Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.01.2011, 21:31   #1
ToStEeY
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Guten Abend,
ich habe seit gestern ein Problem mit meinem Windows.
Es hat auf einmal angefangen, alle Dinge auf die der Coursor gerichtet war, anzuklicken. Ausserdem war es bei dem Startmenü so, dass wenn ich zB. auf "Alle Programme" gegangen bin, das Fenster transparent geworden ist.
Ich habe sofort danach, den Rechner neugestartet, vom Netz genommen und einen Ad-Aware-scan und mit Avira einen Virenscan gemacht.
Nun habe ich gedacht, alles wäre wieder gut, nur als ich heute den Rechner gestartet habe, ging das ganze von vorne los. Dann habe ich den Rechner wieder vom Netz genommen und nochmal neu gestartet. Mit ComboFix habe ich nun einen Scan gemacht und würde mich freuen, wenn ihr es auswerten könntet.
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-01-17.05 - **** 18.01.2011 20:56:32.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.6134.4493 [GMT 1:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
 
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\CFLog
c:\cflog\CrashLog_20100722.txt
c:\program files (x86)\\setup.exe
c:\program files (x86)\Setup.exe
 
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-18 bis 2011-01-18 ))))))))))))))))))))))))))))))
.
 
2011-01-18 20:00 . 2011-01-18 20:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-01-18 19:48 . 2011-01-18 19:48    --------    d-----w-    c:\program files\CCleaner
2011-01-18 19:37 . 2010-11-10 05:35    8199504    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{4B6F02FB-4748-4412-9E3C-C60F0CDE702E}\mpengine.dll
2011-01-15 20:37 . 2011-01-15 20:46    --------    d-----w-    c:\program files (x86)\Valve
2011-01-14 17:08 . 2011-01-14 17:08    --------    d--h--w-    c:\program files (x86)\Zero G Registry
2011-01-14 17:08 . 2011-01-14 17:08    --------    d-----w-    c:\program files (x86)\Markets-pro
2011-01-14 17:07 . 2011-01-14 17:07    --------    d--h--w-    c:\users\****\InstallAnywhere
2011-01-12 19:36 . 2010-11-02 05:18    229888    ----a-w-    c:\windows\system32\XpsRasterService.dll
2011-01-11 20:12 . 2011-01-09 21:15    2577776    ----a-w-    c:\windows\SysWow64\pbsvc_heroes.exe
2011-01-04 23:38 . 2011-01-04 23:38    --------    d-----w-    c:\program files\Common Files\Apple
2011-01-03 00:29 . 2011-01-04 23:13    --------    d-----w-    c:\users\Tobi\AppData\Roaming\WindSolutions
2011-01-03 00:29 . 2011-01-04 23:13    --------    d-----w-    c:\programdata\WindSolutions
2011-01-02 11:52 . 2011-01-02 11:52    --------    d-----w-    c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-01-02 11:50 . 2011-01-02 11:50    --------    d-----w-    c:\program files\Bonjour
2011-01-02 11:50 . 2011-01-02 11:50    --------    d-----w-    c:\program files (x86)\Bonjour
2010-12-30 18:37 . 2010-12-30 18:37    --------    d-----w-    c:\program files (x86)\Common Files\Skype
 
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 17:19 . 2010-03-04 17:45    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.exe
2011-01-16 17:19 . 2009-07-17 11:48    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
2011-01-16 14:26 . 2010-03-04 17:45    270240    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
2011-01-11 20:12 . 2009-07-17 11:46    75136    ----a-w-    c:\windows\SysWow64\PnkBstrA.exe
2010-11-29 16:38 . 2010-11-29 16:38    94208    ----a-w-    c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38    69632    ----a-w-    c:\windows\SysWow64\QuickTime.qts
2010-11-22 14:23 . 2009-05-25 14:14    83120    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-11-04 06:35 . 2010-12-16 05:52    1194496    ----a-w-    c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-16 05:52    57856    ----a-w-    c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-16 05:52    978944    ----a-w-    c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-16 05:52    44544    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-16 05:52    482816    ----a-w-    c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-16 05:52    386048    ----a-w-    c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-16 05:52    1638912    ----a-w-    c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-16 05:52    1638912    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2010-11-02 19:15 . 2010-04-04 18:57    126792    ----a-w-    c:\windows\system32\drivers\avfwot.sys
2010-11-02 05:18 . 2010-12-16 05:53    524288    ----a-w-    c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-16 05:53    473600    ----a-w-    c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-16 05:53    1169408    ----a-w-    c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-16 05:53    1114624    ----a-w-    c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-16 05:53    464384    ----a-w-    c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-16 05:53    285696    ----a-w-    c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-16 05:53    496128    ----a-w-    c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-16 05:53    305152    ----a-w-    c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-16 05:53    192000    ----a-w-    c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-16 05:53    179712    ----a-w-    c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-16 05:53    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-16 05:53    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2010-01-17 18:51 . 2010-01-14 20:41    814143398    ----a-w-    c:\program files\loleusetup.exe
2010-01-10 20:20 . 2010-01-10 19:45    576000    ----a-w-    c:\program files (x86)\ISSetup.dll
2010-01-10 20:20 . 2010-01-10 19:45    473    ----a-w-    c:\program files (x86)\layout.bin
2009-11-10 07:39 . 2009-12-30 19:05    985299    ----a-w-    c:\program files (x86)\Launcher.exe
2009-11-09 15:13 . 2009-12-30 19:05    7680    ----a-w-    c:\program files (x86)\LastCO.exe
2009-11-09 14:39 . 2009-12-30 19:05    1594680    ----a-w-    c:\program files (x86)\LASTCOX.exe
2006-05-03 09:06    163328    --sha-r-    c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47    31232    --sha-r-    c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30    216064    --sha-r-    c:\windows\SysWOW64\nbDX.dll
.
 
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 163328]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TurboV"="c:\program files (x86)\ASUS\TurboV\TurboV.exe" [2008-10-21 4040192]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages    REG_MULTI_SZ     kerberos msv1_0 schannel wdigest tspkg pku2u livessp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
 
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-05-25 871408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys [2008-07-28 1075712]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2009-03-20 14120]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-04-22 12744]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2009-03-20 460800]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2007-02-06 1013024]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-02-03 16160]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2010-04-19 22528]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
R3 X6va001;X6va001;c:\users\****\AppData\Local\Temp\001D1F.tmp [x]
R3 X6va002;X6va002;c:\users\****\AppData\Local\Temp\0022BA6.tmp [x]
R4 Cherry Device Interface;Cherry Device Interface;c:\program files (x86)\Cherry\CDI\cdi.exe [2009-05-28 585774]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 136176]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R4 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R4 ScrambyServer;Scramby Server;c:\program files (x86)\RapidSolution\Scramby\ScrambyServer.exe [2007-09-14 344064]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
R4 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-05-18 185640]
R4 tvnserver;TightVNC Server;c:\program files (x86)\TightVNC\tvnserver.exe [2010-02-17 776192]
R4 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-08 69152]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-06-29 1352832]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 scramby_out;Scramby Output;c:\windows\system32\drivers\scramby_out.sys [2007-08-08 34336]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
 
.
Inhalt des "geplante Tasks" Ordners
 
2011-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:15]
 
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 11:49]
 
2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-19 11:49]
.
 
--------- x86-64 -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-15 7832608]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-15 1833504]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Beemp3 Search ToolBar: {2832ABCD-4444-1012-2D45-132D5447C445} - %profile%\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
 
AddRemove-5.50 GEN-A Easy Installer by Revenger - H:\uninstall.exe
AddRemove-5.50 GEN-B Easy Installer by Revenger - H:\uninstall.exe
AddRemove-5.50 GEN-B2 Easy Installer by Revenger - H:\uninstall.exe
AddRemove-7-Zip - c:\program files (x86)\7-Zip\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-AV Voice Changer Software GOLD 7.0 - c:\progra~2\AVVCS7~1.0GO\UNWISE.EXE
AddRemove-AVMWLANCLI - c:\program files (x86)\avmwlanstick\instwcli.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-RaybanMirror - c:\program files (x86)\RaybanMirror\app\Launcher.exe
 
 
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\****\AppData\Local\Temp\001D1F.tmp"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\****\AppData\Local\Temp\0022BA6.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
 
[HKEY_USERS\S-1-5-21-2792325408-2325744227-3055143276-1000\Software\SecuROM\License information*]
"datasecu"=hex:1b,b0,44,e3,0f,81,ea,d8,9e,ca,e4,53,44,a2,f5,ee,88,d4,b6,d5,76,
38,3c,1c,dd,2b,55,4a,24,c1,97,ae,37,d4,e2,5c,ff,52,2e,95,0d,de,55,62,33,3f,\
"rkeysecu"=hex:cf,12,c8,99,00,2c,b3,6a,10,a8,76,bd,85,4a,d4,18
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-18 21:07:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-18 20:07
 
Vor Suchlauf: 19 Verzeichnis(se), 112.330.801.152 Bytes frei
Nach Suchlauf: 27 Verzeichnis(se), 112.176.508.928 Bytes frei
 
- - End Of File - - 787FFE9D698A51709929474F06230752
         
--- --- ---

Alt 19.01.2011, 11:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Warum führst Du auf eigene Faust Combofix auf? Das sollst Du erst auf Anweisung hin ausführen - so steht es jedenfalls überall hier dick und fett, unübersehbar!

Gibt es noch andere Logs von anderen Tools wie zB Malwarebytes? Wenn ja alle Logs posten!
__________________

__________________

Alt 19.01.2011, 14:51   #3
ToStEeY
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Sorry, wenn ich jetzt etwas falsch gemacht habe...
Was kann denn schlimmstenfalls passieren, wenn ich einfach combofix nutze???

Ich hab noch Hijackthis:


HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:07, on 18.01.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Users\****\Desktop\Rest\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9135 bytes
         
--- --- ---






Soll ich auch nocheinmal Malwarebytes testen???
__________________

Geändert von ToStEeY (19.01.2011 um 14:57 Uhr)

Alt 19.01.2011, 15:05   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Zitat:
wenn ich einfach combofix nutze???
Der machst dein Windows kaputt und zerstörst alle Daten

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.01.2011, 15:50   #5
ToStEeY
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Einmal OTL:

Otl.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.01.2011 15:32:21 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 104,56 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 276,93 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Cherry Device Interface) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
SRV - (ScrambyServer) -- C:\Program Files (x86)\RapidSolution\Scramby\ScrambyServer.exe (RapidSolution Software AG)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcS64) -- c:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2Mon.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\drivers\LVMVdrv.sys (Logitech Inc.)
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\drivers\LVCKap64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 98 DB C8 41 B0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.4.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.15 02:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.02 12:51:16 | 000,000,000 | ---D | M]
 
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.01.18 20:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions
[2009.11.15 23:19:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.16 20:46:41 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2010.04.29 18:57:31 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.04.30 13:50:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.11 21:01:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\battlefieldheroespatcher@ea.com
[2010.09.22 20:07:10 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\vshare@toolbar
[2009.06.13 10:57:06 | 000,002,399 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\daemon-search.xml
[2009.09.27 11:26:51 | 000,002,314 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\forestle-de.xml
[2010.09.22 20:07:18 | 000,001,583 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\web-search.xml
[2011.01.18 20:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.06.14 18:29:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.06.14 18:29:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.06.14 18:29:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.06.14 18:29:41 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.06.14 18:29:41 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\****\Desktop\E-Mail_
[2011.01.19 15:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.01.19 15:29:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup.exe
[2011.01.19 15:10:13 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\f0recast-V1.2
[2011.01.18 21:07:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.01.18 21:02:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.01.18 20:53:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.01.18 20:53:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.01.18 20:53:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.01.18 20:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.18 20:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.01.18 20:51:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.18 20:48:22 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.01.18 20:46:35 | 002,107,888 | ---- | C] (Piriform Ltd) -- C:\Users\Tobi\Desktop\ccsetup302_slim.exe
[2011.01.15 23:23:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Empires
[2011.01.15 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Valve1
[2011.01.15 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Age Of Empires 2 & The Conquerors Expansion
[2011.01.15 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.01.15 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Valve
[2011.01.15 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8
[2011.01.15 11:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Beginner
[2011.01.15 11:26:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Guitar_Pro_v5.1_incl_Crack_vinasofts.ws
[2011.01.15 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Nintendo 64
[2011.01.14 18:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Markets-pro
[2011.01.14 18:08:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2011.01.14 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Markets-pro
[2011.01.14 18:07:57 | 000,000,000 | -H-D | C] -- C:\Users\****\InstallAnywhere
[2011.01.14 17:56:02 | 044,530,240 | ---- | C] (Macrovision) -- C:\Users\****\Desktop\CFD_FX_MM5_Installer.exe
[2011.01.13 21:43:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\itunes
[2011.01.09 23:54:43 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Battlefield Heroes
[2011.01.09 23:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.01.05 00:38:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.01.05 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\CopyTransDriversInstallerv1.005
[2011.01.05 00:08:27 | 006,976,696 | ---- | C] (WindSolutions) -- C:\Users\Tobi\Desktop\CopyTransManager.exe
[2011.01.03 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WindSolutions
[2011.01.03 01:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011.01.03 01:23:09 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SharePod
[2011.01.02 12:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.01.02 12:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.02 12:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.01.02 12:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.01.02 12:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.12.30 19:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.30 19:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.12.30 15:36:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Dream SM
[2010.12.26 19:14:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Diverse Bilder
[2010.01.14 21:41:40 | 814,143,398 | ---- | C] (GOA                                                         ) -- C:\Programme\loleusetup.exe
[2010.01.10 20:45:08 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2009.12.30 20:05:52 | 000,007,680 | ---- | C] (LastCO) -- C:\Program Files (x86)\LastCO.exe
[2009.12.30 20:05:47 | 001,594,680 | ---- | C] (LASTCO EMU) -- C:\Program Files (x86)\LASTCOX.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\Tobi\Desktop\E-Mail_
[2011.01.19 15:31:27 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tobi\Desktop\mbam-setup.exe
[2011.01.19 15:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2011.01.19 15:15:51 | 078,159,764 | ---- | M] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw.part
[2011.01.19 15:15:51 | 000,000,000 | ---- | M] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw
[2011.01.19 15:09:47 | 000,240,692 | ---- | M] () -- C:\Users\****\Desktop\f0recast-V1.2.zip
[2011.01.19 14:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.19 14:50:00 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 14:50:00 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 14:45:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.19 14:44:46 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.19 14:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.19 14:44:28 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.18 22:38:36 | 005,005,670 | ---- | M] () -- C:\Users\****\Desktop\Tenacious_D_Tribute.mp3
[2011.01.18 22:36:04 | 000,008,192 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.18 22:21:48 | 003,970,712 | ---- | M] () -- C:\Users\****\Desktop\Tenacious_D_-_Tribute_by_yusenken.mp3
[2011.01.18 22:20:37 | 004,499,475 | ---- | M] () -- C:\Users\****\Desktop\07-tenacious_d-master_exploder.mp3
[2011.01.18 22:19:36 | 009,201,664 | ---- | M] () -- C:\Users\****\Desktop\kralove_rocku_beelzeboss_ost.mp3
[2011.01.18 22:18:29 | 006,629,376 | ---- | M] () -- C:\Users\****\Desktop\kralove_rocku_kickapoo_ost.mp3
[2011.01.18 20:51:05 | 004,157,342 | R--- | M] () -- C:\Users\****\Desktop\ComboFix.exe
[2011.01.18 20:46:48 | 002,107,888 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup302_slim.exe
[2011.01.16 18:19:26 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.01.16 18:19:26 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.16 16:57:25 | 000,495,860 | ---- | M] () -- C:\Users\****\Desktop\neue_oberstufe_2005.pdf
[2011.01.16 15:26:50 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.01.16 14:04:56 | 000,026,113 | ---- | M] () -- C:\Users\****\Desktop\01deutschhinweise2013.pdf
[2011.01.15 20:57:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011.01.15 20:41:46 | 420,813,332 | ---- | M] () -- C:\Users\****\Desktop\iPhone3GS_421_8C148a_Restore.zip
[2011.01.15 20:32:30 | 011,193,637 | ---- | M] () -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8.zip
[2011.01.15 20:20:43 | 001,649,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.15 20:20:43 | 000,710,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.15 20:20:43 | 000,663,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.15 20:20:43 | 000,153,580 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.15 20:20:43 | 000,125,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.14 18:08:06 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Markets-pro Trading Plattform.lnk
[2011.01.14 18:02:50 | 044,530,240 | ---- | M] (Macrovision) -- C:\Users\****\Desktop\CFD_FX_MM5_Installer.exe
[2011.01.13 21:43:36 | 001,540,740 | ---- | M] () -- C:\Users\****\Desktop\AA.Net.Client.rar
[2011.01.12 22:07:23 | 000,031,232 | ---- | M] () -- C:\Users\****\Desktop\Tobias Latta DSP.doc
[2011.01.11 21:12:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.09 22:15:28 | 002,577,776 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2011.01.02 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.02 02:42:43 | 000,007,356 | ---- | M] () -- C:\Users\****\Desktop\SharePodSettings.xml
[2010.12.23 00:16:32 | 000,011,261 | ---- | M] () -- C:\Users\****\Documents\Hallo Silke.docx
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.19 15:15:51 | 000,000,000 | ---- | C] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw
[2011.01.19 15:13:35 | 074,719,124 | ---- | C] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw.part
[2011.01.19 15:09:47 | 000,240,692 | ---- | C] () -- C:\Users\****\Desktop\f0recast-V1.2.zip
[2011.01.19 14:45:54 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.18 22:37:55 | 005,005,670 | ---- | C] () -- C:\Users\****\Desktop\Tenacious_D_Tribute.mp3
[2011.01.18 22:28:54 | 009,250,138 | ---- | C] () -- C:\Users\****\Desktop\Led Zeppelin - Stairway to Heaven.mp3
[2011.01.18 22:19:15 | 004,499,475 | ---- | C] () -- C:\Users\****\Desktop\07-tenacious_d-master_exploder.mp3
[2011.01.18 22:17:55 | 003,970,712 | ---- | C] () -- C:\Users\****\Desktop\Tenacious_D_-_Tribute_by_yusenken.mp3
[2011.01.18 22:17:36 | 009,201,664 | ---- | C] () -- C:\Users\****\Desktop\kralove_rocku_beelzeboss_ost.mp3
[2011.01.18 22:17:11 | 006,629,376 | ---- | C] () -- C:\Users\****\Desktop\kralove_rocku_kickapoo_ost.mp3
[2011.01.18 20:53:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.18 20:53:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.18 20:53:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.18 20:53:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.18 20:53:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.18 20:50:29 | 004,157,342 | R--- | C] () -- C:\Users\****\Desktop\ComboFix.exe
[2011.01.16 16:57:20 | 000,495,860 | ---- | C] () -- C:\Users\****\Desktop\neue_oberstufe_2005.pdf
[2011.01.16 14:04:55 | 000,026,113 | ---- | C] () -- C:\Users\****\Desktop\01deutschhinweise2013.pdf
[2011.01.15 20:57:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011.01.15 20:46:06 | 011,193,637 | ---- | C] () -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8.zip
[2011.01.15 20:45:02 | 420,813,332 | ---- | C] () -- C:\Users\****\Desktop\iPhone3GS_421_8C148a_Restore.zip
[2011.01.15 11:27:54 | 2100,203,099 | ---- | C] () -- C:\Users\****\Desktop\vorbilder.mp4
[2011.01.14 18:08:06 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Markets-pro Trading Plattform.lnk
[2011.01.13 21:43:21 | 001,540,740 | ---- | C] () -- C:\Users\****\Desktop\AA.Net.Client.rar
[2011.01.12 19:56:28 | 000,031,232 | ---- | C] () -- C:\Users\****\Desktop\Tobias Latta DSP.doc
[2011.01.11 21:12:04 | 002,577,776 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2011.01.05 00:08:27 | 000,015,884 | ---- | C] () -- C:\Users\****\Desktop\CopyTransManager.ris
[2011.01.05 00:08:27 | 000,013,425 | ---- | C] () -- C:\Users\****\Desktop\License Agreement.rtf
[2011.01.02 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 23:11:24 | 000,011,261 | ---- | C] () -- C:\Users\****\Documents\Hallo Silke.docx
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.03 16:47:46 | 000,007,589 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.04.10 12:50:26 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010.04.09 23:03:17 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\AVSMediaPlayer.m3u
[2010.04.09 23:01:42 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.04.09 23:01:42 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.01.10 20:45:08 | 523,344,867 | ---- | C] () -- C:\Program Files (x86)\data2.cab
[2010.01.10 20:45:08 | 001,669,931 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010.01.10 20:45:08 | 001,061,129 | ---- | C] () -- C:\Program Files (x86)\data1.cab
[2010.01.10 20:45:08 | 000,255,777 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2010.01.10 20:45:08 | 000,214,975 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2010.01.10 20:45:08 | 000,021,494 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010.01.10 20:45:08 | 000,001,241 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010.01.10 20:45:08 | 000,000,473 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2009.12.30 20:05:47 | 000,985,299 | ---- | C] () -- C:\Program Files (x86)\Launcher.exe
[2009.12.30 20:05:47 | 000,000,191 | ---- | C] () -- C:\Program Files (x86)\Server.dat
[2009.12.30 20:05:47 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\version.ini
[2009.11.16 23:08:45 | 000,008,192 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.16 06:41:57 | 000,000,092 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2009.11.15 23:03:51 | 001,625,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.02 20:51:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.08.24 15:49:30 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.21 22:07:42 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.06.21 22:07:42 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.05.20 16:06:42 | 000,291,840 | ---- | C] () -- C:\Windows\FCVAP64.dll
[2009.05.20 16:06:42 | 000,086,016 | ---- | C] () -- C:\Windows\EZFRD64.dll
[2009.05.17 20:44:51 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2009.05.12 23:14:05 | 000,031,439 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2010.03.03 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avnex
[2011.01.18 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Azureus
[2009.12.13 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cherry
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro
[2009.12.18 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DeepBurner
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fit3DLive
[2010.11.15 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.01.19 14:48:53 | 000,000,000 | ---D | M] -- C:\Users\****AppData\Roaming\ICQ
[2009.12.18 14:50:44 | 000,000,000 | ---D | M] -- C:\Users\****AppData\Roaming\ImgBurn
[2009.12.17 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2009.11.15 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LG Electronics
[2010.05.17 19:11:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2010.01.10 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.01.20 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mael
[2010.10.19 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Miranda
[2009.11.15 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MP3SkypeRecorder
[2009.11.20 13:00:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2010.09.28 21:34:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World
[2010.04.20 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2010.10.10 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PhotoScape
[2010.06.02 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Recorder
[2010.03.14 21:58:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Kawa
[2010.05.10 13:32:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SharePod
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Songbird2
[2009.12.13 20:43:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Stellarium
[2010.06.01 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2009.11.21 13:29:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds
[2010.02.24 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TightVNC
[2009.12.17 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Toblo
[2010.04.10 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrojanHunter
[2010.03.04 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2009.11.23 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TubeBox
[2010.03.14 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft
[2009.11.15 23:19:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems
[2010.10.22 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\UseNeXT
[2010.05.07 19:02:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Western Digital
[2011.01.05 00:13:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WindSolutions
[2011.01.19 14:45:54 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.01.10 20:17:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Und jetzt noch Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.01.2011 15:32:21 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 104,56 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 276,93 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
 
Computer Name: ****| User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C7AEBE-7C64-49B6-AC85-EA19DCD08E89}" = Logitech Audio Echo Cancellation Component for 64-bit Windows
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B52C797-74D7-441E-B134-17BFF9012538}" = Paragon ExtBrowser™ 1.0 
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69082C8E-38F6-445A-8617-C19008DD5392}" = Scramby
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F498E3F-616E-4368-0086-3F260E8FAB40}" = 2002 FIFA World Cup TM
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA12FD6C-169A-11D7-A6A9-00C026281E5B}" = USB STORM TROOPER GAME PAD
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Driver
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V4.0 Build 5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"5.50 GEN-A Easy Installer by Revenger" = 5.50 GEN-A Easy Installer by Revenger
"5.50 GEN-B Easy Installer by Revenger" = 5.50 GEN-B Easy Installer by Revenger
"5.50 GEN-B2 Easy Installer by Revenger" = 5.50 GEN-B2 Easy Installer by Revenger
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Avira AntiVir Desktop" = Avira AntiVir Professional
"AviSynth" = AviSynth 2.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"EA Download Manager" = EA Download Manager
"EasyBurning" = Easy Burning (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Halo" = Microsoft Halo
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"ImgBurn" = ImgBurn
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JA Launcher" = JA Launcher
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 - 2.0.0.4
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Markets-pro Trading Plattform" = Markets-pro Trading Plattform
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"RaybanMirror" = Ray-Ban Virtual Mirror
"RealVNC_is1" = VNC Free Edition 4.1.3
"Songbird-release-1800" = Songbird 1.8.0 (Build 1800)
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Recorder
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Stellarium_is1" = Stellarium 0.10.2
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TightVNC 2.0beta1" = TightVNC 2.0beta1
"TmNationsForever_is1" = TmNationsForever
"UltraISO_is1" = UltraISO Premium V9.35
"UseNeXT_is1" = UseNeXT
"Videora T-Mobile G1 Converter" = Videora T-Mobile G1 Converter 5.04
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Toblo" = Toblo (1.2)
"Unite Media Player" = Unite Media Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.08.2010 07:37:54 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.08.2010 07:38:41 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.08.2010 11:05:22 | Computer Name = Tobi-PC | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 27.08.2010 11:05:31 | Computer Name = Tobi-PC | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normalerweise darf
 jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal
 verwendet werden. (10048)    
 
Error - 27.08.2010 11:05:31 | Computer Name = Tobi-PC | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normalerweise darf
 jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal
 verwendet werden. (10048)    
 
Error - 27.08.2010 11:06:09 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1198  Startzeit der fehlerhaften Anwendung: 0x01cb45f95f93aa66  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 9f5a2c44-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:11 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x834  Startzeit der fehlerhaften Anwendung: 0x01cb45f962c8e525  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a08d3dc8-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:12 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1170  Startzeit der fehlerhaften Anwendung: 0x01cb45f962f880aa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a0bcd94d-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:12 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x120c  Startzeit der fehlerhaften Anwendung: 0x01cb45f96338c5d2  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a0ff7fd5-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:14 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1494  Startzeit der fehlerhaften Anwendung: 0x01cb45f96418872b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a1dcdfce-b1ec-11df-862d-00248c3f6e68
 
[ OSession Events ]
Error - 26.09.2009 15:56:02 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3688
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2009 15:56:11 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2009 15:56:31 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:16:13 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2010 17:56:17 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.11.2010 03:31:23 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.11.2010 03:31:50 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2010 07:48:52 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.01.2011 15:56:32 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASUS System Control Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.01.2011 16:00:23 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.01.2011 16:00:39 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.01.2011 16:01:22 | Computer Name = Tobi-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 18.01.2011 16:01:57 | Computer Name = Tobi-PC | Source = NetBT | ID = 4321
Description = Der Name "TOBI-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.103
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.01.2011 16:02:06 | Computer Name = Tobi-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{EB7AC3D1-B1A6-4F93-87B4-612944AB7FFF} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 18.01.2011 16:02:06 | Computer Name = Tobi-PC | Source = NetBT | ID = 4321
Description = Der Name "TOBI-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.103
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.01.2011 16:02:26 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 19.01.2011 09:44:16 | Computer Name = Tobi-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 19.01.2011 09:45:08 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
 
< End of report >
         
--- --- ---


UNd hier ist Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5553

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.01.2011 15:50:07
mbam-log-2011-01-19 (15-50-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165110
Laufzeit: 1 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 19.01.2011, 15:51   #6
ToStEeY
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Einmal OTL:

Otl.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.01.2011 15:32:21 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 104,56 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 276,93 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
 
Computer Name: TOBI-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tobi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (tvnserver) -- C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Cherry Device Interface) -- C:\Program Files (x86)\Cherry\CDI\cdi.exe (ZF Electronics GmbH)
SRV - (TeamViewer4) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (LBTServ) -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe ()
SRV - (ScrambyServer) -- C:\Program Files (x86)\RapidSolution\Scramby\ScrambyServer.exe (RapidSolution Software AG)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcS64) -- c:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (scramby_out) -- C:\Windows\SysNative\drivers\scramby_out.sys (RapidSolution Software AG)
DRV:64bit: - (scramby) -- C:\Windows\SysNative\drivers\scramby.sys (RapidSolution Software AG)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2Mon.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\drivers\LVMVdrv.sys (Logitech Inc.)
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\drivers\LVCKap64.sys (Logitech Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 41 98 DB C8 41 B0 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.4.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.15 02:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.02 12:51:16 | 000,000,000 | ---D | M]
 
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.01.18 20:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions
[2009.11.15 23:19:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.16 20:46:41 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}
[2010.04.29 18:57:31 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.04.30 13:50:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.01.11 21:01:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Tobi\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\battlefieldheroespatcher@ea.com
[2010.09.22 20:07:10 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\se94wzno.default\extensions\vshare@toolbar
[2009.06.13 10:57:06 | 000,002,399 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\daemon-search.xml
[2009.09.27 11:26:51 | 000,002,314 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\forestle-de.xml
[2010.09.22 20:07:18 | 000,001,583 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\se94wzno.default\searchplugins\web-search.xml
[2011.01.18 20:48:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.06.14 18:29:41 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.06.14 18:29:41 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2009.06.14 18:29:41 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2009.06.14 18:29:41 | 000,000,986 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2009.06.14 18:29:41 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} -  File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TurboV] C:\Program Files (x86)\ASUS\TurboV\TurboV.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Users\****\Desktop\E-Mail_
[2011.01.19 15:30:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.01.19 15:29:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\Desktop\mbam-setup.exe
[2011.01.19 15:10:13 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\f0recast-V1.2
[2011.01.18 21:07:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.01.18 21:02:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.01.18 20:53:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.01.18 20:53:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.01.18 20:53:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.01.18 20:53:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.01.18 20:52:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.01.18 20:51:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.18 20:48:22 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.01.18 20:46:35 | 002,107,888 | ---- | C] (Piriform Ltd) -- C:\Users\Tobi\Desktop\ccsetup302_slim.exe
[2011.01.15 23:23:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Empires
[2011.01.15 21:57:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Valve1
[2011.01.15 21:54:08 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Age Of Empires 2 & The Conquerors Expansion
[2011.01.15 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.01.15 21:30:45 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Valve
[2011.01.15 20:54:48 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8
[2011.01.15 11:27:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Beginner
[2011.01.15 11:26:23 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Guitar_Pro_v5.1_incl_Crack_vinasofts.ws
[2011.01.15 11:25:24 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Nintendo 64
[2011.01.14 18:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Markets-pro
[2011.01.14 18:08:03 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2011.01.14 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Markets-pro
[2011.01.14 18:07:57 | 000,000,000 | -H-D | C] -- C:\Users\****\InstallAnywhere
[2011.01.14 17:56:02 | 044,530,240 | ---- | C] (Macrovision) -- C:\Users\****\Desktop\CFD_FX_MM5_Installer.exe
[2011.01.13 21:43:53 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\itunes
[2011.01.09 23:54:43 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Battlefield Heroes
[2011.01.09 23:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.01.05 00:38:02 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.01.05 00:12:59 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\CopyTransDriversInstallerv1.005
[2011.01.05 00:08:27 | 006,976,696 | ---- | C] (WindSolutions) -- C:\Users\Tobi\Desktop\CopyTransManager.exe
[2011.01.03 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\WindSolutions
[2011.01.03 01:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2011.01.03 01:23:09 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\SharePod
[2011.01.02 12:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.01.02 12:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.01.02 12:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.01.02 12:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.01.02 12:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.12.30 19:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2010.12.30 19:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.12.30 15:36:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Dream SM
[2010.12.26 19:14:01 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Diverse Bilder
[2010.01.14 21:41:40 | 814,143,398 | ---- | C] (GOA                                                         ) -- C:\Programme\loleusetup.exe
[2010.01.10 20:45:08 | 000,576,000 | ---- | C] (Acresso Software Inc.) -- C:\Program Files (x86)\ISSetup.dll
[2009.12.30 20:05:52 | 000,007,680 | ---- | C] (LastCO) -- C:\Program Files (x86)\LastCO.exe
[2009.12.30 20:05:47 | 001,594,680 | ---- | C] (LASTCO EMU) -- C:\Program Files (x86)\LASTCOX.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Users\Tobi\Desktop\E-Mail_
[2011.01.19 15:31:27 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Tobi\Desktop\mbam-setup.exe
[2011.01.19 15:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tobi\Desktop\OTL.exe
[2011.01.19 15:15:51 | 078,159,764 | ---- | M] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw.part
[2011.01.19 15:15:51 | 000,000,000 | ---- | M] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw
[2011.01.19 15:09:47 | 000,240,692 | ---- | M] () -- C:\Users\****\Desktop\f0recast-V1.2.zip
[2011.01.19 14:54:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.19 14:50:00 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 14:50:00 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.19 14:45:54 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.19 14:44:46 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.19 14:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.19 14:44:28 | 529,096,703 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.18 22:38:36 | 005,005,670 | ---- | M] () -- C:\Users\****\Desktop\Tenacious_D_Tribute.mp3
[2011.01.18 22:36:04 | 000,008,192 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.18 22:21:48 | 003,970,712 | ---- | M] () -- C:\Users\****\Desktop\Tenacious_D_-_Tribute_by_yusenken.mp3
[2011.01.18 22:20:37 | 004,499,475 | ---- | M] () -- C:\Users\****\Desktop\07-tenacious_d-master_exploder.mp3
[2011.01.18 22:19:36 | 009,201,664 | ---- | M] () -- C:\Users\****\Desktop\kralove_rocku_beelzeboss_ost.mp3
[2011.01.18 22:18:29 | 006,629,376 | ---- | M] () -- C:\Users\****\Desktop\kralove_rocku_kickapoo_ost.mp3
[2011.01.18 20:51:05 | 004,157,342 | R--- | M] () -- C:\Users\****\Desktop\ComboFix.exe
[2011.01.18 20:46:48 | 002,107,888 | ---- | M] (Piriform Ltd) -- C:\Users\****\Desktop\ccsetup302_slim.exe
[2011.01.16 18:19:26 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.01.16 18:19:26 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.01.16 16:57:25 | 000,495,860 | ---- | M] () -- C:\Users\****\Desktop\neue_oberstufe_2005.pdf
[2011.01.16 15:26:50 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.01.16 14:04:56 | 000,026,113 | ---- | M] () -- C:\Users\****\Desktop\01deutschhinweise2013.pdf
[2011.01.15 20:57:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011.01.15 20:41:46 | 420,813,332 | ---- | M] () -- C:\Users\****\Desktop\iPhone3GS_421_8C148a_Restore.zip
[2011.01.15 20:32:30 | 011,193,637 | ---- | M] () -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8.zip
[2011.01.15 20:20:43 | 001,649,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.15 20:20:43 | 000,710,048 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.15 20:20:43 | 000,663,666 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.15 20:20:43 | 000,153,580 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.15 20:20:43 | 000,125,796 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.14 18:08:06 | 000,001,133 | ---- | M] () -- C:\Users\Public\Desktop\Markets-pro Trading Plattform.lnk
[2011.01.14 18:02:50 | 044,530,240 | ---- | M] (Macrovision) -- C:\Users\****\Desktop\CFD_FX_MM5_Installer.exe
[2011.01.13 21:43:36 | 001,540,740 | ---- | M] () -- C:\Users\****\Desktop\AA.Net.Client.rar
[2011.01.12 22:07:23 | 000,031,232 | ---- | M] () -- C:\Users\****\Desktop\Tobias Latta DSP.doc
[2011.01.11 21:12:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.01.09 22:15:28 | 002,577,776 | ---- | M] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2011.01.02 14:29:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.01.02 02:42:43 | 000,007,356 | ---- | M] () -- C:\Users\****\Desktop\SharePodSettings.xml
[2010.12.23 00:16:32 | 000,011,261 | ---- | M] () -- C:\Users\****\Documents\Hallo Silke.docx
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.19 15:15:51 | 000,000,000 | ---- | C] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw
[2011.01.19 15:13:35 | 074,719,124 | ---- | C] () -- C:\Users\****\Desktop\iPhone1,1_3.1.2_7D11_Restore.ipsw.part
[2011.01.19 15:09:47 | 000,240,692 | ---- | C] () -- C:\Users\****\Desktop\f0recast-V1.2.zip
[2011.01.19 14:45:54 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.01.18 22:37:55 | 005,005,670 | ---- | C] () -- C:\Users\****\Desktop\Tenacious_D_Tribute.mp3
[2011.01.18 22:28:54 | 009,250,138 | ---- | C] () -- C:\Users\****\Desktop\Led Zeppelin - Stairway to Heaven.mp3
[2011.01.18 22:19:15 | 004,499,475 | ---- | C] () -- C:\Users\****\Desktop\07-tenacious_d-master_exploder.mp3
[2011.01.18 22:17:55 | 003,970,712 | ---- | C] () -- C:\Users\****\Desktop\Tenacious_D_-_Tribute_by_yusenken.mp3
[2011.01.18 22:17:36 | 009,201,664 | ---- | C] () -- C:\Users\****\Desktop\kralove_rocku_beelzeboss_ost.mp3
[2011.01.18 22:17:11 | 006,629,376 | ---- | C] () -- C:\Users\****\Desktop\kralove_rocku_kickapoo_ost.mp3
[2011.01.18 20:53:24 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.18 20:53:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.18 20:53:24 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.18 20:53:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.18 20:53:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.18 20:50:29 | 004,157,342 | R--- | C] () -- C:\Users\****\Desktop\ComboFix.exe
[2011.01.16 16:57:20 | 000,495,860 | ---- | C] () -- C:\Users\****\Desktop\neue_oberstufe_2005.pdf
[2011.01.16 14:04:55 | 000,026,113 | ---- | C] () -- C:\Users\****\Desktop\01deutschhinweise2013.pdf
[2011.01.15 20:57:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2011.01.15 20:46:06 | 011,193,637 | ---- | C] () -- C:\Users\****\Desktop\redsn0w_win_0.9.6rc8.zip
[2011.01.15 20:45:02 | 420,813,332 | ---- | C] () -- C:\Users\****\Desktop\iPhone3GS_421_8C148a_Restore.zip
[2011.01.15 11:27:54 | 2100,203,099 | ---- | C] () -- C:\Users\****\Desktop\vorbilder.mp4
[2011.01.14 18:08:06 | 000,001,133 | ---- | C] () -- C:\Users\Public\Desktop\Markets-pro Trading Plattform.lnk
[2011.01.13 21:43:21 | 001,540,740 | ---- | C] () -- C:\Users\****\Desktop\AA.Net.Client.rar
[2011.01.12 19:56:28 | 000,031,232 | ---- | C] () -- C:\Users\****\Desktop\Tobias Latta DSP.doc
[2011.01.11 21:12:04 | 002,577,776 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_heroes.exe
[2011.01.05 00:08:27 | 000,015,884 | ---- | C] () -- C:\Users\****\Desktop\CopyTransManager.ris
[2011.01.05 00:08:27 | 000,013,425 | ---- | C] () -- C:\Users\****\Desktop\License Agreement.rtf
[2011.01.02 14:29:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.12.20 23:11:24 | 000,011,261 | ---- | C] () -- C:\Users\****\Documents\Hallo Silke.docx
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.03 16:47:46 | 000,007,589 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.04.10 12:50:26 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2010.04.09 23:03:17 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Roaming\AVSMediaPlayer.m3u
[2010.04.09 23:01:42 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.04.09 23:01:42 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.01.10 20:45:08 | 523,344,867 | ---- | C] () -- C:\Program Files (x86)\data2.cab
[2010.01.10 20:45:08 | 001,669,931 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010.01.10 20:45:08 | 001,061,129 | ---- | C] () -- C:\Program Files (x86)\data1.cab
[2010.01.10 20:45:08 | 000,255,777 | ---- | C] () -- C:\Program Files (x86)\setup.inx
[2010.01.10 20:45:08 | 000,214,975 | ---- | C] () -- C:\Program Files (x86)\data1.hdr
[2010.01.10 20:45:08 | 000,021,494 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010.01.10 20:45:08 | 000,001,241 | ---- | C] () -- C:\Program Files (x86)\setup.ini
[2010.01.10 20:45:08 | 000,000,473 | ---- | C] () -- C:\Program Files (x86)\layout.bin
[2009.12.30 20:05:47 | 000,985,299 | ---- | C] () -- C:\Program Files (x86)\Launcher.exe
[2009.12.30 20:05:47 | 000,000,191 | ---- | C] () -- C:\Program Files (x86)\Server.dat
[2009.12.30 20:05:47 | 000,000,009 | ---- | C] () -- C:\Program Files (x86)\version.ini
[2009.11.16 23:08:45 | 000,008,192 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.16 06:41:57 | 000,000,092 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2009.11.15 23:03:51 | 001,625,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.02 20:51:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.08.24 15:49:30 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.21 22:07:42 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.06.21 22:07:42 | 000,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.05.20 16:06:42 | 000,291,840 | ---- | C] () -- C:\Windows\FCVAP64.dll
[2009.05.20 16:06:42 | 000,086,016 | ---- | C] () -- C:\Windows\EZFRD64.dll
[2009.05.17 20:44:51 | 000,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2009.05.12 23:14:05 | 000,031,439 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.12.28 08:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2010.03.03 21:59:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avnex
[2011.01.18 20:49:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Azureus
[2009.12.13 20:22:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Cherry
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Pro
[2009.12.18 14:22:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DeepBurner
[2009.11.15 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fit3DLive
[2010.11.15 20:30:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0
[2011.01.19 14:48:53 | 000,000,000 | ---D | M] -- C:\Users\****AppData\Roaming\ICQ
[2009.12.18 14:50:44 | 000,000,000 | ---D | M] -- C:\Users\****AppData\Roaming\ImgBurn
[2009.12.17 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2009.11.15 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LG Electronics
[2010.05.17 19:11:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2010.01.10 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.01.20 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mael
[2010.10.19 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Miranda
[2009.11.15 23:19:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MP3SkypeRecorder
[2009.11.20 13:00:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2010.09.28 21:34:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World
[2010.04.20 18:42:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2010.10.10 16:30:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PhotoScape
[2010.06.02 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Recorder
[2010.03.14 21:58:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Kawa
[2010.05.10 13:32:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SharePod
[2010.10.23 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Songbird2
[2009.12.13 20:43:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Stellarium
[2010.06.01 19:49:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2009.11.21 13:29:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Teeworlds
[2010.02.24 20:45:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TightVNC
[2009.12.17 18:08:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Toblo
[2010.04.10 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrojanHunter
[2010.03.04 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2009.11.23 13:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TubeBox
[2010.03.14 20:21:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ubisoft
[2009.11.15 23:19:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems
[2010.10.22 21:06:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\UseNeXT
[2010.05.07 19:02:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Western Digital
[2011.01.05 00:13:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WindSolutions
[2011.01.19 14:45:54 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.01.10 20:17:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



Und jetzt noch Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.01.2011 15:32:21 - Run 1
OTL by OldTimer - Version 3.2.20.2     Folder = C:\Users\****\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 67,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,17 Gb Total Space | 104,56 Gb Free Space | 17,54% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 276,93 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
 
Computer Name: ****| User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{604CB4FC-3D32-405F-A109-165F170529B6}" = WD SmartWare
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C7AEBE-7C64-49B6-AC85-EA19DCD08E89}" = Logitech Audio Echo Cancellation Component for 64-bit Windows
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB  (09/02/2009 1.0.0.1)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB  (06/11/2009 1.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C4668-7767-4109-9B5E-19AD056F2CA0}" = MP3 Skype Recorder
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4B52C797-74D7-441E-B134-17BFF9012538}" = Paragon ExtBrowser™ 1.0 
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69082C8E-38F6-445A-8617-C19008DD5392}" = Scramby
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F498E3F-616E-4368-0086-3F260E8FAB40}" = 2002 FIFA World Cup TM
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A0494B41-EBD7-4C0D-91B7-DC39741B27BB}" = Express Gate
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA12FD6C-169A-11D7-A6A9-00C026281E5B}" = USB STORM TROOPER GAME PAD
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Driver
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DC627AE5-A2B1-4D16-AF56-178D10EC3E81}" = KeyMan V4.0 Build 5
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EA0B63C1-E579-43DD-A5F7-0DA5E9092554}" = CryEngine(R)2 Sandbox(TM)2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"5.50 GEN-A Easy Installer by Revenger" = 5.50 GEN-A Easy Installer by Revenger
"5.50 GEN-B Easy Installer by Revenger" = 5.50 GEN-B Easy Installer by Revenger
"5.50 GEN-B2 Easy Installer by Revenger" = 5.50 GEN-B2 Easy Installer by Revenger
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE 
"AutoHotkey" = AutoHotkey 1.0.48.05
"AV Voice Changer Software GOLD 7.0" = AV Voice Changer Software GOLD 7.0
"Avira AntiVir Desktop" = Avira AntiVir Professional
"AviSynth" = AviSynth 2.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Cross Fire_is1" = Cross Fire En
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"EA Download Manager" = EA Download Manager
"EasyBurning" = Easy Burning (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Halo" = Microsoft Halo
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"HxD Hex Editor_is1" = HxD Hex Editor Version 1.7.7.0
"Icy Tower v1.3.1_is1" = Icy Tower v1.3.1
"Icy Tower v1.4_is1" = Icy Tower v1.4
"ImgBurn" = ImgBurn
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"InstallShield_{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"JA Launcher" = JA Launcher
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"Left4Dead2-hohesC_is1" = Left 4 Dead 2 - 2.0.0.4
"LogMeIn Hamachi" = LogMeIn Hamachi
"MagicDisc 2.7.105" = MagicDisc 2.7.105
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Markets-pro Trading Plattform" = Markets-pro Trading Plattform
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Miranda IM" = Miranda IM 0.9.8
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera-Treiber
"RaybanMirror" = Ray-Ban Virtual Mirror
"RealVNC_is1" = VNC Free Edition 4.1.3
"Songbird-release-1800" = Songbird 1.8.0 (Build 1800)
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Recorder
"Steam App 10" = Counter-Strike
"Steam App 240" = Counter-Strike: Source
"Stellarium_is1" = Stellarium 0.10.2
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 4" = TeamViewer 4
"TightVNC 2.0beta1" = TightVNC 2.0beta1
"TmNationsForever_is1" = TmNationsForever
"UltraISO_is1" = UltraISO Premium V9.35
"UseNeXT_is1" = UseNeXT
"Videora T-Mobile G1 Converter" = Videora T-Mobile G1 Converter 5.04
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Toblo" = Toblo (1.2)
"Unite Media Player" = Unite Media Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.08.2010 07:37:54 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.08.2010 07:38:41 | Computer Name = Tobi-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.08.2010 11:05:22 | Computer Name = Tobi-PC | Source = WDSmartWareBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
 Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
 Manche oder alle Identitätsverweise konnten nicht übersetzt werden.     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
 data)     bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
 properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
 IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

   --- Ende der internen Ausnahmestapelüberwachung ---     bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
 args, SignatureStruct& signature, IntPtr declaringType)     bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
 invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)     bei System.RuntimeType.CreateInstanceImpl(BindingFlags
 bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
 entry)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
 configData, Boolean ensureSecurity)     bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
 filename, Boolean ensureSecurity)     bei RemoteServerService.WDSmartWareBackgroundService.OnStart(String[]
 args)
 
Error - 27.08.2010 11:05:31 | Computer Name = Tobi-PC | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normalerweise darf
 jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal
 verwendet werden. (10048)    
 
Error - 27.08.2010 11:05:31 | Computer Name = Tobi-PC | Source = WinVNC4 | ID = 1
Description = ManagedListener: unable to bind listening socket: Normalerweise darf
 jede Socketadresse (Protokoll, Netzwerkadresse oder Anschluss) nur jeweils einmal
 verwendet werden. (10048)    
 
Error - 27.08.2010 11:06:09 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1198  Startzeit der fehlerhaften Anwendung: 0x01cb45f95f93aa66  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 9f5a2c44-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:11 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x834  Startzeit der fehlerhaften Anwendung: 0x01cb45f962c8e525  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a08d3dc8-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:12 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1170  Startzeit der fehlerhaften Anwendung: 0x01cb45f962f880aa  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a0bcd94d-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:12 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x120c  Startzeit der fehlerhaften Anwendung: 0x01cb45f96338c5d2  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a0ff7fd5-b1ec-11df-862d-00248c3f6e68
 
Error - 27.08.2010 11:06:14 | Computer Name = Tobi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Name des fehlerhaften Moduls: LVComSX.exe, Version: 10.5.1.2027,
 Zeitstempel: 0x45c92641  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013154  ID des fehlerhaften
 Prozesses: 0x1494  Startzeit der fehlerhaften Anwendung: 0x01cb45f96418872b  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
Berichtskennung:
 a1dcdfce-b1ec-11df-862d-00248c3f6e68
 
[ OSession Events ]
Error - 26.09.2009 15:56:02 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3688
 seconds with 960 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2009 15:56:11 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 26.09.2009 15:56:31 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.07.2010 17:16:13 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.08.2010 17:56:17 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.11.2010 03:31:23 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.11.2010 03:31:50 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.12.2010 07:48:52 | Computer Name = Tobi-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.01.2011 15:56:32 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "ASUS System Control Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 18.01.2011 16:00:23 | Computer Name = Tobi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.01.2011 16:00:39 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 18.01.2011 16:01:22 | Computer Name = Tobi-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 18.01.2011 16:01:57 | Computer Name = Tobi-PC | Source = NetBT | ID = 4321
Description = Der Name "TOBI-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.103
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.01.2011 16:02:06 | Computer Name = Tobi-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{EB7AC3D1-B1A6-4F93-87B4-612944AB7FFF} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 18.01.2011 16:02:06 | Computer Name = Tobi-PC | Source = NetBT | ID = 4321
Description = Der Name "TOBI-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.106  registriert werden. Der Computer mit IP-Adresse 192.168.2.103
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.01.2011 16:02:26 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
Error - 19.01.2011 09:44:16 | Computer Name = Tobi-PC | Source = sptd | ID = 262148
Description = Der Treiber hat einen internen Fehler in seinen Datenstrukturen für
  festgestellt.
 
Error - 19.01.2011 09:45:08 | Computer Name = Tobi-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   sptd
 
 
< End of report >
         
--- --- ---



UNd hier ist Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5553

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.01.2011 15:50:07
mbam-log-2011-01-19 (15-50-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165110
Laufzeit: 1 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 19.01.2011, 16:13   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.01.2011, 16:45   #8
ToStEeY
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Ne, das waren die Einzigen

Alt 19.01.2011, 19:40   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Standard

Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)



Zitat:
C:\Users\****\Desktop\Guitar_Pro_v5.1_incl_Crack_vinasofts.ws


Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)
adapter, alle programme, antivir, asus, auswerten, avg, avira, combofix, combofix auswertung, dateien, defender, desktop, device driver, firefox, google, mozilla, nvidia, object, problem, programdata, programme, prozesse, realtek, sched.exe, service.exe, software, sptd.sys, stick, system, syswow64, tvnserver, updates, usbaapl64, win 7 problem, windows 7 ultimate, öffnet




Ähnliche Themen: Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)


  1. Werbung öffnet sich sobald ich mit dem Coursor auf ein Bild fahre
    Plagegeister aller Art und deren Bekämpfung - 17.08.2015 (6)
  2. Mauszeiger/Coursor lädt/blinkt ständig (Vista 64 bit)
    Log-Analyse und Auswertung - 05.02.2015 (1)
  3. FRST Auswertung, ist alles in Ordnung?
    Log-Analyse und Auswertung - 18.09.2014 (5)
  4. FRST Auswertung, alles Ok?
    Log-Analyse und Auswertung - 24.08.2014 (11)
  5. ComboFix öffnet Tür und Tor
    Antiviren-, Firewall- und andere Schutzprogramme - 14.02.2014 (10)
  6. Von XP zu WIN7 wechseln: was ist alles zu beachten?
    Alles rund um Windows - 05.01.2014 (8)
  7. Bundespolizei Trojaner, Systemwiederherstellung danach Combofix, bitte um Auswertung
    Log-Analyse und Auswertung - 10.08.2012 (4)
  8. Support bei Auswertung DDS und Combofix
    Log-Analyse und Auswertung - 04.03.2012 (1)
  9. Auswertung der ComboFix-Logfile
    Log-Analyse und Auswertung - 04.02.2012 (1)
  10. Eine höfliche Anfrage zur Auswertung von einem Combofix-Log
    Log-Analyse und Auswertung - 29.07.2011 (12)
  11. OTL Auswertung... Alles Plattmachen?
    Log-Analyse und Auswertung - 25.06.2011 (10)
  12. Security Suite entfernen - ComboFix-Auswertung
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (31)
  13. Auswertung combofix-log
    Log-Analyse und Auswertung - 19.09.2010 (1)
  14. combofix logfile auswertung
    Log-Analyse und Auswertung - 31.01.2010 (1)
  15. IE öffnet von allein bitte combofix log checken
    Log-Analyse und Auswertung - 14.10.2009 (9)
  16. HiJachThis und Combofix LOG-File Auswertung
    Log-Analyse und Auswertung - 08.06.2008 (2)
  17. Bitte um Auswertung - alles in Ordnung?
    Mülltonne - 08.09.2007 (0)

Zum Thema Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) - Guten Abend, ich habe seit gestern ein Problem mit meinem Windows. Es hat auf einmal angefangen, alle Dinge auf die der Coursor gerichtet war, anzuklicken. Ausserdem war es bei dem - Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung)...
Archiv
Du betrachtest: Win7 öffnet alles auf dem der Coursor ist(Combofix-auswertung) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.