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 28.11.2010 18:58:24 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 28.11.2010 19:36:24 | Computer Name = ***-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.11.2010 20:32:32 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 28.11.2010 20:32:34 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 29.11.2010 04:32:35 | Computer Name = ***-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 29.11.2010 15:52:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 30.11.2010 06:32:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = 
 
 
< End of report >

--- --- ---

markusg · 30.11.2010, 12:55

*** durch benutzernamen ersetzen im folgenden script.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\***\AppData\Local\Temp\Yby.exe (jens.plugin.npp@gmx.de)
PRC - C:\Users\***\AppData\Local\Temp\Ybx.exe (jens.plugin.npp@gmx.de)
PRC - C:\Windows\Yryvia.exe (jens.plugin.npp@gmx.de)
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [JP595IR86O] C:\Users\***\AppData\Local\Temp\Ybx.exe (jens.plugin.npp@gmx.de)
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [Metropolis] C:\Windows\SysWow64\sshnas21.DLL (jens.plugin.npp@gmx.de)
O4 - HKU\S-1-5-21-1874547535-1232430928-3369237507-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not
found
[2010.11.30 01:31:12 | 000,178,176 | ---- | C] (jens.plugin.npp@gmx.de) -- C:\Windows\Yryvia.exe
[2010.11.30 01:31:02 | 000,242,688 | ---- | C] (jens.plugin.npp@gmx.de) -- C:\Windows\SysWow64\sshnas21.dll
[2010.11.30 11:45:59 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.11.30 11:40:09 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.11.30 11:40:07 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.11.30 01:31:04 | 000,178,176 | ---- | M] (jens.plugin.npp@gmx.de) -- C:\Windows\Yryvia.exe

:Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten.

öffne mein computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.

lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

thranduil · 30.11.2010, 14:17

Habe ich durchgeführt, hier ist die Textdatei, die sich nach dem Neustart geöffnet hat:

All processes killed
========== OTL ==========
No active process named Yby.exe was found!
No active process named Ybx.exe was found!
No active process named Yryvia.exe was found!
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File C:\Windows\SysNative\DRIVERS\ipinip.sys File not found not found.
Registry value HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
Registry value HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O not found.
File C:\Users\***\AppData\Local\Temp\Ybx.exe not found.
Registry value HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis not found.
File C:\Windows\SysWow64\sshnas21.DLL not found.
Registry value HKEY_USERS\S-1-5-21-1874547535-1232430928-3369237507-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaOviSuite2 not found.
File C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not not found.
File C:\Windows\Yryvia.exe not found.
File C:\Windows\SysWow64\sshnas21.dll not found.
File C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.
File C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job not found.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\Windows\Yryvia.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Xxx
->Flash cache emptied: 0 bytes

User: ***
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Xxx
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***
->Temp folder emptied: 369296443 bytes
->Temporary Internet Files folder emptied: 146232283 bytes
->Java cache emptied: 59342916 bytes
->FireFox cache emptied: 296392727 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 88351009 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 151888105 bytes

Total Files Cleaned = 1.060,00 mb

OTL by OldTimer - Version 3.2.17.3 log created on 11302010_140329

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3EA1A686-A1BE-4DC2-806F-CDCEE86ED9CC}.tmp moved successfully.
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7043A11E-F0E7-4B4C-8097-A3D3EB6D799C}.tmp moved successfully.
File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EFC8FADB-0924-4452-BBDD-07F764A3BC69}.tmp not found!
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F9E31E8D-F4BF-4882-8B92-DE4CCB07F00B}.tmp moved successfully.

Registry entries deleted on Reboot...

markusg · 30.11.2010, 15:30

öffne malwarebytes, logdateien, poste das scan log mit den funden.

thranduil · 30.11.2010, 23:25

Ich habe den malewarebytes scan durchlaufen lassen und danach die gefundenen Fehler beseitigt. Seitdem funktioniert wieder alles ganz normal. Heißt das, dass jetzt alle Viren, Trojaner oder ähnliches verschwunden sind?
Der Internet Explorer hat sich seit dem nicht mehr selbstständig geöffnet. Vielen Dank an markusg für die Hilfe!

markusg · 01.12.2010, 12:19

avira
http://www.trojaner-board.de/54192-a...tellungen.html
avira 10 so instalieren bzw. dann konfigurieren. wenn du die konfiguration übernommen hast, update das programm.
klicke dann auf "lokaler schutz" "lokale laufwerke" eventuelle funde in quarantäne, log posten.
bitte auch unter verwaltung, planer, scan auftrag, darauf achten, das dieser über lokale laufwerke läuft! sonst werden die einstellungen nicht gültig.
den update auftrag auf 1x pro tag einstellen.
und "nachhohlen falls zeit überschritten" auswählen

30.11.2010, 15:30	#6
markusg /// Malware-holic	Internet Explorer öffnet sich automatisch öffne malwarebytes, logdateien, poste das scan log mit den funden. __________________ --> Internet Explorer öffnet sich automatisch

Internet Explorer öffnet sich automatisch

Log-Analyse und Auswertung: Internet Explorer öffnet sich automatisch