SuperAntiSpyware Log Auswertung

laggy · 02.12.2011, 13:10

Hallo Zusammen,

nachdem gestern zunächst bei jeder Google-Anfrage erst eine Werbungsweiterleitung aufkaum und dann auf einmal kein Programm mehr zu öffnen war, weder Dokumente noch Internetexplorer, bekam ich die Medlung, dass W32.Blaster.Worm auf dem Rechner sei. Ich wusste mir nicht mehr zu helfen und habe eine Systemwiederherstellung durchgeführt. Danach hat alles wieder funktioniert und ich habe mich auf dümpelhafte Fehlersuche gemacht. Als ich eine software runterladen gegen diesen Wurm runterladen wollte, habe ich gemerkt, dass immer 0 bytes angezeigt werden, wenn ich das über firefox gemacht habe. Über Google bin ich dann auf dieses Forum gestoßen, bzw. auf diese Anleitung:

(http://www.trojaner-board.de/51871-a...tispyware.html)

Ich habe zunächst versucht, alles selbst zu machen, um niemanden auf die nerven zu gehen und habe einfach alle Malware gelöscht. das war natürlich keine gute Idee und beim nächsten Hochfahren hatte ich Probleme mit der Proxy-Verbindung. --> wieder systemwiederherstellung.

Jetzt funktioniert der PC, Proxy Verbindung auch und weder die Virusmeldung, noch die GoogleWerbeverbindung taucht auf.... aber ich habe dennoch das Gefühl, mein PC is nur noch Matsche...

Daher habe ich wiederholt einen Scan mit der SUPERAntiSpyware gemacht und komme nach wie vor auf betroffene files.

Also daher meine Bitte: Könnte sich das Log file jmd anschauen? i werd langsam narrisch^^. Danke im Vorraus!

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/02/2011 at 11:56 AM

Application Version : 5.0.1136

Core Rules Database Version : 8008
Trace Rules Database Version: 5820

Scan type : Quick Scan
Total Scan Time : 00:04:54

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 931
Memory threats detected : 4
Registry items scanned : 30146
Registry threats detected : 5
File items scanned : 7121
File threats detected : 32

Trojan.Agent/Gen-Kryptic
[377.exe] C:\PROGRAM FILES\LP\D4A7\377.EXE
C:\PROGRAM FILES\LP\D4A7\377.EXE
[377.exe] C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VZXVZ873\3[1].EXE
C:\Windows\Prefetch\377.EXE-4433C8B0.pf

Trojan.Agent/Gen-Faldesc[RE]
[zli1lidy80] C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YUZZQQFF\4[1].EXE

Malware.Trace
HKU\S-1-5-21-1832448290-674521332-4177493181-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Trojan.Agent/Gen-Kazy
[Load] C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\70969\AB8D4.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\70969\AB8D4.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\Windows\Prefetch\AB8D4.EXE-B010DD83.pf
C:\Windows\Prefetch\LVVM.EXE-1AAD7BA4.pf

Adware.Tracking Cookie
C:\USERS\JULIUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\julius@googleads.g.doubleclick[1].txt [ Cookie:julius@googleads.g.doubleclick.net/ ]
C:\USERS\JULIUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\julius@doubleclick[2].txt [ Cookie:julius@doubleclick.net/ ]
.avgtechnologies.112.2o7.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
mellfind.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
ie-stat.bmmetrix.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
findsimle.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
perfind.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.click.searchnation.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.click.searchnation.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
www.bluecounter.de [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]

kira · 02.12.2011, 15:37

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

laggy · 02.12.2011, 17:16

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8290

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02.12.2011 16:13:20
mbam-log-2011-12-02 (16-13-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 325954
Laufzeit: 1 Stunde(n), 14 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\XXX\zli1lidy80.exe (Trojan.Agent) -> 1352 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\70969\AB8D4.exe (Spyware.Password) -> 4672 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\69029\lvvm.exe (Spyware.Password) -> 560 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\microsoft\D4A7\377.exe (Spyware.Password) -> 6092 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zli1lidy80 (Trojan.Agent) -> Value: zli1lidy80 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\377.exe (Spyware.Password) -> Value: 377.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\377.exe (Malware.Packer) -> Value: 377.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Spyware.Password) -> Bad: (C:\Users\XXX\AppData\Roaming\69029\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\XXX\zli1lidy80.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\70969\AB8D4.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\69029\lvvm.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\microsoft\D4A7\377.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\program files\LP\D4A7\377.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\VZXVZ873\3[1].exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\YUZZQQFF\4[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

laggy · 02.12.2011, 17:42

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.12.2011 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 27,89% Memory free
6,20 Gb Paging File | 3,98 Gb Available in Paging File | 64,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 33,50 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 34,73 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF70C3-C62D-4158-ADA0-6F0335DE46E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{12B207D1-236E-423D-94F7-705946EE7F86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3FCE6839-979A-42FD-9618-27A2516C74F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system | 
"{531E6D51-9DE4-4CA5-B2A3-538DEB312A71}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6B774E06-4073-41BA-AA0E-3982068D1B1A}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{6CAC3546-A40A-42CF-9217-3AB4F99AFB60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92B1D418-9E8D-4902-A5AC-E094916C6F2B}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9D3FE02A-7D3A-43FA-8947-8BCD458C6323}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A82D79BB-D95E-4F2E-9169-197F7396F84D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9227660-E05F-4A2A-8D67-22EE20D1D6E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE3435FC-5EE4-48D5-A08F-2896DD42D6D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CC6E852C-3666-4FBB-BCE0-7930738C3838}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | 
"{D3779759-6B6E-4363-913A-F2FA03424034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D43EBB75-0A71-4703-910C-C05998056210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DB4E312E-B407-4527-B6A2-F7393882E202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFA56ACC-BFF5-4DF5-B60E-4279E640C8E8}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED3F00C9-6539-4AD2-B87C-EF14BFC3FC3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EFDEC176-A813-44DC-819C-38A7F0D146EA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | 
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05352B55-391A-4826-92EF-D2A386463E6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{07A44DDF-6A54-4756-B022-749FA9883F83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{091A14EA-1AAB-4473-AF92-CF8294902241}" = protocol=6 | dir=out | app=system | 
"{0E778505-83AE-4999-A680-F58170A30A1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D688BD2-D11E-4296-954D-95BBC5B2DC78}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | 
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6850E218-CEDE-4344-A4AE-6762F7EB9847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{717593C2-DCAE-4246-8C50-0D942E854603}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{85D276BF-2591-4719-AB5F-A1731E42E969}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{920535FC-9A79-49A6-A95A-9F4703D2A987}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | 
"{A21BCABE-B969-42F8-A062-6EE7899A2174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE8B2D36-4FEE-46D5-97C5-21FE1C96C899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DDC3290C-4F2D-447B-9D50-B0E1C7627278}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{F9B2C903-A0B0-4E05-99C8-38C07FB3B02F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE29EDD9-CE99-42A9-AAAD-2C6CDD551148}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"TCP Query User{38318946-88E2-496F-8973-C95547256293}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{46EBDE7D-618F-4B4E-A1EF-B2B5070D04AA}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{5ADCE03B-5C58-415A-9F2F-6090B06EE455}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{66475628-3192-42E0-8F88-6B146990289B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{693F26A0-1C03-44EB-AE80-36459F66D585}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{C27E4309-D602-4EAF-8059-88AF807D8798}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{EFE11417-254A-47E3-98D4-6F6B77A1862E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{0C731628-A770-4533-AB56-9E3D77FA5D75}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{51150E84-FBF0-492D-8673-003EDD2A0018}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{BE4F3B4D-37EB-4AC8-99AB-70D69625BAC1}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{BE8F80F4-A609-4E60-9177-B115E857E15F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{CC334E1E-B8C0-47D6-B508-A35C922AE95B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{DCA60FF0-22C3-4B1A-8140-B1248316B6F8}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{F8D1E36E-5EC3-4B1A-9992-384BE22AC4E6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"BitZipper_is1" = BitZipper 2010
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"Computer Updater" = Computer Updater 
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC84 Referenzhandbuch" = ESC84 Referenzhandbuch
"ESC84 Softwarehandbuch" = ESC84 Softwarehandbuch
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"fsQCA" = fsQCA
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SpeedItup Free_is1" = SpeedItup Free 7.70
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 Beta 1 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2011 19:50:00 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 03:52:09 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 05:07:15 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 06:11:53 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 10:00:08 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 05:00:12 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 08:05:22 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 09:09:12 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 12:17:46 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.09.2011 04:01:17 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 07.12.2010 14:33:22 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5254
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2011 16:41:13 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1876
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2011 10:12:50 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1042
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 14.03.2011 16:31:45 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1888
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 11.06.2011 08:05:58 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2011 10:21:32 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3018
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:05:22 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3397
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:13:53 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.12.2011 15:28:52 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.12.2011 15:28:52 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.12.2011 06:07:22 | Computer Name = XXX-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.12.2011 06:07:47 | Computer Name = XXX-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.12.2011 06:07:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.12.2011 06:07:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.12.2011 06:13:25 | Computer Name = XXX-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 02.12.2011 06:13:42 | Computer Name = XXX-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.12.2011 06:14:03 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.12.2011 06:14:03 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

[/Code]

laggy · 02.12.2011, 17:44

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.12.2011 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 27,89% Memory free
6,20 Gb Paging File | 3,98 Gb Available in Paging File | 64,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 33,50 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 34,73 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Computer Updater\ComputerUp-daterService.exe (SafeApp Software, LLC)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\XXX\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Users\XXX\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Adobe\Reader 10.0\Reader\Locale\de_DE\BRdlang32.DEU ()
MOD - C:\Programme\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Java\jre6\bin\jp2native.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (ComputerUpdater Service) -- C:\Programme\Computer Updater\ComputerUp-daterService.exe (SafeApp Software, LLC)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15383&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57475
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 10:52:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.02 21:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
 
[2010.09.21 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.09.21 09:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.01 01:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions
[2011.09.04 19:08:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions\zotero@chnm.gmu.edu
[2011.02.15 17:33:57 | 000,002,396 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml
[2011.11.27 02:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 00:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 10:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.06 19:04:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 23:55:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 23:55:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 23:55:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 23:55:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 23:55:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk =  File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{939DB84B-EB4C-415C-920A-B2B2742AF600}: DhcpNameServer = 172.16.7.141 172.16.7.142
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.02 14:54:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.02 14:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 14:54:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.02 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.02 10:35:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.02 10:35:53 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 10:35:53 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.02 10:35:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.02 10:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.01 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2011.12.01 19:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.01 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.01 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.01 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\franzi adventskalender
[2011.11.28 20:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.28 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\69029
[2011.11.28 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\70969
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.11.24 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.23 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GameXN
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\pdfforge
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.21 20:24:06 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.11.21 20:24:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011.11.21 20:23:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011.11.21 20:23:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.11.21 20:23:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.11.19 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.11.16 16:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.16 16:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.11.16 16:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011.11.15 01:59:26 | 000,000,000 | ---D | C] -- C:\Cities.XL.2012-KaOs
[2011.11.13 21:49:45 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.11.13 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.11.13 21:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.11.13 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011.11.13 00:44:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011.11.13 00:44:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011.11.13 00:44:55 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011.11.13 00:44:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011.11.13 00:44:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011.11.13 00:44:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011.11.13 00:44:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011.11.13 00:44:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011.11.13 00:44:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011.11.13 00:44:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.11.13 00:44:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011.11.13 00:44:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011.11.13 00:44:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011.11.13 00:44:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.11.13 00:44:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011.11.13 00:44:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.11.13 00:44:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.11.13 00:44:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.11.13 00:44:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.11.13 00:44:47 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011.11.13 00:44:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011.11.13 00:44:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.11.13 00:44:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.11.13 00:44:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011.11.13 00:44:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.11.13 00:44:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.11.13 00:44:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.11.13 00:44:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011.11.13 00:44:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.11.13 00:44:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.11.13 00:44:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.11.13 00:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.11.13 00:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.11.13 00:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.11.13 00:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.11.13 00:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.11.13 00:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.11.13 00:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.11.13 00:44:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.11.13 00:44:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.11.13 00:44:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.11.13 00:44:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.11.13 00:44:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.11.13 00:44:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.11.13 00:44:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.11.13 00:44:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.11.13 00:44:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.11.13 00:44:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.11.13 00:44:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.11.13 00:44:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.11.13 00:44:35 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.11.13 00:44:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.11.13 00:44:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.11.13 00:44:35 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.11.13 00:44:34 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.11.13 00:44:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.11.13 00:44:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.11.13 00:44:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.11.13 00:44:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.11.13 00:44:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.11.13 00:44:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.11.13 00:44:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.11.13 00:44:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.11.13 00:44:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.11.13 00:44:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.11.13 00:44:29 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.11.13 00:44:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.11.13 00:44:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.11.13 00:44:27 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.11.13 00:44:27 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.11.13 00:44:27 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.11.13 00:44:27 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.11.13 00:44:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.11.13 00:44:25 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.11.13 00:44:25 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.11.13 00:44:24 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.11.13 00:44:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.11.13 00:44:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.11.13 00:44:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.11.13 00:44:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.11.13 00:44:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.11.13 00:44:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.11.13 00:44:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.11.13 00:44:08 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.11.13 00:44:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.11.13 00:44:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.11.13 00:44:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.11.13 00:44:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.11.13 00:44:02 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.11.13 00:44:01 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.11.13 00:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011.11.12 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011.11.12 22:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2006.11.24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.02 16:13:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxmwma.sys
[2011.12.02 16:13:23 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 16:13:23 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 15:16:18 | 000,000,715 | ---- | M] () -- C:\Users\XXX\Desktop\Literaturverzeichnis ohne Titel.rtf
[2011.12.02 14:56:30 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.02 14:54:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 13:37:49 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.02 13:37:49 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.02 13:37:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.02 10:43:49 | 000,675,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.02 10:43:49 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.02 10:43:49 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.02 10:43:49 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.02 10:36:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:41 | 000,005,619 | ---- | M] () -- C:\Users\XXX\Desktop\XXX Lagodny_ proposed literature.pdf
[2011.11.30 00:33:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.28 20:48:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.28 20:36:50 | 000,092,299 | ---- | M] () -- C:\Users\XXX\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | M] () -- C:\Users\XXX\Desktop\mama weihnachten.jpg
[2011.11.28 19:59:42 | 003,464,124 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:04 | 000,028,310 | ---- | M] () -- C:\Users\XXX\Desktop\QuickTime.pdf
[2011.11.28 19:31:40 | 002,874,836 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0929.JPG
[2011.11.28 19:30:59 | 002,191,241 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0847.JPG
[2011.11.28 19:24:29 | 002,525,941 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0946.JPG
[2011.11.28 19:22:21 | 001,911,246 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0758.JPG
[2011.11.28 19:21:41 | 002,344,261 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0817.JPG
[2011.11.28 19:14:29 | 002,005,912 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | M] () -- C:\Users\XXX\Desktop\XXX_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | M] () -- C:\Users\XXX\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.24 16:56:53 | 000,098,304 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 00:49:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.22 12:38:46 | 000,040,396 | ---- | M] () -- C:\Users\XXX\Desktop\Migration Graph Ireland.pdf
[2011.11.21 20:24:08 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.21 15:14:03 | 000,001,752 | -H-- | M] () -- C:\Users\XXX\Documents\Default.rdp
[2011.11.19 18:56:24 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.11.19 18:56:24 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.13 21:49:45 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.02 16:13:49 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxmwma.sys
[2011.12.02 14:54:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:40 | 000,005,619 | ---- | C] () -- C:\Users\XXX\Desktop\XXX Lagodny_ proposed literature.pdf
[2011.11.28 20:47:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.11.28 20:36:48 | 000,092,299 | ---- | C] () -- C:\Users\XXX\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | C] () -- C:\Users\XXX\Desktop\mama weihnachten.jpg
[2011.11.28 19:57:45 | 003,464,124 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:03 | 000,028,310 | ---- | C] () -- C:\Users\XXX\Desktop\QuickTime.pdf
[2011.11.28 19:28:56 | 002,874,836 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0929.JPG
[2011.11.28 19:28:35 | 002,191,241 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0847.JPG
[2011.11.28 19:23:01 | 002,525,941 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0946.JPG
[2011.11.28 19:20:53 | 001,911,246 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0758.JPG
[2011.11.28 19:19:57 | 002,344,261 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0817.JPG
[2011.11.28 19:13:14 | 002,005,912 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | C] () -- C:\Users\XXX\Desktop\XXX_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | C] () -- C:\Users\XXX\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.23 19:03:41 | 000,001,534 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (GameXN).lnk
[2011.11.22 12:38:45 | 000,040,396 | ---- | C] () -- C:\Users\XXX\Desktop\Migration Graph Ireland.pdf
[2011.11.21 20:24:08 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.16 16:40:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.16 16:23:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.11.16 16:23:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.11 14:17:58 | 299,253,828 | ---- | C] () -- C:\Users\XXX\Desktop\xwvsevs_1981_2000_v20060423.dta
[2011.10.02 13:27:47 | 000,000,235 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\fixpermissions.bat
[2011.08.31 12:07:47 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2011.04.29 15:24:37 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2011.04.29 15:24:12 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC84Euro.ini
[2011.02.14 20:39:25 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2011.01.14 18:30:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 14:25:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.01 18:30:04 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010.09.21 19:16:35 | 000,098,304 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.06.07 11:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.05.29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009.03.11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2008.07.09 06:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.08 14:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 14:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.07.08 14:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 14:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 14:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.07.08 14:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.07.08 12:54:14 | 000,675,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 12:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 12:54:14 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 12:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 12:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 16:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2008.01.21 02:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.02.26 07:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 08:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,397,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.01.03 10:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2002.04.26 01:00:00 | 000,000,111 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2001.11.14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >

--- --- ---

[/code]

laggy · 02.12.2011, 17:48

Code:

ATTFilter

2007 Microsoft Office system	Microsoft Corporation	08.07.2008	491MB	12.0.4518.1014
7-Zip 4.65		27.10.2010	3,13MB	
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	06.10.2008	13,5MB	
Adobe AIR	Adobe Systems Incorporated	02.10.2011	30,1MB	2.7.1.19610
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	29.09.2010		10.1.85.3
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	01.04.2011		10.2.153.1
Adobe Reader X (10.1.1) - Deutsch	Adobe Systems Incorporated	16.11.2011	119,0MB	10.1.1
Agere Systems HDA Modem	Agere Systems	08.07.2008		
Apple Application Support	Apple Inc.	02.06.2011	51,0MB	1.5.1
Apple Mobile Device Support	Apple Inc.	02.06.2011	21,8MB	3.4.0.25
Apple Software Update	Apple Inc.	02.06.2011	2,26MB	2.1.2.120
Atheros WLAN Client		06.10.2008	0,86MB	1.00.000
aTube Catcher	DsNET Corp	14.02.2011	35,5MB	2.2.543
Avira Free Antivirus	Avira	02.12.2011	153,1MB	12.0.0.861
BitTorrent	BitTorrent Inc.	02.10.2011	0,53MB	7.5.0
BitZipper 2010	Bitberry Software	03.10.2011	14,4MB	
Bonjour	Apple Inc.	02.06.2011	1,10MB	2.0.5.0
Business Contact Manager für Outlook 2007	Microsoft Corporation	08.07.2008	29,0MB	3.0.5828.0
CCleaner	Piriform	02.12.2011	4,20MB	3.13
CDBurnerXP	CDBurnerXP	05.02.2011	15,9MB	4.3.8.2474
Cisco Systems VPN Client 5.0.07.0290	Cisco Systems, Inc.	09.11.2010	11,6MB	5.0.6
Computer Updater	SafeApp Software, LLC	02.10.2011		
CyberLink DVD Suite	CyberLink Corp.	06.10.2008	9,64MB	5.0.2403
CyberLink Power2Go	CyberLink Corp.	06.10.2008	52,4MB	5.0.3825
DAEMON Tools Lite	DT Soft Ltd	13.11.2011	16,6MB	4.45.1.0236
DivX-Setup	DivX, LLC	13.01.2011	3,13MB	2.2.1.2
Easy Battery Manager		06.10.2008	7,89MB	3.2.1.7
Easy Display Manager	Samsung	08.07.2008	12,4MB	2.0.0.0
Easy Network Manager 3.0	Ihr Firmenname	08.07.2008	36,9MB	3.0.0.0
Easy SpeedUp Manager		06.10.2008	4,00MB	2.0.1.0
EPSON PhotoQuicker3.4		29.04.2011	1,57MB	
EPSON PRINT Image Framer Tool2.0		29.04.2011	2,21MB	
EPSON-Drucker-Software		29.04.2011		
ESC84 Referenzhandbuch		29.04.2011	7,17MB	
ESC84 Softwarehandbuch		29.04.2011	0,93MB	
File Type Assistant	Trusted Software	03.10.2011	1,98MB	
FM Screen Capture Codec (Remove Only)		09.10.2010		
fsQCA		01.02.2011	4,93MB	2.0
GameXN GO	EasyBits Media	23.11.2011	13,5MB	
imagine digital freedom - Samsung	Samsung Electronics Co., LTD	08.07.2008	7,50MB	1.0.2.0
Intel(R) PROSet/Wireless WiFi-Software	Intel(R) Corporation	08.07.2008	78,3MB	12.00.2000
Intel® Matrix Storage Manager	Intel Corporation	06.10.2008	0,79MB	
iTunes	Apple Inc.	02.06.2011	143,9MB	10.2.2.14
Java(TM) 6 Update 23	Oracle	06.02.2011	95,0MB	6.0.230
LabelPrint	CyberLink Corp.	06.10.2008	106,4MB	.2406
LibUSB-Win32-0.1.10.1	LibUSB-Win32	01.11.2010	1,32MB	0.1.10.1
LightScribe System Software  1.12.37.1	LightScribe	08.07.2008	20,9MB	1.12.37.1
Malwarebytes' Anti-Malware version 1.51.2.1300	Malwarebytes Corporation	02.12.2011	6,77MB	1.51.2.1300
McAfee Security Scan Plus	McAfee, Inc.	19.11.2011	9,34MB	2.0.181.2
Microsoft Office 2003 Web Components	Microsoft Corporation	08.07.2008	21,7MB	11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies	Microsoft Corporation	08.07.2008	7,23MB	12.0.4518.1014
Microsoft Office Enterprise 2007	Microsoft Corporation	24.11.2010	615MB	12.0.4518.1014
Microsoft Office Small Business Connectivity Components	Microsoft Corporation	08.07.2008	0,15MB	2.0.7024.0
Microsoft SQL Server 2005	Microsoft Corporation	08.07.2008	42,7MB	
Microsoft SQL Server Native Client	Microsoft Corporation	08.07.2008	2,59MB	9.00.2047.00
Microsoft SQL Server VSS Writer	Microsoft Corporation	08.07.2008	0,68MB	9.00.2047.00
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	08.07.2008	0,41MB	8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	05.11.2010	0,59MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	15.11.2011	0,57MB	9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	02.12.2011	11,1MB	10.0.40219
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme	Microsoft Corporation	28.09.2010	0,13MB	12.0.4518.1014
Minecraft Beta Version 1.7.3	Godslayers	26.07.2011	72,6MB	1.7.3
Mozilla Firefox 8.0 (x86 de)	Mozilla	11.11.2011	41,9MB	8.0
Mozilla Thunderbird (8.0)	Mozilla	11.11.2011	39,7MB	8.0 (de)
NVIDIA Drivers		06.10.2008		
OpenOffice.org 3.2	OpenOffice.org	27.09.2010	363MB	3.2.9502
PDFCreator	Frank Heindörfer, Philip Chinery	21.11.2011	44,4MB	1.2.3
pdfforge Toolbar v4.8	Spigot, Inc.	27.11.2011	8,36MB	4.8
PIF DESIGNER2.0		29.04.2011	0,92MB	
Play AVStation	Ihr Firmenname	08.07.2008	91,1MB	4.1.20.50
PlayCamera		22.10.2008	362MB	1.0.1.7
PowerDirector	CyberLink Corp.	06.10.2008	129,4MB	5.0.3927
PowerDVD	CyberLink Corp.	06.10.2008	114,4MB	7.0.3118.0
PowerProducer	CyberLink Corp.	06.10.2008	298MB	085120(3.7)_Vista_SSPC
QuickTime	Apple Inc.	02.06.2011	73,7MB	7.69.80.9
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	08.07.2008	11,4MB	6.0.1.5605
Samsung Magic Doctor	Samsung Electronics Co., LTD	06.10.2008	15,4MB	5.00
Samsung Recovery Solution III	Samsung	08.07.2008	36,5MB	3.0.0.5
Samsung Update Plus	Samsung Electronics Co., LTD	08.07.2008	5,64MB	1.3.0.11
ScanToWeb		29.04.2011	0,36MB	
Skype Click to Call	Skype Technologies S.A.	24.11.2011	6,97MB	5.6.8442
Skype™ 5.5	Skype Technologies S.A.	24.11.2011	17,0MB	5.5.124
SpeedItup Free 7.70	SMicroSmarts LLC	02.10.2011	9,63MB	
Stata 10	Stata Corp LP	05.11.2010	66,6MB	10.0
SUPERAntiSpyware	SUPERAntiSpyware.com	02.12.2011	73,1MB	5.0.1136
Synaptics Pointing Device Driver	Synaptics	08.07.2008	13,6MB	10.1.2.0
TeamSpeak 2 RC2	Dominating Bytes Design	11.02.2011		2.0.32.60
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)	Microsoft Corporation	08.07.2008	23,2MB	9.00.2047.00
User Guide		06.10.2008	150,6MB	1.0
Vimicro UVC Camera	Vimicro Corporation	08.07.2008	2,15MB	1.00.0000
VLC media player 1.1.4	VideoLAN	21.09.2010	76,2MB	1.1.4
WIDCOMM Bluetooth Software 6.0.1.6300	WIDCOMM, Inc.	08.07.2008	35,5MB	6.0.1.6300
Winamp	Nullsoft, Inc	24.06.2011	39,5MB	5.61 
Windows Media Player Firefox Plugin	Microsoft Corp	03.02.2011	0,29MB	1.0.0.8
WinRAR 4.01 Beta 1 (32-Bit)	win.rar GmbH	23.05.2011	4,04MB	4.01.1

laggy · 02.12.2011, 17:49

Hui, jetzt bin ich ja mal gespannt^^. Danke für dein Hilfe btw.

kira · 05.12.2011, 16:16

1.
Hast Du absichtlich die IP127.0.0.1:57475 als Proxy eingestellt? Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.

Zitat:

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475

im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.

Zitat:

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57475

2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:

Code:

ATTFilter

McAfee Security Scan Plus

obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

3.
deinstalliere falls unter `Systemsteuerung -->Software -->Ändern/Entfernen...` existieren:

Code:

ATTFilter

 Adware -Toolbars:

pdfforge Toolbar

Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15383&l=dis
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2011.02.15 17:33:57 | 000,002,396 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml
[2011.10.02 23:55:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk =  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
[2011.11.28 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\69029
[2011.11.28 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\70969
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.11.28 20:47:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8-

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

5.
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

laggy · 06.12.2011, 11:40

Code:

ATTFilter

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\JULIUS\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
C:\Users\JULIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
C:\Users\JULIUS\AppData\Roaming\69029 folder moved successfully.
C:\Users\JULIUS\AppData\Roaming\70969 folder moved successfully.
Folder C:\Program Files\pdfforge Toolbar\ not found.
C:\Windows\Tasks\At1.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"{807B5468-0F57-4844-B9A6-E5E5E888F419}" | pdfforge Toolbar v4.8- /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Julius
->Temp folder emptied: 17023458 bytes
->Temporary Internet Files folder emptied: 1863638 bytes
->Java cache emptied: 1638286 bytes
->FireFox cache emptied: 418488414 bytes
->Flash cache emptied: 64010 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 675287 bytes
RecycleBin emptied: 3464134 bytes
 
Total Files Cleaned = 423,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_103203

Files\Folders moved on Reboot...
File\Folder F:\.\Autorun.exe not found!
C:\Windows\temp\~DF8297.tmp moved successfully.

Registry entries deleted on Reboot...

laggy · 06.12.2011, 11:50

beim tdss killer scan werden keine threats gefunden, daher auch keinen bericht. habe aber die datei auf dem desktop und das antivirenprogramm is aus.... vllt mach ich ja doch irgendetwas falsch... naja ich mach mal weiter im procedere

laggy · 06.12.2011, 11:57

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.12.2011 10:51:43 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = c:\Users\Julius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,88% Memory free
6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 28,89 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 57,83 Gb Free Space | 40,16% Space Free | Partition Type: NTFS
Drive F: | 7,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF70C3-C62D-4158-ADA0-6F0335DE46E4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{12B207D1-236E-423D-94F7-705946EE7F86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3FCE6839-979A-42FD-9618-27A2516C74F0}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system | 
"{531E6D51-9DE4-4CA5-B2A3-538DEB312A71}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6B774E06-4073-41BA-AA0E-3982068D1B1A}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{6CAC3546-A40A-42CF-9217-3AB4F99AFB60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{92B1D418-9E8D-4902-A5AC-E094916C6F2B}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{9D3FE02A-7D3A-43FA-8947-8BCD458C6323}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A82D79BB-D95E-4F2E-9169-197F7396F84D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9227660-E05F-4A2A-8D67-22EE20D1D6E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE3435FC-5EE4-48D5-A08F-2896DD42D6D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CC6E852C-3666-4FBB-BCE0-7930738C3838}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe | 
"{D3779759-6B6E-4363-913A-F2FA03424034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{D43EBB75-0A71-4703-910C-C05998056210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{DB4E312E-B407-4527-B6A2-F7393882E202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DFA56ACC-BFF5-4DF5-B60E-4279E640C8E8}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED3F00C9-6539-4AD2-B87C-EF14BFC3FC3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EFDEC176-A813-44DC-819C-38A7F0D146EA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe | 
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05352B55-391A-4826-92EF-D2A386463E6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{07A44DDF-6A54-4756-B022-749FA9883F83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{091A14EA-1AAB-4473-AF92-CF8294902241}" = protocol=6 | dir=out | app=system | 
"{0E778505-83AE-4999-A680-F58170A30A1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3D688BD2-D11E-4296-954D-95BBC5B2DC78}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe | 
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6850E218-CEDE-4344-A4AE-6762F7EB9847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{717593C2-DCAE-4246-8C50-0D942E854603}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{85D276BF-2591-4719-AB5F-A1731E42E969}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{920535FC-9A79-49A6-A95A-9F4703D2A987}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe | 
"{A21BCABE-B969-42F8-A062-6EE7899A2174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AE8B2D36-4FEE-46D5-97C5-21FE1C96C899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{DDC3290C-4F2D-447B-9D50-B0E1C7627278}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{F9B2C903-A0B0-4E05-99C8-38C07FB3B02F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FE29EDD9-CE99-42A9-AAAD-2C6CDD551148}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | 
"TCP Query User{280B44FD-FB02-4836-A5E0-0E30F0FB6EA1}D:\call of duty 4\iw3mp-cracked-server.exe" = protocol=6 | dir=in | app=d:\call of duty 4\iw3mp-cracked-server.exe | 
"TCP Query User{38318946-88E2-496F-8973-C95547256293}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{46EBDE7D-618F-4B4E-A1EF-B2B5070D04AA}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{5ADCE03B-5C58-415A-9F2F-6090B06EE455}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{66475628-3192-42E0-8F88-6B146990289B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"TCP Query User{693F26A0-1C03-44EB-AE80-36459F66D585}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
"TCP Query User{A758E6D4-CAF6-4B23-96CC-B9872BF17179}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{B9AF3475-A310-4643-A2E0-0A3BC93B7C1A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{C27E4309-D602-4EAF-8059-88AF807D8798}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"TCP Query User{EFE11417-254A-47E3-98D4-6F6B77A1862E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{0C731628-A770-4533-AB56-9E3D77FA5D75}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{475F2227-B6A7-4A35-9827-5C90EF9742D3}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{51150E84-FBF0-492D-8673-003EDD2A0018}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{7C2688C8-53A0-4F7B-A55D-61BB7A28B331}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{BE4F3B4D-37EB-4AC8-99AB-70D69625BAC1}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe | 
"UDP Query User{BE8F80F4-A609-4E60-9177-B115E857E15F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{CC334E1E-B8C0-47D6-B508-A35C922AE95B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe | 
"UDP Query User{DCA60FF0-22C3-4B1A-8140-B1248316B6F8}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd | 
"UDP Query User{DCE9E9E0-1A64-4A5A-ACDC-92F8D4B44C28}D:\call of duty 4\iw3mp-cracked-server.exe" = protocol=17 | dir=in | app=d:\call of duty 4\iw3mp-cracked-server.exe | 
"UDP Query User{F8D1E36E-5EC3-4B1A-9992-384BE22AC4E6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CCleaner" = CCleaner
"Computer Updater" = Computer Updater 
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC84 Referenzhandbuch" = ESC84 Referenzhandbuch
"ESC84 Softwarehandbuch" = ESC84 Softwarehandbuch
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"fsQCA" = fsQCA
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SpeedItup Free_is1" = SpeedItup Free 7.70
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 Beta 1 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2011 19:50:00 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 03:52:09 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 05:07:15 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 06:11:53 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.09.2011 10:00:08 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 05:00:12 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 08:05:22 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 09:09:12 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.09.2011 12:17:46 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.09.2011 04:01:17 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 07.12.2010 14:33:22 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5254
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2011 16:41:13 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1876
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2011 10:12:50 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1042
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 14.03.2011 16:31:45 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1888
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 11.06.2011 08:05:58 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2011 10:21:32 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3018
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:05:22 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3397
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:13:53 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.12.2011 12:01:33 | Computer Name = Julius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 140.203.213.18 für die Netzwerkkarte mit der Netzwerkadresse
 00216380F4AA wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 06.12.2011 05:51:34 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.12.2011 05:52:28 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2011 05:52:28 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 06.12.2011 05:52:37 | Computer Name = Julius-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.12.2011 06:32:03 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 06.12.2011 06:34:38 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.12.2011 06:35:00 | Computer Name = Julius-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.12.2011 06:35:20 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.12.2011 06:35:20 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

[/code]

laggy · 06.12.2011, 11:58

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.12.2011 10:51:43 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = c:\Users\Julius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,88% Memory free
6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 28,89 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 57,83 Gb Free Space | 40,16% Space Free | Partition Type: NTFS
Drive F: | 7,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.02 16:17:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Julius\Downloads\OTL.exe
PRC - [2011.11.23 19:03:38 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011.11.11 10:52:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.11.11 10:50:44 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.11.10 09:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.11.07 18:04:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.19 16:55:47 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.15 16:34:14 | 000,081,920 | ---- | M] (SafeApp Software, LLC) -- C:\Programme\Computer Updater\ComputerUp-daterService.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.20 21:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 21:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.05.23 05:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 04:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 08:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.13 00:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008.04.25 12:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 06:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 02:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 04:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 02:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 02:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 02:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.07.04 22:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.10.27 06:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.04.14 01:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.06 10:36:33 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.12.06 10:36:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.12.02 10:22:28 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.12.02 10:22:28 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.11.11 10:52:40 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.11 10:50:47 | 001,988,760 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2011.11.11 10:50:46 | 000,161,944 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011.11.11 10:50:46 | 000,021,656 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011.05.10 15:37:12 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.21 15:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.12.09 19:29:16 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.12.09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 13:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.05.13 00:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
MOD - [2007.08.14 04:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 04:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 04:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2006.10.26 04:56:46 | 000,757,008 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.15 16:34:14 | 000,081,920 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Programme\Computer Updater\ComputerUp-daterService.exe -- (ComputerUpdater Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.05.23 05:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 04:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.12 23:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 02:24:45 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.03 15:31:15 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.06.08 22:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 19:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.05 05:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.01.21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.09.13 06:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.05.23 08:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 10:52:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.02 21:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
 
[2010.09.21 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions
[2010.09.21 09:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.05 23:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions
[2011.09.04 19:08:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions\zotero@chnm.gmu.edu
[2011.12.06 10:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 00:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 10:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.06 19:04:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 23:55:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 23:55:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 23:55:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 23:55:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Julius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{939DB84B-EB4C-415C-920A-B2B2742AF600}: DhcpNameServer = 172.16.7.141 172.16.7.142
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 10:45:03 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Julius\Desktop\TDSSKiller.exe
[2011.12.06 10:32:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.05 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoft
[2011.12.05 23:16:57 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.05 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.05 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.04 12:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.12.03 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\Julius\Documents\FUSSBALL MANAGER 12
[2011.12.03 20:04:31 | 000,000,000 | ---D | C] -- C:\Users\Julius\Documents\GTA San Andreas User Files
[2011.12.03 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Local\PunkBuster
[2011.12.03 19:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.03 15:31:15 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.03 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.12.02 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.02 14:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 14:54:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.02 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.02 10:35:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.02 10:35:53 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 10:35:53 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.02 10:35:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.02 10:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.01 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Malwarebytes
[2011.12.01 19:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.01 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.01 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.01 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Julius\Desktop\franzi adventskalender
[2011.11.28 20:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.23 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GameXN
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\pdfforge
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.21 20:24:06 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.11.21 20:24:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011.11.21 20:23:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011.11.21 20:23:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.11.21 20:23:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.11.16 16:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.15 01:59:26 | 000,000,000 | ---D | C] -- C:\Cities.XL.2012-KaOs
[2011.11.13 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011.11.13 00:44:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011.11.13 00:44:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011.11.13 00:44:55 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011.11.13 00:44:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011.11.13 00:44:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011.11.13 00:44:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011.11.13 00:44:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011.11.13 00:44:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011.11.13 00:44:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011.11.13 00:44:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.11.13 00:44:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011.11.13 00:44:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011.11.13 00:44:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011.11.13 00:44:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.11.13 00:44:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011.11.13 00:44:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.11.13 00:44:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.11.13 00:44:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.11.13 00:44:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.11.13 00:44:47 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011.11.13 00:44:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011.11.13 00:44:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.11.13 00:44:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.11.13 00:44:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011.11.13 00:44:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.11.13 00:44:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.11.13 00:44:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.11.13 00:44:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011.11.13 00:44:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.11.13 00:44:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.11.13 00:44:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.11.13 00:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.11.13 00:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.11.13 00:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.11.13 00:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.11.13 00:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.11.13 00:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.11.13 00:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.11.13 00:44:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.11.13 00:44:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.11.13 00:44:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.11.13 00:44:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.11.13 00:44:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.11.13 00:44:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.11.13 00:44:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.11.13 00:44:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.11.13 00:44:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.11.13 00:44:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.11.13 00:44:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.11.13 00:44:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.11.13 00:44:35 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.11.13 00:44:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.11.13 00:44:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.11.13 00:44:35 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.11.13 00:44:34 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.11.13 00:44:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.11.13 00:44:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.11.13 00:44:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.11.13 00:44:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.11.13 00:44:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.11.13 00:44:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.11.13 00:44:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.11.13 00:44:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.11.13 00:44:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.11.13 00:44:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.11.13 00:44:29 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.11.13 00:44:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.11.13 00:44:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.11.13 00:44:27 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.11.13 00:44:27 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.11.13 00:44:27 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.11.13 00:44:27 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.11.13 00:44:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.11.13 00:44:25 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.11.13 00:44:25 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.11.13 00:44:24 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.11.13 00:44:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.11.13 00:44:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.11.13 00:44:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.11.13 00:44:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.11.13 00:44:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.11.13 00:44:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.11.13 00:44:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.11.13 00:44:08 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.11.13 00:44:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.11.13 00:44:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.11.13 00:44:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.11.13 00:44:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.11.13 00:44:02 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.11.13 00:44:01 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.11.13 00:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011.11.12 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011.11.12 22:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2006.11.24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.06 10:46:56 | 001,547,774 | ---- | M] () -- C:\Users\Julius\Desktop\tdsskiller.zip
[2011.12.06 10:44:58 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.06 10:40:52 | 000,675,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 10:40:52 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 10:40:52 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 10:40:52 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.06 10:34:48 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.06 10:34:42 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 10:34:42 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 10:34:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 10:33:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.05 23:16:49 | 000,001,191 | ---- | M] () -- C:\Users\Julius\Desktop\Free YouTube to MP3 Converter.lnk
[2011.12.03 19:33:21 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 15:32:07 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.03 15:31:15 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.02 15:16:18 | 000,000,715 | ---- | M] () -- C:\Users\Julius\Desktop\Literaturverzeichnis ohne Titel.rtf
[2011.12.02 14:54:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:41 | 000,005,619 | ---- | M] () -- C:\Users\Julius\Desktop\Julius Lagodny_ proposed literature.pdf
[2011.11.28 20:36:50 | 000,092,299 | ---- | M] () -- C:\Users\Julius\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | M] () -- C:\Users\Julius\Desktop\mama weihnachten.jpg
[2011.11.28 19:59:42 | 003,464,124 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:04 | 000,028,310 | ---- | M] () -- C:\Users\Julius\Desktop\QuickTime.pdf
[2011.11.28 19:31:40 | 002,874,836 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0929.JPG
[2011.11.28 19:30:59 | 002,191,241 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0847.JPG
[2011.11.28 19:24:29 | 002,525,941 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0946.JPG
[2011.11.28 19:22:21 | 001,911,246 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0758.JPG
[2011.11.28 19:21:41 | 002,344,261 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0817.JPG
[2011.11.28 19:14:29 | 002,005,912 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | M] () -- C:\Users\Julius\Desktop\Julius_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | M] () -- C:\Users\Julius\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.24 16:56:53 | 000,098,304 | ---- | M] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Julius\Desktop\TDSSKiller.exe
[2011.11.24 00:49:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.21 20:24:08 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.21 15:14:03 | 000,001,752 | -H-- | M] () -- C:\Users\Julius\Documents\Default.rdp
[2011.11.16 16:40:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.06 10:46:56 | 001,547,774 | ---- | C] () -- C:\Users\Julius\Desktop\tdsskiller.zip
[2011.12.05 23:16:49 | 000,001,191 | ---- | C] () -- C:\Users\Julius\Desktop\Free YouTube to MP3 Converter.lnk
[2011.12.03 19:33:21 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 15:32:07 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.02 14:54:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:40 | 000,005,619 | ---- | C] () -- C:\Users\Julius\Desktop\Julius Lagodny_ proposed literature.pdf
[2011.11.28 20:36:48 | 000,092,299 | ---- | C] () -- C:\Users\Julius\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | C] () -- C:\Users\Julius\Desktop\mama weihnachten.jpg
[2011.11.28 19:57:45 | 003,464,124 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:03 | 000,028,310 | ---- | C] () -- C:\Users\Julius\Desktop\QuickTime.pdf
[2011.11.28 19:28:56 | 002,874,836 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0929.JPG
[2011.11.28 19:28:35 | 002,191,241 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0847.JPG
[2011.11.28 19:23:01 | 002,525,941 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0946.JPG
[2011.11.28 19:20:53 | 001,911,246 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0758.JPG
[2011.11.28 19:19:57 | 002,344,261 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0817.JPG
[2011.11.28 19:13:14 | 002,005,912 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | C] () -- C:\Users\Julius\Desktop\Julius_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | C] () -- C:\Users\Julius\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.23 19:03:41 | 000,001,534 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (GameXN).lnk
[2011.11.21 20:24:08 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.16 16:40:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.11 14:17:58 | 299,253,828 | ---- | C] () -- C:\Users\Julius\Desktop\xwvsevs_1981_2000_v20060423.dta
[2011.10.02 13:27:47 | 000,000,235 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\fixpermissions.bat
[2011.08.31 12:07:47 | 000,017,408 | ---- | C] () -- C:\Users\Julius\AppData\Local\WebpageIcons.db
[2011.04.29 15:24:37 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2011.04.29 15:24:12 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC84Euro.ini
[2011.02.14 20:39:25 | 000,000,680 | ---- | C] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2011.01.14 18:30:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 14:25:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.01 18:30:04 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010.09.21 19:16:35 | 000,098,304 | ---- | C] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.06.07 11:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.05.29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009.03.11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2008.07.09 06:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.08 14:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 14:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.07.08 14:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 14:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 14:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.07.08 14:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.07.08 12:54:14 | 000,675,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 12:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 12:54:14 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 12:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 12:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 16:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2008.01.21 02:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.02.26 07:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 08:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,397,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.01.03 10:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2002.04.26 01:00:00 | 000,000,111 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2001.11.14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.08.31 15:18:32 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\.minecraft
[2011.12.04 15:44:24 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\BitTorrent
[2011.12.03 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\BitZipper
[2011.02.06 17:09:56 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Canneverbe Limited
[2011.10.02 12:12:09 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\com.w3i.FlipToast
[2011.12.03 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DAEMON Tools Lite
[2011.12.05 23:17:15 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoft
[2011.12.05 23:34:22 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.06 09:51:59 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\go
[2011.01.13 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Local
[2010.09.28 09:09:11 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\OpenOffice.org
[2011.11.21 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\pdfforge
[2011.02.13 20:57:23 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Program Files
[2011.10.02 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Sports Interactive
[2010.11.05 13:36:44 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Stata10
[2010.09.21 09:32:35 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Thunderbird
[2011.02.11 11:33:06 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\TS3Client
[2011.12.06 10:33:51 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

[/code]

laggy · 06.12.2011, 12:04

Also folgendes hat sich ergeben:

als ich die proxy-server sache umstellen wollte, war das schon gemacht. zumindest im internetexplorer, im firefox nicht. nach dem ersten scan und dem nächsten hochfahren, kam die melden, dass proxserver benutzt wird, was mich etwas verwundert hat. hat aber alles wieder funktioniert.

was wohl nicht ganz geklappt hat is die sache mit dem tdsskiller. obwohl ich mein antivirenprogramm ausgemacht habe -->avira antivir: echtzeit-scanner: inaktiv, und ich das ding als 7zip datei auf dem desktop habe, hat der scan mir nichts angezeigt. sonst hat alles wieder geklappt, wie dus vorhergesagt hast...

naja jetzt bin ich mal gespannt, was du dazu zu sagen hast

kira · 06.12.2011, 18:41

1.
CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen.

Lade DeFogger herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

Es öffnet sich das Programm-Fenster des Tools.
Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
Klicke Ja, um fortzufahren.
Wenn die Nachricht 'Finished!' erscheint,
klicke OK.
DeFogger wird nun einen Reboot erfragen - klicke OK
Poste mir das defogger_disable.log hier in den Thread.

Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

laggy · 07.12.2011, 11:01

Code:

ATTFilter

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Julius
->Temp folder emptied: 4074191 bytes
->Temporary Internet Files folder emptied: 1418486 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118617220 bytes
->Flash cache emptied: 3353 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 685502 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12072011_095738

Files\Folders moved on Reboot...
C:\Windows\temp\~DF96E3.tmp moved successfully.

Registry entries deleted on Reboot...

SuperAntiSpyware Log Auswertung

Log-Analyse und Auswertung: SuperAntiSpyware Log Auswertung