|
Plagegeister aller Art und deren Bekämpfung: Vista Antispyware 2012 hat mich erwischtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.08.2011, 20:42 | #1 |
| Vista Antispyware 2012 hat mich erwischt Hallo liebes Team, leider hat mich auch die Vista Antispyware 2012 erwischt. Der Internetzugang über Firefox und den IE war blockiert und es öffneten sich willkürlich Fake-Warnmeldungen. Was bisher geschah: 1. Nach der Infizierung habe ich zunächst rkill.com heruntergeladen und mehrfach gestartet bis alle Fenster beendet waren. 2. Danach habe ich die FixNCR.reg heruntergeladen und ausgeführt. 3. Anschließend habe ich mir Malwarebytes herunter geladen und einen Quick-Scan ausgeführt, hier das Ergebnis: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7435 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 11.08.2011 19:50:41 mbam-log-2011-08-11 (19-50-41).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 155692 Laufzeit: 3 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\694245456 (Trojan.FakeAlert) -> Value: 694245456 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\***\AppData\Local\ukr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Windows\System32\ALZALZ.BIN (Spyware.Passwords) -> Quarantined and deleted successfully. c:\Windows\System32\ALZZip.BIN (Spyware.Passwords) -> Quarantined and deleted successfully. c:\Users\***\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Datenbank Version: 7435 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 11.08.2011 21:25:29 mbam-log-2011-08-11 (21-25-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 322130 Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) P.S. Nachdem mich Antispyware 2012 erwischt hat, habe ich reflexartig erst mal den PC neu gestartet. Dabei hat Microsoft Vista neue Updates installiert. Ich hoffe, das waren auch die "richtigen" Updates und nicht irgendwelche Fake-Updates. EDIT: Achja, noch was. Nach Starten des PC's erhalten ich neuerdings immer eine Fehlermeldung (s. Anlage). Geändert von Inspector (11.08.2011 um 21:21 Uhr) |
12.08.2011, 06:49 | #2 | ||
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
2. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool Ccleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
12.08.2011, 14:10 | #3 |
| Vista Antispyware 2012 hat mich erwischt Vielen Dank für deine Antwort.
__________________So, OTL habe ich laufen lassen, hier die Ergebnisse: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 12.08.2011 14:53:04 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** **\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free 6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\phonostar\ps_timer.exe (phonostar) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj) PRC - C:\Programme\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\DesktopEarth\DesktopEarth.exe (CodeFromThe70s.org) ========== Modules (SafeList) ========== MOD - C:\Users\** **\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce)) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== Code:
ATTFilter OTL Extras logfile created on: 12.08.2011 14:53:04 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** **\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 62,07% Memory free 6,22 Gb Paging File | 5,32 Gb Available in Paging File | 85,54% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 433,68 Gb Free Space | 73,99% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | "{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | "{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | "{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{17824339-C744-47FE-BDF5-CE448C2F0BB5}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4D16FE5A-BC79-4B37-A92F-BB87B3366175}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A181EFF2-3D23-4E51-88B1-71C7A9E8CD60}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | "{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C8A8C06A-B1FA-4A23-97E5-5E4A4B6FF1ED}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D63D70E7-CDBA-43B0-81B3-D1D7DF433138}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{DE9F0361-21EC-4CF4-AFBB-4CC0AFA91FE1}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EB4D0451-7061-4DD8-B919-83800F636FE5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FF1554C5-0815-4323-AEF3-ACC75AE8CFE0}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{42B7723C-31B3-4E6A-B053-11D31CB87ED5}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=6 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe | "TCP Query User{4C4640C7-54A9-41DE-97A5-680DA79AFA7C}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{B3DE209E-1A24-479F-8FFC-5DDC418404CB}C:\clusterball\xdreamcc.exe" = protocol=6 | dir=in | app=c:\clusterball\xdreamcc.exe | "TCP Query User{B573BBF7-F35E-41C6-8EC5-C4379390E537}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{08F7DB70-B8B4-4E82-A872-150985BB3186}C:\clusterball\xdreamcc.exe" = protocol=17 | dir=in | app=c:\clusterball\xdreamcc.exe | "UDP Query User{2F0C4E61-819F-4EBE-9FAB-F8CEE38AE2BD}C:\program files\trackmania nations eswc\tmnationseswc.exe" = protocol=17 | dir=in | app=c:\program files\trackmania nations eswc\tmnationseswc.exe | "UDP Query User{3EC8DC8C-7570-4912-B1F9-0F53619B2762}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{855DDA6C-CED5-4A4D-BDCD-D777B3B0BAF3}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish "{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional "{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese "{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese "{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins "{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian "{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish "{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing "{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion "{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian "{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian "{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602 "{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese "{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard "{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English "{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French "{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2 "{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard "{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta) "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German "{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALUpdate "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager "Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CompuGROUP Z1" = CompuGROUP Z1 "Die Sims" = Die Sims "ENTERPRISE" = Microsoft Office Enterprise 2007 "FIFA International Soccer_is1" = Game FIFA International Soccer "FileZilla Client" = FileZilla Client 3.5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "LHTTSGED" = L&H TTS3000 Deutsch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8 "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "SopCast" = SopCast 2.0.4 "Star Alliance Screen Saver_is1" = Star Alliance Screen Saver "Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5 "TmNationsForever_is1" = TmNationsForever "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "Veoh Web Player Beta" = Veoh Web Player "VLC media player" = VLC media player 1.1.5 "VWLUPO-Key" = VOLKSWAGEN Lupo-Cup "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.08.2011 00:19:26 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:33 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 00:19:34 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 12.08.2011 08:08:52 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.07.2011 01:30:31 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005 Description = Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > --- --- --- --- --- --- Danach habe ich den CCleaner herunter geladen, hier meine installierten Programme: Code:
ATTFilter Adobe Flash Player 10 Plugin Adobe Systems Incorporated 18.06.2011 10.3.181.26 Adobe Flash Player ActiveX Adobe Systems Incorporated 10.08.2008 9.0.124.0 Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 15.06.2011 165,3MB 10.1.0 ALUpdate ESTsoft Corp. 13.08.2008 2,05MB ALZip ESTsoft Corp. 13.08.2008 11,8MB 7.0 beta1 ANNO 1602 26.10.2008 3.290MB 1.05 ATI Catalyst Control Center 10.08.2008 24,00KB 2.008.0409.2230 Avira AntiVir Personal - Free Antivirus Avira GmbH 23.07.2011 65,4MB 10.2.0.696 Browser Address Error Redirector Dell 10.08.2008 1.00.0000 Bundesliga 2000 - Der Fussball Manager 06.03.2010 570MB Canon MP630 series Benutzerregistrierung 22.01.2009 0,52MB Canon MP630 series MP Drivers 22.01.2009 Canon Utilities My Printer 22.01.2009 2,39MB CCleaner Piriform 11.08.2011 3,98MB 3.09 Chinese Simplified Fonts Support For Adobe Reader 8 Adobe Systems 13.03.2010 29,5MB 8.0.0 Compatibility Pack für 2007 Office System Microsoft Corporation 15.06.2011 56,2MB 12.0.6425.1000 CompuGROUP Z1 18.03.2009 1.211MB Das Fussball Studio 8.4.3 (Beta) vmLOGIC - Volker Mallmann 01.08.2011 20,2MB 8.4.3 Dell Dock Dell 10.08.2008 1.0.0 Dell Support Center (Support Software) Dell 14.10.2009 2.2.09085 DerKleineTurnierplaner Der Kleine Turnierplaner 15.09.2008 10,9MB 1.00.0000 DesktopEarth CodeFromThe70s.org 15.10.2009 6,85MB 2.1.1 DFS_Media_Tool 2.1.2 vmLOGIC - Volker Mallmann 28.10.2008 0,91MB 2.1.2 Die Sims 07.07.2010 302MB DivX Codec DivX, Inc. 07.12.2008 1,40MB 6.8.5 DivX Converter DivX, Inc. 07.12.2008 30,4MB 6.6.1 DivX Player 13.11.2008 15,4MB 6.8.2 DivX Web Player DivX,Inc. 13.11.2008 2,92MB 1.4.2 DNA BitTorrent Inc. 12.11.2009 0,41MB 2.2.4 (16502) EDocs 10.08.2008 0,80MB FileZilla Client 3.5.0 08.07.2011 13,9MB 3.5.0 Free Audio CD Burner version 1.4.7 DVDVideoSoft Limited. 10.04.2011 3,16MB Free YouTube to MP3 Converter version 3.9.35.324 DVDVideoSoft Limited. 10.04.2011 3,38MB Game FIFA International Soccer Electronic Arts 28.07.2009 1,25MB Google Earth Google 12.07.2011 84,7MB 6.0.3.2197 Google Updater Google Inc. 22.03.2009 3,59MB 2.4.1536.6592 Intel(R) Graphics Media Accelerator Driver 13.08.2008 Intel(R) PRO Network Connections 12.1.11.0 Intel 10.08.2008 5,91MB Java(TM) 6 Update 20 Sun Microsystems, Inc. 10.05.2010 94,5MB 6.0.200 Java(TM) 6 Update 5 Sun Microsystems, Inc. 10.08.2008 171,1MB 1.6.0.50 L&H TTS3000 Deutsch 18.03.2009 Malwarebytes' Anti-Malware Version 1.51.1.1800 Malwarebytes Corporation 10.08.2011 6,72MB 1.51.1.1800 Max Senft's Vokabeltrainer 1.1b 06.09.2008 1,77MB 1.1b Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 03.06.2009 27,8MB Microsoft IntelliPoint 6.1 Microsoft 17.08.2008 11,4MB 6.10.156.0 Microsoft Office Enterprise 2007 Microsoft Corporation 03.06.2009 308MB 12.0.6425.1000 Microsoft Office File Validation Add-In Microsoft Corporation 29.06.2011 7,92MB 14.0.5130.5003 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 15.06.2011 89,0MB 12.0.6425.1000 Microsoft Silverlight Microsoft Corporation 15.06.2011 14,9MB 4.0.60531.0 Microsoft SQL Server Native Client Microsoft Corporation 18.03.2009 2,43MB 9.00.3042.00 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 28.07.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 12.06.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 03.06.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.03.2010 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 15.06.2011 0,58MB 9.0.30729.6161 Microsoft Works Microsoft Corporation 14.12.2010 9.7.0621 Mozilla Firefox 5.0 (x86 de) Mozilla 01.07.2011 99,3MB 5.0 NetSpeedMonitor 2.5.4.0 x86 Florian Gilles 17.07.2011 1,04MB 2.5.4.0 phonostar-Player Version 2.01.4 13.08.2008 9,73MB phonostar-Player Version 3.01.8 15.10.2010 30,9MB Pro Evolution Soccer 2010 DEMO KONAMI 02.06.2010 1.030MB 1.00.0000 Realtek High Definition Audio Driver 10.08.2008 Reflexion Reflexion 17.08.2010 2,91MB 1.00.0000 SopCast 2.0.4 SopCast.com 26.04.2009 11,3MB 2.0.4 Star Alliance Screen Saver Star Alliance GmbH 27.10.2008 7,48MB Taskbar Shuffle version 2.5 Jay Elaraj 17.07.2009 1,61MB 2.5 TmNationsForever Nadeo 29.10.2008 717MB Turnierplaner Freeware 07.07.2010 2,55MB TVAnts 1.0 26.04.2009 3,64MB Uninstall 1.0.0.1 10.04.2011 30,8MB Veoh Web Player Veoh Networks, Inc. 17.05.2010 30,4MB 1.2.1.1209 Vista Codec Package Shark007 01.12.2008 52,2MB 5.0.3 VLC media player 1.1.5 VideoLAN 22.12.2010 49,0MB 1.1.5 VOLKSWAGEN Lupo-Cup 25.05.2010 8,01MB Windows Media Player Firefox Plugin Microsoft Corp 16.08.2008 0,29MB 1.0.0.8 Zattoo 3.3.4 Beta Zattoo Inc. 13.06.2009 18,4MB 3.3.4 Beta Zattoo4 4.0.5 Zattoo Inc. 19.05.2010 39,9MB 4.0.5 |
13.08.2011, 08:52 | #4 | ||
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt 1. BitTorrent/DNA: gilt als unsicher und sollte daher nicht eingesetzt werden. Was ist BitTorrent/DNA 2. ich würde deinstallieren: Zitat:
Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java Version 6 Update 26 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. reinige dein System mit Ccleaner:
5.
6. - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen 7. erneut einen Scan mit OTL:
Zitat:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
14.08.2011, 11:35 | #5 |
| Vista Antispyware 2012 hat mich erwischt 1. Programme ohne Probleme deinstalliert. 2. veoh Web-Player ohne Probleme deinstalliert. 3. Neue Java-Version ohne Probleme installiert 4. keine Probleme bei der Systemreinigung 5. Code:
ATTFilter SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 08/14/2011 at 00:12 AM Application Version : 5.0.1118 Core Rules Database Version : 7561 Trace Rules Database Version: 5373 Scan type : Complete Scan Total Scan Time : 00:33:03 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC Off - Administrator Memory items scanned : 682 Memory threats detected : 0 Registry items scanned : 36607 Registry threats detected : 0 File items scanned : 38278 File threats detected : 2 Trojan.Agent/Gen-FakeAlert[Local] C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Z1INFO.EXE Adware.Tracking Cookie secure-uk.imrworldwide.com [ C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UXPAS3YN ] Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=8c08c9aee432144fae16b46d78f2951b # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-14 07:22:39 # local_time=2011-08-14 09:22:39 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1797 16775166 100 100 1775669 88199432 1768460 0 # compatibility_mode=5892 16776574 66 100 262257 150835596 0 0 # compatibility_mode=8192 67108863 100 0 72588 72588 0 0 # scanned=169260 # found=4 # cleaned=4 C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\7a7bdd9e-29852088 Mehrere Bedrohungen (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\7f7680a8-50925ef5 Java/TrojanDownloader.OpenStream.NAX Trojaner (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\Fabian Hofmann\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\b45e07d-50ed44b2 Variante von Win32/Kryptik.RKL Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player\update2.exe Variante von Win32/Adware.ADON Anwendung (gelöscht - in Quarantäne kopiert) 00000000000000000000000000000000 C ESETSmartInstaller@High as downloader log: # scan_time=3690 Code:
ATTFilter OTL logfile created on: 14.08.2011 11:33:58 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Fabian Hofmann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free 6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe ========== Modules (SafeList) ========== MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.http: "80.108.94.196" FF - prefs.js..network.proxy.http_port: 8123 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M] [2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Extensions [2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions [2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\Fabian Hofmann\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia [2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml [2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml [2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml [2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\FABIAN HOFMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll [2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\SUPERAntiSpyware.com [2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.08.13 11:20:34 | 012,472,736 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe [2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.08.13 11:03:41 | 000,909,600 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe [2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter [2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe [2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\Malwarebytes [2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.11 19:34:42 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.08.11 08:12:14 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe [2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio [2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx [2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx [2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx [2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx [2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll [2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL [2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx [2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx [2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx [2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx [2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll [2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\Documents\Neuer Ordner [2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor [2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.14 11:10:49 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.14 11:10:49 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.14 11:10:49 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.14 11:10:49 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.14 11:08:43 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.14 11:07:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.14 11:06:31 | 000,002,487 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk [2011.08.14 11:06:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.14 11:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.14 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.13 12:49:07 | 000,176,640 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Fabian Hofmann\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 11:22:05 | 012,472,736 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Fabian Hofmann\Desktop\SUPERAntiSpyware.exe [2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 11:03:42 | 000,909,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Fabian Hofmann\Desktop\jre-6u26-windows-i586-iftw.exe [2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian Hofmann\Desktop\OTL.exe [2011.08.11 22:18:53 | 000,010,772 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg [2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 19:32:54 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian Hofmann\Desktop\mbam-setup-1.51.1.1800.exe [2011.08.11 19:31:10 | 000,001,134 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg [2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe [2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe [2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip [2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db [2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\Users\Fabian Hofmann\AppData\Local\*.tmp files -> C:\Users\Fabian Hofmann\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.11 22:18:53 | 000,010,772 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\fehler.jpg [2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 19:34:44 | 000,001,134 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FixNCR.reg [2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.11 08:15:50 | 000,512,992 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe [2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\eng_wappen_110808.zip [2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\Fabian Hofmann\Desktop\FLT_LXH7K231557_0.pdf [2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\WebpageIcons.db [2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\RecConfig.xml [2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\keyfile3.drm [2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI [2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI [2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI [2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat [2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.20 17:23:15 | 000,176,640 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\Fabian Hofmann\AppData\Local\d3d9caps.dat [2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll [2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini [2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI ========== LOP Check ========== [2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\Das Fussball Studio [2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\FileZilla [2011.08.14 11:34:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\NetSpeedMonitor [2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar GmbH [2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian Hofmann\AppData\Roaming\phonostar-Player [2011.08.14 11:05:19 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.08.2011 11:33:58 - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Fabian Hofmann\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,02% Memory free 6,23 Gb Paging File | 5,27 Gb Available in Paging File | 84,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 426,66 Gb Free Space | 72,80% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: FABIANHOFMAN-PC | User Name: Fabian Hofmann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\FABIAN~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | "{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | "{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | "{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | "{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish "{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional "{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese "{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese "{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins "{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese "{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian "{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish "{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing "{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion "{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian "{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian "{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602 "{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese "{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard "{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English "{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French "{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2 "{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard "{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta) "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German "{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALUpdate "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager "Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CCleaner" = CCleaner "CompuGROUP Z1" = CompuGROUP Z1 "Die Sims" = Die Sims "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FIFA International Soccer_is1" = Game FIFA International Soccer "FileZilla Client" = FileZilla Client 3.5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "LHTTSGED" = L&H TTS3000 Deutsch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8 "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "SopCast" = SopCast 2.0.4 "Star Alliance Screen Saver_is1" = Star Alliance Screen Saver "Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5 "TmNationsForever_is1" = TmNationsForever "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "VWLUPO-Key" = VOLKSWAGEN Lupo-Cup "YTdetect" = Yahoo! Detect "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12.08.2011 15:53:49 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 04:42:52 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 04:59:34 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 05:03:07 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 05:17:59 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 05:33:21 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 16:37:11 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 13.08.2011 21:32:51 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 14.08.2011 02:21:41 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = Error - 14.08.2011 05:07:44 | Computer Name = FabianHofman-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.07.2011 01:30:31 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000 Description = Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321 Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321 Description = Der Name "FABIANHOFMAN-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = FabianHofman-PC | Source = netbt | ID = 4321 Description = Der Name "FABIANHOFMAN-PC:20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = DCOM | ID = 10005 Description = Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 01:55:48 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 13:53:38 | Computer Name = FabianHofman-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > |
15.08.2011, 07:41 | #6 | |
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt 1. Verwendest Du Proxy? - wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. im Firefox: Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen. Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken. 2. Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found [2010.03.28 13:30:31 | 000,003,171 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml [2011.08.11 08:14:30 | 000,512,992 | ---- | M] () -- C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe [2011.08.11 07:46:27 | 000,000,000 | ---- | M] () -- C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe [2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.08.11 08:09:38 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fabian Hofmann\Desktop\winlogan.exe @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 :Commands [purity] [emptytemp]
3. Datei-Kontrolle Überprüfe deine Einstellungen. - Anleitung Im Windows-Explorer: >Extras >Ordneroptionen >den Reiter "Ansicht" >Versteckte Dateien und Ordner >"alle Dateien und Ordner anzeigen" aktivieren und >Extras >Ordneroptionen >den Reiter "Ansicht" >Dateien und Ordner >"Geschützte Systemdateien ausblenden (empfohlen)" deaktivieren. 4. könnten von Malware stammen: Mach bitte einen Rechtsklick auf die im folgenden genannten Dateien (mit der Maus), schau dir an, was unter Eigenschaften steht, kopiere diese Angaben (Datei Version, Beschreibung der Datei, Copyright bei wem? FirmenName) hier in deinen Thread von diesen Anwendungen (bebilderte Anleitung *hier*: Zitat:
__________________ --> Vista Antispyware 2012 hat mich erwischt |
15.08.2011, 15:52 | #7 |
| Vista Antispyware 2012 hat mich erwischt 1. Einstellungen sowohl im Firefox als auch im IE angepasst. 2. Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found. C:\Users\Fabian Hofmann\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\kinoto.xml moved successfully. C:\Users\Fabian Hofmann\Desktop\sdsetup_aff.exe moved successfully. C:\Users\Fabian Hofmann\AppData\Roaming\6711623.exe moved successfully. C:\Users\Fabian Hofmann\AppData\Roaming\6231486.exe moved successfully. C:\Users\Fabian Hofmann\AppData\Roaming\4169901.exe moved successfully. C:\Users\Fabian Hofmann\AppData\Roaming\1086189.exe moved successfully. C:\Windows\System32\unrar.dll moved successfully. C:\Users\Fabian Hofmann\Desktop\winlogan.exe moved successfully. ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 84 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fabian Hofmann ->Temp folder emptied: 8574845 bytes ->Temporary Internet Files folder emptied: 4113122 bytes ->Java cache emptied: 27894677 bytes ->FireFox cache emptied: 58428978 bytes ->Google Chrome cache emptied: 819568 bytes ->Flash cache emptied: 632 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 824 bytes RecycleBin emptied: 843387527 bytes Total Files Cleaned = 900,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08152011_163621 Files\Folders moved on Reboot... Registry entries deleted on Reboot... 4. Hier hänge ich nun fest. Welche Informationen benötigst du genau? Einen Screenshot der Eigenschaften? Oder soll ich irgendwas hier hinein kopieren? Aus der bebilderten Anleitung werde ich leider auch nicht schlau. |
15.08.2011, 19:40 | #8 |
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt ja...und ob Du die Einträge eventuell kennst?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
15.08.2011, 23:30 | #9 |
| Vista Antispyware 2012 hat mich erwischt Die letzten beiden Dateien sind Online-Tickets der Deutschen Bahn, die drittletzte Datei ist meine Sammlung englischen Fußballwappen. Die ersten beiden Dateien kenne ich leider nicht. Welche Informationen soll ich nun hier hinein kopieren? |
15.08.2011, 23:41 | #10 |
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
16.08.2011, 11:21 | #11 |
| Vista Antispyware 2012 hat mich erwischtCode:
ATTFilter OTL logfile created on: 16.08.2011 12:11:42 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** **\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free 6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: ** ** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe ========== Modules (SafeList) ========== MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.http: "80.108.94.196" FF - prefs.js..network.proxy.http_port: 8123 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M] [2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Extensions [2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions [2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** **\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia [2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml [2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml [2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\** **\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll [2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** **\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\SUPERAntiSpyware.com [2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter [2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe [2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\Malwarebytes [2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio [2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx [2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx [2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx [2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx [2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll [2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL [2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx [2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx [2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx [2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx [2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll [2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** **\Documents\Neuer Ordner [2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor [2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.16 12:04:20 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.08.16 12:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.16 11:23:30 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.16 11:23:30 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.16 11:23:30 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.16 11:23:30 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.16 11:17:16 | 000,002,487 | ---- | M] () -- C:\Users\** **\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk [2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.16 11:17:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.16 11:17:12 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.16 11:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** **\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** **\Desktop\OTL.exe [2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip [2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** **\AppData\Local\WebpageIcons.db [2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\Users\** **\AppData\Local\*.tmp files -> C:\Users\** **\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 07:46:26 | 000,009,958 | -HS- | C] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** **\Desktop\eng_wappen_110808.zip [2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** **\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** **\Desktop\FLT_LXH7K231557_0.pdf [2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** **\AppData\Local\WebpageIcons.db [2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** **\AppData\Local\RecConfig.xml [2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** **\AppData\Local\keyfile3.drm [2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI [2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI [2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI [2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat [2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** **\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** **\AppData\Local\d3d9caps.dat [2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll [2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini [2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI ========== LOP Check ========== [2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\Das Fussball Studio [2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\FileZilla [2011.08.16 12:13:01 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\NetSpeedMonitor [2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar GmbH [2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** **\AppData\Roaming\phonostar-Player [2011.08.16 11:16:26 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.08.2011 12:11:42 - Run 4 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** **n\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,83% Memory free 6,22 Gb Paging File | 5,24 Gb Available in Paging File | 84,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 421,16 Gb Free Space | 71,86% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: ** **n | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | "{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | "{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | "{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | "{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish "{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional "{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese "{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese "{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins "{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese "{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian "{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish "{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing "{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion "{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian "{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian "{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602 "{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese "{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard "{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English "{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French "{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2 "{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard "{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta) "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German "{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALUpdate "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager "Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CCleaner" = CCleaner "CompuGROUP Z1" = CompuGROUP Z1 "Die Sims" = Die Sims "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FIFA International Soccer_is1" = Game FIFA International Soccer "FileZilla Client" = FileZilla Client 3.5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "LHTTSGED" = L&H TTS3000 Deutsch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8 "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "Recuva" = Recuva "SopCast" = SopCast 2.0.4 "Star Alliance Screen Saver_is1" = Star Alliance Screen Saver "Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5 "TmNationsForever_is1" = TmNationsForever "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "VWLUPO-Key" = VOLKSWAGEN Lupo-Cup "YTdetect" = Yahoo! Detect "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:30 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:31 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:38 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:02:44 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.08.2011 05:18:47 | Computer Name = ****-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{09DBC2F6-F1BB-4A56-BD82-7FDD71A51639} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = ****-PC | Source = netbt | ID = 4321 Description = Der Name "****-PC:20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = DCOM | ID = 10005 Description = Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 01:55:48 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 13:53:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.08.2011 10:36:22 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > |
16.08.2011, 17:21 | #12 |
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt 1. Fixen mit OTL
Code:
ATTFilter :OTL [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) [2011.08.11 19:03:57 | 000,009,958 | -HS- | M] () -- C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 [2011.08.11 19:03:56 | 000,009,958 | -HS- | M] () -- C:\Users\** **\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = :Commands [purity] [emptytemp]
2. erneut einen Scan mit OTL:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
17.08.2011, 10:53 | #13 |
| Vista Antispyware 2012 hat mich erwischt 1. Code:
ATTFilter All processes killed ========== OTL ========== C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully. C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully. C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll moved successfully. C:\ProgramData\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully. C:\Users\fabian hofmann\AppData\Local\inr5y6y184q0a845q0w8sx7c1880052qi83fbl1e77k0cg5 moved successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\"C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" | /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Fabian Hofmann ->Temp folder emptied: 2814623 bytes ->Temporary Internet Files folder emptied: 61147 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42397487 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 2378 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 824 bytes RecycleBin emptied: 128052 bytes Total Files Cleaned = 43,00 mb OTL by OldTimer - Version 3.2.26.1 log created on 08172011_090521 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 17.08.2011 11:31:12 - Run 5 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** xx\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free 6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.12 23:37:06 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe PRC - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.07.02 10:51:27 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.20 19:58:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe PRC - [2009.05.13 18:35:24 | 000,126,976 | ---- | M] (phonostar) -- C:\Programme\phonostar\ps_timer.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe PRC - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe PRC - [2008.04.17 01:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Programme\Taskbar Shuffle\taskbarshuffle.exe PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.05.11 15:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.02.06 01:52:10 | 000,849,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2006.05.24 09:58:32 | 000,761,856 | ---- | M] (CodeFromThe70s.org) -- C:\Programme\DesktopEarth\DesktopEarth.exe ========== Modules (SafeList) ========== MOD - [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.24 19:06:28 | 000,269,480 | ---- | M] (Avira GmbH) [Disabled | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.24 19:06:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) SRV - [2008.04.28 17:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService) ========== Driver Services (SafeList) ========== DRV - [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.21 08:11:00 | 003,591,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2007.04.29 10:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R) DRV - [2007.02.08 19:44:43 | 000,083,320 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2006.11.08 09:02:40 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32) DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080811 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.6.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..network.proxy.http: "80.108.94.196" FF - prefs.js..network.proxy.http_port: 8123 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.02 10:51:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.13 11:16:12 | 000,000,000 | ---D | M] [2008.08.14 16:26:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Extensions [2011.08.08 18:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions [2011.07.16 18:13:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.04.30 03:34:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.07.30 11:04:07 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011.04.11 20:14:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.09 21:42:45 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17} [2011.08.02 06:26:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.11.18 23:01:39 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\de-DE@dictionaries.addons.mozilla.org [2010.12.12 14:14:13 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\en-GB@dictionaries.addons.mozilla.org [2009.11.04 20:51:56 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\moveplayer@movenetworks.com [2010.03.01 07:38:44 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\** xx\AppData\Roaming\mozilla\Firefox\Profiles\4ooexf9v.default\extensions\noia2_option@kk.noia [2008.08.19 05:38:31 | 000,002,414 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\filmstartsde-suche.xml [2011.03.05 23:14:48 | 000,002,809 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\twitter-search.xml [2008.08.16 19:52:59 | 000,001,143 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Mozilla\Firefox\Profiles\4ooexf9v.default\searchplugins\wikipedia-en.xml [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} File not found (No name found) -- [2011.08.13 11:05:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\** xx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4OOEXF9V.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2011.07.02 10:51:27 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll [2003.10.11 02:21:40 | 000,170,496 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll [2011.08.13 11:05:36 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [PhonostarTimer] C:\Programme\phonostar\ps_timer.exe (phonostar) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Taskbar Shuffle] C:\Programme\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk = C:\Users\** xx\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\J:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.08.15 17:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2011.08.15 16:36:21 | 000,000,000 | ---D | C] -- C:\_OTL [2011.08.13 12:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.08.13 12:11:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:23:34 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\SUPERAntiSpyware.com [2011.08.13 11:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2011.08.13 11:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011.08.13 11:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.08.13 11:05:55 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 11:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.08.13 10:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.08.12 22:01:51 | 000,000,000 | ---D | C] -- C:\Program Files\Peter [2011.08.12 14:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.08.12 14:52:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe [2011.08.11 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\Malwarebytes [2011.08.11 19:36:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.08.11 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.08.11 19:36:32 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.08.11 19:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.08.11 08:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2011.08.11 08:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2011.08.11 07:54:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.08.11 07:54:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.08.11 07:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011.08.11 07:54:47 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.08.11 07:54:47 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.08.11 07:54:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.08.11 07:31:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2011.08.11 07:31:24 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2011.08.11 07:31:23 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2011.08.02 06:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Das Fussball Studio [2011.08.02 06:32:04 | 000,405,504 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlCmdBar6.ocx [2011.08.02 06:32:04 | 000,352,256 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSGrid6.ocx [2011.08.02 06:32:04 | 000,163,840 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlLSFrame3.ocx [2011.08.02 06:32:04 | 000,155,648 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlIml3.ocx [2011.08.02 06:32:04 | 000,040,960 | ---- | C] (vmLOGIC - Volker Mallmann) -- C:\Windows\System32\vmlSubTmr2.dll [2011.08.02 06:32:03 | 003,760,128 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\PEGRP32E.DLL [2011.08.02 06:32:03 | 000,756,224 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pesgo32e.ocx [2011.08.02 06:32:03 | 000,736,768 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pego32e.ocx [2011.08.02 06:32:03 | 000,630,784 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pe3do32e.ocx [2011.08.02 06:32:03 | 000,534,016 | ---- | C] (Gigasoft, Inc.) -- C:\Windows\System32\Pepco32e.ocx [2011.08.02 06:32:03 | 000,266,240 | ---- | C] (Dieter Otter, Tools & Components) -- C:\Windows\System32\sevZip40.dll [2011.07.20 14:20:50 | 000,000,000 | ---D | C] -- C:\Users\** xx\Documents\Neuer Ordner [2011.07.18 22:45:28 | 000,000,000 | ---D | C] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor [2011.07.18 22:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor [1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.17 11:01:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.08.17 10:15:18 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.08.17 10:15:18 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.08.17 10:15:18 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.08.17 10:15:18 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.08.17 10:11:23 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011.08.17 10:09:04 | 000,002,487 | ---- | M] () -- C:\Users\** xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk [2011.08.17 10:09:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 10:09:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.08.17 10:08:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.08.16 11:08:29 | 000,191,488 | ---- | M] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.15 17:21:13 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.08.15 11:10:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.08.13 12:11:07 | 002,322,184 | ---- | M] (ESET) -- C:\Users\** xx\Desktop\esetsmartinstaller_deu.exe [2011.08.13 11:22:56 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 11:05:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.08.13 11:05:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.08.13 11:05:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.08.13 10:59:55 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.12 14:52:08 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\** xx\Desktop\OTL.exe [2011.08.11 19:36:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 08:21:33 | 002,187,526 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.08 18:27:06 | 002,743,682 | ---- | M] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip [2011.08.07 22:18:05 | 000,017,408 | ---- | M] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db [2011.08.02 20:17:36 | 000,489,338 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | M] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf [2011.07.24 19:06:29 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.24 19:06:29 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011.07.22 04:47:24 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2011.07.22 04:46:48 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2011.07.22 04:45:41 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.07.22 04:44:36 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011.07.22 04:43:07 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [1 C:\Users\** xx\AppData\Local\*.tmp files -> C:\Users\** xx\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.15 17:21:13 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2011.08.13 11:22:56 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.08.13 10:59:55 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.08.11 19:36:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.11 08:21:06 | 002,187,526 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.08.08 18:26:43 | 002,743,682 | ---- | C] () -- C:\Users\** xx\Desktop\eng_wappen_110808.zip [2011.08.02 20:17:36 | 000,489,338 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_C4C6YV27350_0.pdf [2011.08.02 20:13:30 | 000,489,329 | ---- | C] () -- C:\Users\** xx\Desktop\FLT_LXH7K231557_0.pdf [2010.02.27 21:51:34 | 000,017,408 | ---- | C] () -- C:\Users\** xx\AppData\Local\WebpageIcons.db [2009.12.12 14:52:33 | 000,001,455 | ---- | C] () -- C:\Users\** xx\AppData\Local\RecConfig.xml [2009.06.29 19:17:05 | 000,004,096 | -H-- | C] () -- C:\Users\** xx\AppData\Local\keyfile3.drm [2009.06.04 18:37:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.06.04 18:37:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.04 18:37:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\HOZ.INI [2009.03.19 20:11:42 | 000,000,000 | ---- | C] () -- C:\Windows\DAISY.INI [2009.03.19 20:11:40 | 000,000,063 | ---- | C] () -- C:\Windows\VDDS_MMI.INI [2009.03.19 20:07:00 | 000,000,000 | ---- | C] () -- C:\Windows\dbsetup.INI [2009.03.19 20:06:12 | 000,000,122 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.25 20:36:05 | 000,000,547 | ---- | C] () -- C:\Windows\eReg.dat [2008.11.24 21:36:38 | 000,157,669 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2008.11.24 21:36:36 | 000,703,201 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.24 16:32:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.09.21 13:22:13 | 000,002,619 | ---- | C] () -- C:\Windows\AWSHKWV.INI [2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.09.19 23:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.08.20 17:23:15 | 000,191,488 | ---- | C] () -- C:\Users\** xx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.14 15:39:08 | 000,001,356 | ---- | C] () -- C:\Users\** xx\AppData\Local\d3d9caps.dat [2008.08.11 21:30:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2008.08.11 21:30:15 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.08.11 21:30:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.08.11 21:30:15 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe [2008.08.11 21:30:15 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.08.11 21:30:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.08.11 21:30:14 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008.08.11 21:30:14 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008.08.11 21:30:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008.08.11 21:30:14 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008.08.11 21:30:13 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll [2008.08.11 13:35:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2008.01.21 09:15:58 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,122,636 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,335,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.28 20:10:44 | 000,016,384 | ---- | C] () -- C:\Windows\System32\ac3config.exe [2006.03.02 13:43:51 | 000,000,517 | ---- | C] () -- C:\Windows\pbl.ini [2000.05.26 11:28:00 | 000,016,183 | ---- | C] () -- C:\Windows\System32\SELF32.INI ========== LOP Check ========== [2009.06.19 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\Das Fussball Studio [2011.02.20 14:05:22 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\DVDVideoSoftIEHelpers [2011.08.13 11:13:21 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\FileZilla [2011.08.17 11:32:12 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\NetSpeedMonitor [2009.10.16 23:23:08 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar GmbH [2011.08.13 12:33:38 | 000,000,000 | ---D | M] -- C:\Users\** xx\AppData\Roaming\phonostar-Player [2011.08.17 09:12:08 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 17.08.2011 11:31:13 - Run 5 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\** xx\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 64,55% Memory free 6,22 Gb Paging File | 5,12 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 586,10 Gb Total Space | 421,09 Gb Free Space | 71,85% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 6,02 Gb Free Space | 60,21% Space Free | Partition Type: NTFS Computer Name: **xx-PC | User Name: ** xx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1882754496-1205069911-2561918912-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe:*:Enabled:ldrsoft "C:\Users\**~1\AppData\Local\Temp\0.9535893561257379.exe" = ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A119FF1-56EC-4E1A-B788-789635FC23D5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20EDC02F-5E4F-443A-AB4D-B0F077471D37}" = lport=2869 | protocol=6 | dir=in | app=system | "{46B1414B-C251-4EAA-A246-99C4682E537D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A1CC5F4-E40D-4BF5-8811-79C77D102300}" = rport=10243 | protocol=6 | dir=out | app=system | "{8069D4B8-5ECF-41D9-9877-3E44FB1B2B0A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84C6EBD0-45B0-4134-8D45-6DF76A4CAD7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AC43ADAD-C01C-4B7F-A03D-AECC23C2798C}" = lport=10243 | protocol=6 | dir=in | app=system | "{D54BBC69-F438-4902-8D3C-C1E57C7C09BC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB8BF3FB-43FE-45FB-929F-AE6569407305}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{101B4824-5670-471B-AD15-40E96CEC329B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1C616A3A-1216-4C7B-B377-92BF8CCDD2DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6F00AA36-5CF6-427E-A072-2F5F860673F3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9765429F-877A-4D01-AD5E-6C02217176FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F8E761A-A358-43FA-8083-48D68CD68EC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A189EA38-12E5-4DC8-A3B6-038799D8C442}" = protocol=6 | dir=out | app=system | "{B3A544A7-9421-4BCC-AD61-10E8C0B0A547}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C063F22F-6CC1-4EFD-88C8-AFB731592A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CD9CA2D3-1F76-41B8-BA69-2AD9E9CB8520}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E68F883D-99D9-4E80-99EF-D6FD8F5C4F59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED65FCCF-0147-4A45-A1CC-DAE0688316EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FEFAB68E-5772-4A89-96E4-F817CEABA465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{0A820782-72FE-42E7-85E7-821B9ADE23D9}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{17AF61EC-365D-4318-8E78-E4A8C485AF2D}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{370CA5A5-3CD8-45BF-A1DA-C483E1ED2136}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe | "TCP Query User{55CCE66A-9EA6-498F-8D4D-C2A39C16449D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{8CCA769D-917C-4C12-870C-16B6D4184EDE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{94F2096B-F66D-4C20-AB26-99F1D413D424}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "TCP Query User{9672FC3B-56AD-44D0-B03C-29F68B209BF6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{98DD639F-99DD-4C59-81D7-879CE2513E78}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{9D16E7FE-0C63-498B-ABF5-A955BB6E39FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{CB6CC31A-A7DA-4377-9110-3F686514B9B1}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe | "TCP Query User{DB541E86-7B54-4C95-9E8E-9026B588E5D9}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E1485B21-CD2E-4EBB-9426-5C326F008025}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{E1EC2DC1-B893-4DC3-AA2C-68A1BA745035}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{3F19C20E-C209-4299-A7E6-CB4CCA46BE76}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{491B1FB4-B81B-4F8E-9EE0-08C68A7CED29}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe | "UDP Query User{67DCC256-3C25-4E63-8E1F-CAEED0380804}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{6934B272-6D4B-4B0E-AB77-C0689AD2EBAE}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{6F163C68-D5E7-424F-815E-D8BB7B894875}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{874DDBE4-44F6-46E1-A9F1-AFC89163E627}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{8C3C26FC-5CD3-4378-9923-42E53792C78B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{A1B3B0BD-AA6A-443A-B0F3-B0824CDD9BB6}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{DB39381A-EE76-4B44-86A5-8441BC0792FC}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{DD948BC0-0B25-4D26-8DB4-5987BEADC355}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe | "UDP Query User{DFA9115D-DC3E-4975-AF3B-A2D30D759872}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe | "UDP Query User{ECC1D281-FC4E-43EE-B90B-D5475404EF0C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | "UDP Query User{F4A80B2D-682F-4DD4-981D-AEE694A1AFFA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{056E7B58-F436-9614-6CD3-1DFDDD7DA470}" = CCC Help Turkish "{0626167B-F30A-79EB-9B21-80B83468961A}" = CCC Help Chinese Traditional "{08D6F386-D362-805B-05D2-79E4AB4F9CB9}" = CCC Help Korean "{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F126EDC-DA29-4D5B-80DF-735252475FEE}" = Pro Evolution Soccer 2010 DEMO "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9}" = CCC Help Portuguese "{2555521A-9231-2F05-AEBE-FC1E2A7F825F}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{27C42F0C-9090-97F7-9338-B6BD6DC25BB1}" = CCC Help Japanese "{2BE84E12-E062-F989-BA16-25D53F343033}" = Skins "{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA}" = Catalyst Control Center Localization Portuguese "{34475C54-DA68-DA37-E014-2ADD65AF627F}" = Catalyst Control Center Localization Hungarian "{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A}" = CCC Help German "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A732171-7856-43BD-B828-39B9E2B3E195}" = Catalyst Control Center Localization Spanish "{4207500E-1543-47F3-1695-6728E6520903}" = Catalyst Control Center Graphics Full Existing "{4453BCB7-5327-F8D1-C048-851310A389EF}" = Catalyst Control Center Localization Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2}" = CCC Help Spanish "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2C0F5-7EF3-11D7-9E00-0004769EEFEB}" = Reflexion "{73E8E831-160A-6E74-1AAA-AB698E1986BC}" = CCC Help Hungarian "{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26}" = Catalyst Control Center Graphics Previews Vista "{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.11.0 "{7A33E298-5BEA-7C94-C512-1DF1C977537E}" = Catalyst Control Center Localization Italian "{7B1F7338-1D0D-4DF4-831E-B22EB0A4C968}" = DerKleineTurnierplaner "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602 "{853026E0-CD36-1790-7988-194CADDDFB25}" = ccc-core-static "{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6}" = Catalyst Control Center Localization Chinese Traditional "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95E52415-B952-B013-A2AD-5163896D8B9C}" = Catalyst Control Center Graphics Full New "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1E79477-B730-7E48-7EFF-0D1CB3202933}" = Catalyst Control Center Graphics Previews Common "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B25E016C-44C2-856A-98A8-789D1E2B1C56}" = Catalyst Control Center Graphics Light "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B463BAAF-A379-AAF1-8979-6ED69C25ED37}" = Catalyst Control Center Localization Japanese "{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF}" = CCC Help Italian "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BC60B681-C3A3-0363-DA09-FA9706ED9680}" = CCC Help Chinese Standard "{BECDD3A4-FEEC-9804-4782-F31A8A842361}" = CCC Help English "{C022906C-A509-33D1-E42B-FF92F8E7BED4}" = Catalyst Control Center Core Implementation "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D035A6CA-E9DD-4B40-66F8-15842888E447}" = Catalyst Control Center Localization French "{D3D54FD6-ABA0-4AE3-BAC4-0D89ACA83CC7}_is1" = DFS_Media_Tool 2.1.2 "{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}" = DesktopEarth "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E453921D-30B6-7692-179C-6F6112F18F81}" = Catalyst Control Center Localization Chinese Standard "{EA853B19-A618-8D18-F4A4-6B96083DC3A3}" = Catalyst Control Center Localization Korean "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.4.3 (Beta) "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FE46238E-2FB4-C9E1-323D-AD0DA64BED91}" = Catalyst Control Center Localization German "{FFC59020-35A5-4856-B0FB-23B95D6C2976}" = CCC Help French "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ALUpdate_is1" = ALUpdate "ALZip_is1" = ALZip "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bundesliga 2000 - Der Fussball Manager" = Bundesliga 2000 - Der Fussball Manager "Canon MP630 series Benutzerregistrierung" = Canon MP630 series Benutzerregistrierung "CanonMyPrinter" = Canon Utilities My Printer "CCleaner" = CCleaner "CompuGROUP Z1" = CompuGROUP Z1 "Die Sims" = Die Sims "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "FIFA International Soccer_is1" = Game FIFA International Soccer "FileZilla Client" = FileZilla Client 3.5.0 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "Google Updater" = Google Updater "HDMI" = Intel(R) Graphics Media Accelerator Driver "LHTTSGED" = L&H TTS3000 Deutsch "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800 "Max Senft's Vokabeltrainer_is1" = Max Senft's Vokabeltrainer 1.1b "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.8 "phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.4 "PROSetDX" = Intel(R) PRO Network Connections 12.1.11.0 "Recuva" = Recuva "SopCast" = SopCast 2.0.4 "Star Alliance Screen Saver_is1" = Star Alliance Screen Saver "Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5 "TmNationsForever_is1" = TmNationsForever "TVAnts 1.0" = TVAnts 1.0 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.5 "VWLUPO-Key" = VOLKSWAGEN Lupo-Cup "YTdetect" = Yahoo! Detect "Zattoo" = Zattoo 3.3.4 Beta "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 17.08.2011 04:38:52 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:53 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.08.2011 04:38:54 | Computer Name = **xx-PC | Source = Windows Search Service | ID = 3013 Description = [ System Events ] Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321 Description = Der Name "**xx-PC:0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 13.07.2011 12:14:54 | Computer Name = **xx-PC | Source = netbt | ID = 4321 Description = Der Name "**xx-PC:20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.24 registriert werden. Der Computer mit IP-Adresse 192.168.178.20 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = DCOM | ID = 10005 Description = Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 01:55:48 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000 Description = Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7009 Description = Error - 11.08.2011 13:53:38 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15.08.2011 10:36:22 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034 Description = Error - 17.08.2011 03:05:21 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034 Description = Error - 17.08.2011 03:10:06 | Computer Name = **xx-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > |
17.08.2011, 12:52 | #14 |
/// Helfer-Team | Vista Antispyware 2012 hat mich erwischt 1. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 2. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
18.08.2011, 15:57 | #15 |
| Vista Antispyware 2012 hat mich erwischt 1. Ich kann leider AntiVir nicht abschalten. Per Rechtsklick erhalten ich nicht die Option zum abschalten, wenn ich versuche es über den Task-Manager zu beenden, erhalte ich die Fehlermeldung "Zugriff verweigert". Die Windows Firewall würde ich nur ungern abschalten. Die habe ich bei meinem Laptop mal zwecks Installation eines Surfsticks abgeschaltet und dann nicht mehr in Gang bekommen, weil irgendein Dienst nicht mehr gestartet werden konnte. Kann ich nun direkt mit Punkt 2 beginnen? Der PC funktioniert soweit wieder, auch die Geschwindigkeit ist wieder ok. Die im ersten Beitrag angehängte Fehlermeldung erscheint aber nach wie vor. |
Themen zu Vista Antispyware 2012 hat mich erwischt |
anlage, anti-malware, antispyware, appdata, beendet, blockiert, code, dateien, desktop, ergebnis, erwischt, explorer, explorer.exe, firefox, fix, heuristics.reserved.word.exploit, malwarebytes, microsoft, service, software, system, system32, trojan.fakealert, version, vista, wirklich, zugang |