Hallo liebe Community,

dies ist mein erster Post, und ich bitte deshalb um Nachsicht wenn ich rein formal irgendwas falsch mache...

Ich habe mit der tollen Hilfe dieses Forums "Smart Fortress 2012" von meinem Laptop (Sony Vaio FZ21m/Windows Vista) entfernen können.

Ich poste hiermit wie empfohlen die OTL-Logfiles und bitte um Rückmeldung!
Danke im vorraus



OTL Extras logfile created on: 03.05.2012 21:23:14 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,68% Memory free
4,23 Gb Paging File | 3,12 Gb Available in Paging File | 73,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 106,71 Gb Free Space | 60,55% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,00 Gb Free Space | 67,06% Space Free | Partition Type: FAT32

Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe |
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe |
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{9E9ECBF6-91BB-44A3-8CAF-A0A081881956}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A3E27E46-FF61-40BF-A79A-747ABD225B2F}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe |
"{A54E2E7D-CF32-480C-9C66-1A9772F1FD08}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{A8834A7C-3B74-468E-8FEF-957E9C1D759D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7A8F02D0-01C4-48DE-A6F8-9BC40E317BED}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{9ADFA974-2CB8-47AB-9475-BA33582AAD25}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{5E38EDB7-45A2-4CF0-952C-B81BA8312D87}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe |
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B03DC088-B244-4E3B-88D1-B9615313D69A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3C1E5A85-85E3-4929-8C29-D5285A9224FF}" = TableNinja
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC) (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freecorder5.11" = Freecorder 5
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mansion Poker" = MansionPoker
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
"ZiggyTV" = ZiggyTV

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ZiggyTV Toolbar Updater
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

• "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
  - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
  - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
• Charakteristische Merkmale/Profilinformationen:
  - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
• Die Systemprüfung und Bereinigung:
  - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
• Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
• Innerhalb der Betreuungszeit:
  - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
• Die Reihenfolge:
  - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
• GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
• Ansonsten unsere Forumsregeln:
  - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
• Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Zitat von legra

Ich habe mit der tollen Hilfe dieses Forums "Smart Fortress 2012" von meinem Laptop (Sony Vaio FZ21m/Windows Vista) entfernen können.

►Beschreibe, welche Versuche Du unternommen hast, um das Problem zu lösen (schon vorhandene Log, Meldung/Protokoll z.B von deine AV-Programm oder andere Tools/Remover auch posten)[/b]

► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

• Installieren und per Doppelklick starten.
• Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
• "Komplett Scan durchführen" wählen (überall Haken setzen)
• wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
• Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
• Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

2.
Hast Du OTL falsch installiert:
OTL muss auf dem Desktop gespechert werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:
-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Nach installation in der Log-Datei soll etwa so aussehen:

Zitat:

Folder = C:\Users\***\Desktop

3.

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

4.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

• Download den CCleaner - Installer herunter
  
• Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
• starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
• ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

alsooooo...

hier das ergebnis von malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Lennart :: LG-VAIO [Administrator]

Schutz: Aktiviert

03.05.2012 18:01:01
mbam-log-2012-05-03 (18-01-01).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 349190
Laufzeit: 1 Stunde(n), 17 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mansion Poker (PUP.Casino) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\William Hill Poker (PUP.Casino) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{2458C5EF-D967-2F4F-4AF6-FE1956130B51} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Lennart\AppData\Roaming\Yzbowia\foqaus.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{2654812B-4F3B-759E-D14D-164ADAA62299} (Trojan.ZbotR.Gen) -> Daten: C:\Users\Lennart\AppData\Roaming\Savai\lyoh.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 21
C:\Poker\MansionPoker\_SetupPoker_f52264.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Poker\William Hill Poker\_SetupPoker_6ec802_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmp06f3631a.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmp98be7dc6.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmpf575d412.exe (Rootkit.0Access.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\E758.tmp (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\A126.tmp (Trojan.FakeAlert.FS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\A273.tmp (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmp7d5ded4c\t.exe (Backdoor.Heidong) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmpbccad709\mem.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmpbd99b4df\3.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\tmpf45a8158\err.log (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\Downloads\SetupPoker_6ec802_de.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\Downloads\SetupPoker_f52264.exe (PUP.Casino) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\Downloads\SoftonicDownloader_fuer_the-video-diary.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\Downloads\SoftonicDownloader_fuer_webcam-video-diary.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\Downloads\MediaPlayerSetup.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Local\Temp\Adobe\h.txt (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Roaming\Yzbowia\foqaus.exe (Trojan.ZbotR.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Lennart\AppData\Roaming\Savai\lyoh.exe (Trojan.ZbotR.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

hier der von OTL:


OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 04.05.2012 09:51:57 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,57% Memory free
4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 106,61 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lennart\Desktop\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\PokerStars\PokerStars.exe (PokerStars)
PRC - C:\Programme\TableNinja\TableNinja.exe (ALXSoftware)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\RVG Software\Holdem Manager\HoldemManager.exe (Hold'em Manager)
PRC - C:\Programme\RVG Software\Holdem Manager\HMImport.exe (Hold'em Manager)
PRC - C:\Programme\RVG Software\Holdem Manager\HMHud.exe ()
PRC - C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Programme\PostgreSQL\8.4\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Users\Lennart\Desktop\Xpadder.exe ()
PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Razer\Copperhead\razerhid.exe ()
PRC - C:\Programme\Razer\Copperhead\razerofa.exe (Razer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\APPLIC~1\170963~1.56\gcswf32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()
MOD - C:\Programme\RVG Software\Holdem Manager\HMHud.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\RVG Software\Holdem Manager\SitNGoWizard.Localization.2.0.dll ()
MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Users\Lennart\Desktop\Xpadder.exe ()
MOD - C:\Programme\RVG Software\Holdem Manager\TextboxHook.dll ()
MOD - C:\Programme\RVG Software\Holdem Manager\System.Data.SQLite.dll ()
MOD - C:\Programme\RVG Software\Holdem Manager\ZedGraph.dll ()
MOD - C:\Programme\RVG Software\Holdem Manager\Npgsql.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()
MOD - C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Data.resources\2.0.0.0_de_b77a5c561934e089\System.Data.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsFormsIntegration\3.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Programme\Razer\Copperhead\razerhid.exe ()
MOD - C:\Programme\Razer\Copperhead\download.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (postgresql-8.4) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ichanti.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 30 5A 13 78 1D CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lennart\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZiggyTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programme\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DEE290-71D8-4C7B-9554-FCFFF91136F4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE83C8C-0E2D-4783-905A-37872C36A583}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.04 09:49:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.04 09:43:11 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.03 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\trojan
[2012.05.03 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Malwarebytes
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 17:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 07:44:18 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012.05.02 09:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000CCB160003A3B9570F1C8B
[2012.04.29 07:19:02 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.27 06:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
[2012.04.27 06:01:51 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\other
[2012.04.11 14:24:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 14:24:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 14:20:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 14:20:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 14:20:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 14:20:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 14:20:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.11 14:20:35 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 14:20:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.11 14:20:35 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.11 14:20:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.11 14:20:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.11 14:20:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 14:20:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.11 14:20:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.11 14:20:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.11 14:20:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.11 14:20:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.11 14:20:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.11 14:20:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012.04.04 12:44:54 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.04.04 12:44:46 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012.04.04 12:44:44 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.04.04 12:44:44 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.04.04 12:44:44 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.04.04 12:44:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.04.04 12:44:44 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.04 09:47:48 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 09:47:48 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 09:43:11 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.04 09:16:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.04 07:55:24 | 000,628,118 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.04 07:55:24 | 000,595,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.04 07:55:24 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.04 07:55:24 | 000,105,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.04 07:51:20 | 000,002,417 | ---- | M] () -- C:\Users\Lennart\Desktop\TableNinja.lnk
[2012.05.04 07:48:32 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2012.05.04 07:48:30 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2012.05.04 07:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 07:47:42 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.04 00:22:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.03 17:57:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.29 08:16:07 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.29 08:16:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.27 06:37:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
[2012.04.25 23:57:36 | 000,003,323 | ---- | M] () -- C:\Users\Lennart\Desktop\Xpadder.ini
[2012.04.20 17:32:49 | 007,165,928 | ---- | M] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.04.04 22:40:24 | 000,008,825 | ---- | M] () -- C:\Users\Lennart\Documents\money-overview.odt
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 12:51:49 | 000,254,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.05.03 17:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 07:47:46 | 000,021,746 | ---- | C] () -- C:\Users\Lennart\Desktop\adv.4bet-chart.jpg
[2012.04.29 07:19:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 17:32:35 | 007,165,928 | ---- | C] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.04.04 22:35:57 | 000,008,825 | ---- | C] () -- C:\Users\Lennart\Documents\money-overview.odt
[2012.02.21 15:01:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.21 15:01:03 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.02.21 15:01:03 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.08.22 16:25:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CamTraxAPI.dll
[2011.06.02 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 00:27:14 | 000,005,120 | ---- | C] () -- C:\Users\Lennart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 09:08:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.28 09:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.25 07:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.05.24 21:35:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.24 20:19:54 | 000,000,045 | ---- | C] () -- C:\Users\Lennart\AppData\Local\machpro.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2011.05.24 18:26:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.24 16:16:35 | 000,000,552 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d8caps.dat
[2011.05.24 15:34:47 | 000,000,680 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d9caps.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:302A9871

< End of report >
         

--- --- ---



hier OTL-Extras...

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 04.05.2012 09:51:57 - Run 2
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 41,57% Memory free
4,23 Gb Paging File | 2,59 Gb Available in Paging File | 61,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 106,61 Gb Free Space | 60,49% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{9E9ECBF6-91BB-44A3-8CAF-A0A081881956}" = protocol=6 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A3E27E46-FF61-40BF-A79A-747ABD225B2F}" = protocol=17 | dir=in | app=c:\program files\giraffic\giraffic.exe | 
"{A54E2E7D-CF32-480C-9C66-1A9772F1FD08}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{A8834A7C-3B74-468E-8FEF-957E9C1D759D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{7A8F02D0-01C4-48DE-A6F8-9BC40E317BED}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{9ADFA974-2CB8-47AB-9475-BA33582AAD25}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=6 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe | 
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{5E38EDB7-45A2-4CF0-952C-B81BA8312D87}C:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe" = protocol=17 | dir=in | app=c:\program files\pokerstrategy.com\pokerstrategy.com equilator\equilator.exe | 
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{B03DC088-B244-4E3B-88D1-B9615313D69A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3C1E5A85-85E3-4929-8C29-D5285A9224FF}" = TableNinja
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freecorder5.11" = Freecorder 5
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mansion Poker" = MansionPoker
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
"ZiggyTV" = ZiggyTV
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ZiggyTV Toolbar Updater
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---



hier die Liste der installierten Programme:

Code: Alles auswählenAufklappen

ATTFilter

888poker		03.08.2011		
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	28.04.2012		11.2.202.233
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	28.04.2012		11.2.202.233
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	12.04.2012	165,3MB	10.1.3
Apple Application Support	Apple Inc.	01.11.2011	61,2MB	2.1.5
Apple Mobile Device Support	Apple Inc.	01.11.2011	24,1MB	4.0.0.96
Apple Software Update	Apple Inc.	01.07.2011	2,25MB	2.1.3.127
Applian FLV and Media Player 3.1.1.12	Applian Technologies	29.01.2012	56,9MB	3.1.1.12
AutoHotkey 1.0.48.05	Chris Mallett	29.11.2011	2,59MB	1.0.48.05
Bonjour	Apple Inc.	01.11.2011	1,03MB	3.0.0.10
CamSpace	CamTrax Technologies	13.12.2011	15,5MB	
Canon IJ Network Scan Utility		27.05.2011	0,89MB	
Canon IJ Network Tool		27.05.2011	1,27MB	
Canon MP Navigator EX 2.0		27.05.2011	69,6MB	
Canon MP620 series Benutzerregistrierung		27.05.2011	0,52MB	
Canon MP620 series MP Drivers		27.05.2011		
Canon Utilities Easy-PhotoPrint EX		27.05.2011	206MB	
Canon Utilities My Printer		27.05.2011	2,39MB	
Canon Utilities Solution Menu		27.05.2011	1,93MB	
CCleaner	Piriform	03.05.2012	4,47MB	3.18
CDBurnerXP	CDBurnerXP	22.12.2011	17,0MB	4.4.0.2838
Complitly	Complitly	29.01.2012	0,77MB	
concept/design onlineTV 6	concept/design GmbH	20.02.2012	9,63MB	onlineTV 6
Disketch CD Label Software	NCH Software	22.12.2011	1,93MB	
e-Speaking Voice and Speech Recognition Software	e-Speaking	18.01.2012		3.12.2.14
EuroPoker	europoker	22.02.2012	106,9MB	
Free M4a to MP3 Converter 7.0	ManiacTools.com	22.12.2011	3,87MB	
Free YouTube Download version 3.0.16.923	DVDVideoSoft Ltd.	27.10.2011	5,04MB	
Free YouTube to MP3 Converter version 3.10.11.923	DVDVideoSoft Ltd.	27.10.2011	5,06MB	
Freecorder 5	Applian Technologies Inc.	29.01.2012	10,4MB	5.11
Google Chrome	Google Inc.	20.02.2012	173,6MB	17.0.963.56
HandsFreePoker 4.0	HandsFreePoker	27.01.2012	8,23MB	4.0.0
Holdem Manager		23.05.2011	132,2MB	
ICQ7.5	ICQ	01.06.2011	51,0MB	7.5
IDT Audio	IDT	08.06.2011	14,1MB	5.10.5303.0
iTunes	Apple Inc.	01.11.2011	168,7MB	10.5.0.142
Java(TM) 6 Update 24	Oracle	26.05.2011	97,1MB	6.0.240
Logitech Touch Mouse Server 1.0	Logitech Inc.	01.11.2011	0,27MB	1.0
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	02.05.2012	11,7MB	1.61.0.1400
MansionPoker		29.11.2011	255MB	
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	23.05.2011	37,3MB	
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	23.05.2011	37,3MB	
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	03.06.2011	120,3MB	4.0.30319
Microsoft Silverlight	Microsoft Corporation	17.03.2012	20,4MB	4.1.10111.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	23.05.2011	0,33MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.05.2011	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	26.05.2011	0,58MB	9.0.30729.4148
Microsoft Xbox 360 Accessories 1.2	Microsoft	23.05.2011	6,78MB	1.20.146.0
NVIDIA Drivers		23.05.2011		
OpenOffice.org 3.3	OpenOffice.org	26.05.2011	413MB	3.3.9567
PartyPoker	PartyGaming	29.11.2011	75,2MB	
PokerStars	PokerStars	24.06.2011	87,7MB	
PokerStars.fr	PokerStars.fr	01.12.2011	87,0MB	
PokerStrategy.com Equilab	PokerStrategy.com	26.04.2012	18,1MB	1.2.5.0
PostgreSQL 8.4	PostgreSQL Global Development Group	23.05.2011	3.518MB	8.4
QuickTime	Apple Inc.	01.07.2011	73,7MB	7.69.80.9
Razer Copperhead		23.05.2011	0,89MB	
Skype™ 5.5	Skype Technologies S.A.	24.10.2011	17,0MB	5.5.119
Surf & E-Mail-Stick	Huawei Technologies Co.,Ltd	21.07.2011	38,4MB	11.301.08.00.35
TableNinja	ALXSoftware	30.04.2012	1,96MB	1.2.123
TableNinjaFT	ALXSoftware	23.05.2011	1,40MB	1.1.34
The Video Diary	www.TheVideoDiary.com	16.02.2012	4,20MB	1.1
TimeLeft	NesterSoft Inc.	08.03.2012	4,84MB	3.57
V4PKR		17.01.2012		
VAIO Camera Capture Utility	Sony Corporation	20.03.2012	9,50MB	2.7.00.07050
VAIO Control Center	Sony Corporation	20.03.2012	1,39MB	2.1.00.09100
Veetle TV 0.9.18	Veetle, Inc	18.06.2011	10,1MB	0.9.18
Videograbber 2010	Hoppelsoft	21.07.2011	13,3MB	
VLC media player 1.1.9	VideoLAN	28.05.2011	80,2MB	1.1.9
WebcamVideoDiary 1.02.01		16.02.2012	9,54MB	
WIDCOMM Bluetooth Software 6.1.0.1203	Broadcom Corporation	23.05.2011	41,7MB	6.1.0.1203
William Hill Poker		22.02.2012	367MB	
Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)	Ricoh	23.05.2011		06/18/2007 6.1004.211.0
WinRAR 4.01 (32-Bit)	win.rar GmbH	20.07.2011	4,02MB	4.01.0
ZiggyTV		20.02.2012	33,2MB	
ZiggyTV Toolbar	Ask.com	20.02.2012	4,25MB	1.14.1.0
ZiggyTV Toolbar Updater	Ask.com	20.02.2012	1,36MB	1.2.0.20007
         

Hoffe das war jetzt alles korrekt und ich bedanke mich schonmal im vorraus für die Hilfe

1.
Windows Defender abschalten:
Neben 1 AV-Scanner und 1 Firewall garnix erst nötig und nicht Empfehlenswert aktiv laufen lassen, weil dadurch können sich in die Quere kommen. Bitte dich ihn so zu deaktivieren: -> Aktivieren und Deaktivieren von Windows Defender
► Nach einem Neustart (falls noch existirt) unter "Start-> ausführen-> "msconfig" (reinschreiben ohne ""-> OK -> Systemstart kontrolliere, ob mitläuft?! - ggf Häckhen rausnehmen
► Unter Dienste:
Start -> Ausführen -> "Services.msc" -> (reinschreiben ohne ""-> OK" - "Eigenschaften"-> Starttyp "Deaktiviert" auswählen

2.
Du spielst gerne Poker? Hast du dich schon genau über sichere und vertrauenswürdige Pokerseite informiert?
Party Poker, PartyCasino, Ultimate Bet, EmpirePoker und andere Poker-Websites (Liste schädlicher Pokerseiten) beinhalten das Risiko, dass Du Dir beim Besuch der Seiten Malware auf den Rechner holst. In vielen Fällen werden ungefragt Plugins installiert, die weitere Parasiten "nachladen".

3.
Deinstalliere, falls unter Systemsteuerung-> Software/Programme existiert:

Code: Alles auswählenAufklappen

ATTFilter

Adware :
ZiggyTV Toolbar	Ask.com	
ZiggyTV Toolbar Updater	Ask.com
         

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren, ob:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

4.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ichanti.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\Shell - "" = AutoRun
O33 - MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:302A9871

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

5.
reinige dein System mit CCleaner:

• "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
• Starte dein System neu auf

6.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

• - also lade Dir Gmer herunter und entpacke es auf deinen Desktop
  - starte gmer.exe
  - [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
  - bitte nichts am Pc machen während der Scan läuft!
  - klicke auf "Scan", um das Tool zu starten
  - wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
  - mit "Ok" wird GMER beendet.
  - das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

7.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

• Downloade die MBR.exe von Gmer und
  kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
  Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
  
• Start => ausführen => cmd (da reinschreiben) => OK
  es öffnet sich eine Eingabeaufforderung.
  
  Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
  
• Nach dem Prompt (>_) folgenden
  
  aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
  Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
  
  
  Code: Alles auswählenAufklappen

  ATTFilter

  mbr.exe -t > C:\mbr.log & C:\mbr.log
           

  (Enter drücken)
  
• Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
  Bitte kopiere den Inhalt hier in Deinen Thread.

8.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

okay...
also hier der otl-text:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e915213-5c73-11e1-ada1-001a8019e23b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e915213-5c73-11e1-ada1-001a8019e23b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e915213-5c73-11e1-ada1-001a8019e23b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e915228-5c73-11e1-ada1-001a8019e23b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e915228-5c73-11e1-ada1-001a8019e23b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e915228-5c73-11e1-ada1-001a8019e23b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e19d03b-b425-11e0-8234-001a8019e23b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e19d03b-b425-11e0-8234-001a8019e23b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e19d03b-b425-11e0-8234-001a8019e23b}\ not found.
File E:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:302A9871 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lennart\Desktop\cmd.bat deleted successfully.
C:\Users\Lennart\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lennart
->Temp folder emptied: 340841629 bytes
->Temporary Internet Files folder emptied: 52234065 bytes
->Java cache emptied: 15415812 bytes
->Google Chrome cache emptied: 354108437 bytes
->Flash cache emptied: 143673 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18314935 bytes
RecycleBin emptied: 11775847 bytes
 
Total Files Cleaned = 756,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05072012_220105

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

gmer.exe ist abgestürzt während des scans...

hier die mbr.log:

Code: Alles auswählenAufklappen

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_MHY2200BH rev.0000000B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 
1 ntkrnlpa!IofCallDriver[0x81E84912] -> \Device\Harddisk0\DR0[0x85460AC8]
3 CLASSPNP[0x87FA18B3] -> ntkrnlpa!IofCallDriver[0x81E84912] -> \Device\Ide\IdeDeviceP2T0L0-4[0x84E67B98]
kernel: MBR read successfully
user & kernel MBR OK
         

und der zweite otl:

OTL Logfile:
OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 07.05.2012 22:29:48 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,69% Memory free
4,23 Gb Paging File | 3,38 Gb Available in Paging File | 80,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 109,06 Gb Free Space | 61,88% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.10.01 02:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.06.22 10:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
PRC - [2005.07.22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.15 07:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
MOD - [2012.02.15 07:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012.02.15 07:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012.02.15 07:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012.02.15 07:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.06.22 10:49:06 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.06.22 10:34:44 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
MOD - [2005.08.17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Programme\Razer\Copperhead\download.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.06 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lennart\AppData\Local\Temp\uxtdapob.sys -- (uxtdapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lennart\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.24 18:15:55 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.24 18:15:13 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2011.05.24 18:15:13 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 30 5A 13 78 1D CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lennart\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programme\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DEE290-71D8-4C7B-9554-FCFFF91136F4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE83C8C-0E2D-4783-905A-37872C36A583}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\reg
[2012.05.07 22:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.07 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.04 10:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 09:49:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\trojan
[2012.05.03 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Malwarebytes
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 17:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 09:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000CCB160003A3B9570F1C8B
[2012.04.29 07:19:02 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.27 06:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
[2012.04.27 06:01:51 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\other
[2012.04.11 14:24:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 14:24:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 14:20:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 14:20:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 14:20:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 14:20:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 14:20:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.11 14:20:35 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 14:20:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.11 14:20:35 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.11 14:20:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.11 14:20:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.11 14:20:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 14:20:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.11 14:20:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.11 14:20:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.11 14:20:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.11 14:20:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.11 14:20:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.11 14:20:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 22:18:59 | 000,628,118 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.07 22:18:59 | 000,595,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.07 22:18:59 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.07 22:18:59 | 000,105,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.07 22:16:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.07 22:14:06 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2012.05.07 22:14:03 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2012.05.07 22:13:42 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 22:13:42 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.07 22:13:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.07 22:13:33 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.07 22:12:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.07 20:40:30 | 001,873,189 | ---- | M] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.07 08:48:24 | 000,002,417 | ---- | M] () -- C:\Users\Lennart\Desktop\TableNinja.lnk
[2012.05.06 01:16:11 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.06 01:16:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.04 10:23:10 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 17:57:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 06:37:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
[2012.04.25 23:57:36 | 000,003,323 | ---- | M] () -- C:\Users\Lennart\Desktop\Xpadder.ini
[2012.04.20 17:32:49 | 007,165,928 | ---- | M] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.07 22:22:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:44 | 000,089,088 | ---- | C] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:11 | 001,873,189 | ---- | C] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.04 10:23:10 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.03 17:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 07:47:46 | 000,021,746 | ---- | C] () -- C:\Users\Lennart\Desktop\adv.4bet-chart.jpg
[2012.04.29 07:19:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 17:32:35 | 007,165,928 | ---- | C] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.02.21 15:01:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.21 15:01:03 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.02.21 15:01:03 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.08.22 16:25:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CamTraxAPI.dll
[2011.06.02 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 00:27:14 | 000,005,120 | ---- | C] () -- C:\Users\Lennart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 09:08:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.28 09:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.25 07:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.05.24 21:35:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.24 20:19:54 | 000,000,045 | ---- | C] () -- C:\Users\Lennart\AppData\Local\machpro.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2011.05.24 18:26:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.24 16:16:35 | 000,000,552 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d8caps.dat
[2011.05.24 15:34:47 | 000,000,680 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.04.27 20:25:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Applian FLV and Media Player
[2011.06.10 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canneverbe Limited
[2011.08.12 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canon
[2012.01.30 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Complitly
[2012.02.21 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\concept design
[2012.02.17 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DonationCoder
[2012.01.14 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoft
[2011.10.28 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.29 08:40:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\HEM Data
[2012.05.07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ICQ
[2012.03.09 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\NesterSoft
[2011.05.27 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\OpenOffice.org
[2012.05.03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Oqgi
[2011.10.20 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\PacificPoker
[2011.05.24 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Roaming
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Savai
[2012.04.27 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Unylle
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Yzbowia
[2012.05.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ZiggyTV
[2012.05.07 22:12:54 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---

--- --- ---

und otl-extras:

OTL EXTRAS Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 07.05.2012 22:29:48 - Run 3
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,69% Memory free
4,23 Gb Paging File | 3,38 Gb Available in Paging File | 80,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 109,06 Gb Free Space | 61,88% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3C1E5A85-85E3-4929-8C29-D5285A9224FF}" = TableNinja
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = ZiggyTV Toolbar Updater
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---

aus Posting #4. folgende Schritte nochmal lesen und genauso wie beschrieben abarbeiten:
1., 2., 3., und 8.,

Der Windows Defender ist ja schon deaktiviert...

Die Toolbar lässt sich nicht deinstallieren...
bzw. bricht die Deinstallation immer von alleine ab...

Zu der Pokersoftware: ist noch vorhanden, soll auch draufbleiben, nutze ich ohnehin nur selten...

da ich nichts verändert habe ist auch ein neuer otl-post wohl relevanzfrei?

Zitat:

Zitat von legra

Die Toolbar lässt sich nicht deinstallieren...
bzw. bricht die Deinstallation immer von alleine ab...

tja..das solltest mir gleich sagen, bevor Du den "nächsten Schritt" machst!
Software mit Revo Uninstaller deinstallieren

Downloade von Revo Group die Freeware-Version des Revo Uninstallers

• Doppelklick auf die revosetup.exe.
• Installiere das Tool in den vorgegebenen Pfad.
• Doppelklick auf das Icon Revo Uninstaller.
• Doppelklicke nacheinander folgende Software aus der Code-Box:
  
  Code: Alles auswählenAufklappen

  ATTFilter

  ZiggyTV Toolbar
  ZiggyTV Toolbar Updater
           

• Bestätige die Deinstallation mit Ja.
• Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
• Das Tool wird nun nach übrig gebliebenen Registry-Einträgen auf dem Rechner suchen. Klicke auf weiter.
• Klicke auf den Button Markiere alle, klicke auf löschen und weiter und bestätige mit Ja.
• Zum Schluss sucht das Tool evtl. noch nach übrig geblieben Dateien und Ordnern.
• Prüfe die Ordner und Dateien und klicke ggfs. auf den Button Markiere alle, klicke auf weiter und bestätige mit Ja.

Starte den Rechner neu.


Dann die Schritte 6., 7., und 8., (nochmal ein neues OTL)

gmer.exe ist erneut während des scans abgestürzt...

hier der mbr-text:

Code: Alles auswählenAufklappen

ATTFilter

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_MHY2200BH rev.0000000B -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS Wdf01000.sys xusb21.sys 
1 ntkrnlpa!IofCallDriver[0x81E80912] -> \Device\Harddisk0\DR0[0x85019118]
3 CLASSPNP[0x87FA48B3] -> ntkrnlpa!IofCallDriver[0x81E80912] -> \Device\Ide\IdeDeviceP2T0L0-4[0x84E138A0]
kernel: MBR read successfully
user & kernel MBR OK
         

und hier OTL:

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 08.05.2012 19:21:54 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,29% Memory free
4,23 Gb Paging File | 3,37 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,14 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.10.01 02:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.06.22 10:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
PRC - [2005.07.22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.15 07:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
MOD - [2012.02.15 07:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012.02.15 07:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012.02.15 07:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012.02.15 07:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.06.22 10:49:06 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.06.22 10:34:44 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
MOD - [2005.08.17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Programme\Razer\Copperhead\download.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.06 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lennart\AppData\Local\Temp\uxtdapob.sys -- (uxtdapob)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Lennart\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.24 18:15:55 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.24 18:15:13 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2011.05.24 18:15:13 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 30 5A 13 78 1D CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lennart\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programme\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DEE290-71D8-4C7B-9554-FCFFF91136F4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE83C8C-0E2D-4783-905A-37872C36A583}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\reg
[2012.05.07 22:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.07 21:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.04 10:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 09:49:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\trojan
[2012.05.03 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Malwarebytes
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 17:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 09:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000CCB160003A3B9570F1C8B
[2012.04.29 07:19:02 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.27 06:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
[2012.04.27 06:01:51 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\other
[2012.04.11 14:24:40 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 14:24:40 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.11 14:20:37 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 14:20:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 14:20:35 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 14:20:35 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 14:20:35 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.11 14:20:35 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.11 14:20:35 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.11 14:20:35 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.11 14:20:35 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.11 14:20:35 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.11 14:20:35 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 14:20:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.11 14:20:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.11 14:20:35 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.11 14:20:35 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.11 14:20:35 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.11 14:20:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.11 14:20:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.08 19:17:47 | 000,595,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.08 19:17:46 | 000,628,118 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.08 19:17:46 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.08 19:17:46 | 000,105,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.08 19:16:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 19:15:09 | 000,302,592 | ---- | M] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:11:53 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2012.05.08 19:11:52 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2012.05.08 19:11:33 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 19:11:33 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.08 19:11:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.08 19:11:26 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.08 19:10:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.08 19:05:07 | 000,001,057 | ---- | M] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.08 07:09:51 | 000,002,417 | ---- | M] () -- C:\Users\Lennart\Desktop\TableNinja.lnk
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:30 | 001,873,189 | ---- | M] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.06 01:16:11 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.06 01:16:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.04 10:23:10 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 17:57:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 06:37:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
[2012.04.25 23:57:36 | 000,003,323 | ---- | M] () -- C:\Users\Lennart\Desktop\Xpadder.ini
[2012.04.20 17:32:49 | 007,165,928 | ---- | M] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.08 19:15:08 | 000,302,592 | ---- | C] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:05:07 | 000,001,057 | ---- | C] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.08 18:54:22 | 000,066,500 | ---- | C] () -- C:\Users\Lennart\Desktop\husng.com-nash.jpg
[2012.05.07 22:22:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:44 | 000,089,088 | ---- | C] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:11 | 001,873,189 | ---- | C] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.04 10:23:10 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.03 17:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 07:47:46 | 000,021,746 | ---- | C] () -- C:\Users\Lennart\Desktop\adv.4bet-chart.jpg
[2012.04.29 07:19:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 17:32:35 | 007,165,928 | ---- | C] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.02.21 15:01:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.21 15:01:03 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.02.21 15:01:03 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.08.22 16:25:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CamTraxAPI.dll
[2011.06.02 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 00:27:14 | 000,005,120 | ---- | C] () -- C:\Users\Lennart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 09:08:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.28 09:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.25 07:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.05.24 21:35:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.24 20:19:54 | 000,000,045 | ---- | C] () -- C:\Users\Lennart\AppData\Local\machpro.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2011.05.24 18:26:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.24 16:16:35 | 000,000,552 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d8caps.dat
[2011.05.24 15:34:47 | 000,000,680 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.05.08 18:54:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Applian FLV and Media Player
[2011.06.10 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canneverbe Limited
[2011.08.12 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canon
[2012.01.30 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Complitly
[2012.02.21 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\concept design
[2012.02.17 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DonationCoder
[2012.01.14 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoft
[2011.10.28 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.29 08:40:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\HEM Data
[2012.05.07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ICQ
[2012.03.09 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\NesterSoft
[2011.05.27 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\OpenOffice.org
[2012.05.03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Oqgi
[2011.10.20 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\PacificPoker
[2011.05.24 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Roaming
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Savai
[2012.04.27 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Unylle
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Yzbowia
[2012.05.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ZiggyTV
[2012.05.08 19:10:40 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---


und OTL-Extras:

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 08.05.2012 19:21:54 - Run 4
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,29% Memory free
4,23 Gb Paging File | 3,37 Gb Available in Paging File | 79,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,14 Gb Free Space | 61,36% Space Free | Partition Type: NTFS
 
Computer Name: LG-VAIO | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3C1E5A85-85E3-4929-8C29-D5285A9224FF}" = TableNinja
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Revo Uninstaller" = Revo Uninstaller 1.93
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---

1.
stammt von Gmer?:

Zitat:

C:\Users\Lennart\Desktop\oehmjijz.exe

2.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code: Alles auswählenAufklappen

ATTFilter

[2012.05.03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Oqgi
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Savai
[2012.04.27 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Unylle
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Yzbowia
         

könnten eventuell auch von Malware stammen...

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht):

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

:Files
C:\Program Files\Ask.com
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere den Inhalt hier in Deinen Thread.

4.
Java aktualisieren- über Systemsteuerung-> Nach Update suchen...
oder:
Downloade nun die Offline-Version von Java "Empfohlen Version 6 Update 32 " von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

5.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

6.
reinige dein System mit CCleaner:

• "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
• "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
• Starte dein System neu auf

7.

• lade Dir SUPERAntiSpyware FREE Edition herunter.
  Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
• installiere das Programm und update online.
• starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
• setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
• anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
• auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
• um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
• drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

8.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

9.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

10.
erneut einen Scan mit OTL:

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Standard-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

1) Ja ist gmer...

2)in zwei der beiden Ordner sind irgendwelche .dat, .tmp und .ipk-Dateien..
die anderen sind leer...

3)hab doch lediglich in einigen logfiles meinen namen "weggemacht" teilweise..
gibts da irgendein problem mit?

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
========== FILES ==========
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lennart\Desktop\cmd.bat deleted successfully.
C:\Users\Lennart\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lennart
->Temp folder emptied: 45231 bytes
->Temporary Internet Files folder emptied: 2744734 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 372958955 bytes
->Flash cache emptied: 11571 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1156065 bytes
RecycleBin emptied: 20765142 bytes
 
Total Files Cleaned = 379,00 mb
 
 
OTL by OldTimer - Version 3.2.42.2 log created on 05112012_211737

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

4) Erledigt

5)nutze zurzeit Chrome...

6) Erledigt

Zitat:

3)hab doch lediglich in einigen logfiles meinen namen "weggemacht" teilweise..
gibts da irgendein problem mit?

bei OTL-Fixes sollst dann die richtige Namen reinschreiben

Zitat:

5)nutze zurzeit Chrome...

das ist ja egal, trotzdem kann betroffen sein!

so..dann mach bitte weiter!

7)

es waren nicht exakt die unterpunkte zu finden die angegben waren..aber denke ma das hier ist das richtige:

Code: Alles auswählenAufklappen

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/11/2012 at 10:28 PM

Application Version : 5.0.1148

Core Rules Database Version : 8587
Trace Rules Database Version: 6399

Scan type       : Complete Scan
Total Scan Time : 00:39:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 581
Memory threats detected   : 0
Registry items scanned    : 35324
Registry threats detected : 0
File items scanned        : 59548
File threats detected     : 2

PUP.CNETInstaller
	C:\USERS\LENNART\DOWNLOADS\CNET2_XNTIMER_EXE.EXE

Heur.Agent/Gen-WhiteBox
	C:\USERS\LENNART\DOWNLOADS\VOX4POKERPS.INSTALLER.20110604.EXE
         

Nachtrag zu 3) verstehe nich was gemeint ist?! das einzige was ich bei otl-fixes reinschreibe ist doch ein code der mir hier geposted wurde...

Nachtrag zu 4) was genau haben die Anwender-Tipps von Microsoft für ihren Browser mit mir zu tun?

Zitat:

Nachtrag zu 3) verstehe nich was gemeint ist?! das einzige was ich bei otl-fixes reinschreibe ist doch ein code der mir hier geposted wurde...

passt das auch! nur wenn Du dein Name oder sonst was durch "X" oder **** ersetzt hast, muss bei OTL-Fixes berücksichtigt werden bzw durch orig wieder ersetzen!

Zitat:

Nachtrag zu 4) was genau haben die Anwender-Tipps von Microsoft für ihren Browser mit mir zu tun?

der Internet Explorer muss zeitweise gepflegt werden! Nämlich Schädlinge können gelangen heimlich auf dein System und nisten sich da ohne deine Erlaubnis ein! Außerdem bei Downloads kommt es oft vor, dass da diverse "unerwünschte/unnötige" Toolbars etc auch mitinstalliert werden!

8)+9) Erledigt

10)
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 12.05.2012 00:27:06 - Run 5
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Lennart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,23 Gb Paging File | 3,10 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,21 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,00 Gb Free Space | 67,06% Space Free | Partition Type: FAT32
 
Computer Name: LG-VAIO | User Name: Lennart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
PRC - [2012.04.20 02:56:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.10.01 02:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.06.22 10:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
PRC - [2005.07.22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.11 22:32:36 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.11 22:32:36 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.11 21:37:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.11 21:37:23 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.02.15 07:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
MOD - [2012.02.15 07:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012.02.15 07:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012.02.15 07:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012.02.15 07:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.06.22 10:49:06 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.06.22 10:34:44 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
MOD - [2005.08.17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Programme\Razer\Copperhead\download.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.06 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.24 18:15:55 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.24 18:15:13 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2011.05.24 18:15:13 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 30 5A 13 78 1D CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lennart\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programme\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DEE290-71D8-4C7B-9554-FCFFF91136F4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE83C8C-0E2D-4783-905A-37872C36A583}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.11 22:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 22:49:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lennart\Desktop\esetsmartinstaller_deu.exe
[2012.05.11 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.11 21:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.11 21:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.11 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.11 21:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.11 21:25:29 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.11 21:25:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.11 21:25:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.11 21:25:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.10 07:22:44 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.10 07:22:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.10 07:22:43 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.10 07:22:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.10 07:22:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.10 07:21:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.10 07:21:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.10 07:21:35 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\reg
[2012.05.07 22:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.04 10:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 09:49:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\trojan
[2012.05.03 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Malwarebytes
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 17:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 09:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000CCB160003A3B9570F1C8B
[2012.04.29 07:19:02 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.27 06:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
[2012.04.27 06:01:51 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\other
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 00:31:45 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 00:31:45 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 00:16:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.11 22:49:05 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lennart\Desktop\esetsmartinstaller_deu.exe
[2012.05.11 22:47:48 | 000,628,118 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.11 22:47:48 | 000,595,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.11 22:47:48 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.11 22:47:48 | 000,105,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.11 22:32:07 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2012.05.11 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.11 22:31:38 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 22:30:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.11 21:35:52 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.11 21:32:06 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2012.05.11 21:25:13 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.11 21:25:13 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.11 21:25:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.11 21:25:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.11 21:25:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.11 07:18:09 | 000,002,417 | ---- | M] () -- C:\Users\Lennart\Desktop\TableNinja.lnk
[2012.05.10 08:50:06 | 000,254,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 20:19:59 | 009,841,318 | ---- | M] () -- C:\Users\Lennart\Desktop\The Baseballs - I Don't Feel Like Dancing.mp3
[2012.05.08 19:15:09 | 000,302,592 | ---- | M] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:05:07 | 000,001,057 | ---- | M] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:30 | 001,873,189 | ---- | M] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.06 01:16:11 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.06 01:16:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.04 10:23:10 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 17:57:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 06:37:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
[2012.04.25 23:57:36 | 000,003,323 | ---- | M] () -- C:\Users\Lennart\Desktop\Xpadder.ini
[2012.04.20 17:32:49 | 007,165,928 | ---- | M] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
 
========== Files Created - No Company Name ==========
 
[2012.05.11 21:35:52 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.08 20:19:45 | 009,841,318 | ---- | C] () -- C:\Users\Lennart\Desktop\The Baseballs - I Don't Feel Like Dancing.mp3
[2012.05.08 19:15:08 | 000,302,592 | ---- | C] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:05:07 | 000,001,057 | ---- | C] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.08 18:54:22 | 000,066,500 | ---- | C] () -- C:\Users\Lennart\Desktop\husng.com-nash.jpg
[2012.05.07 22:22:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:44 | 000,089,088 | ---- | C] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:11 | 001,873,189 | ---- | C] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.04 10:23:10 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.03 17:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 07:47:46 | 000,021,746 | ---- | C] () -- C:\Users\Lennart\Desktop\adv.4bet-chart.jpg
[2012.04.29 07:19:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 17:32:35 | 007,165,928 | ---- | C] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.02.21 15:01:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.21 15:01:03 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.02.21 15:01:03 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.08.22 16:25:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CamTraxAPI.dll
[2011.06.02 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 00:27:14 | 000,005,120 | ---- | C] () -- C:\Users\Lennart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 09:08:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.28 09:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.25 07:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.05.24 21:35:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.24 20:19:54 | 000,000,045 | ---- | C] () -- C:\Users\Lennart\AppData\Local\machpro.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2011.05.24 18:26:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.24 16:16:35 | 000,000,552 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d8caps.dat
[2011.05.24 15:34:47 | 000,000,680 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.05.11 17:42:09 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Applian FLV and Media Player
[2011.06.10 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canneverbe Limited
[2011.08.12 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canon
[2012.01.30 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Complitly
[2012.02.21 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\concept design
[2012.02.17 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DonationCoder
[2012.01.14 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoft
[2011.10.28 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.29 08:40:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\HEM Data
[2012.05.11 21:03:40 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ICQ
[2012.03.09 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\NesterSoft
[2011.05.27 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\OpenOffice.org
[2012.05.03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Oqgi
[2011.10.20 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\PacificPoker
[2011.05.24 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Roaming
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Savai
[2012.04.27 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Unylle
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Yzbowia
[2012.05.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ZiggyTV
[2012.05.11 22:30:59 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---


OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 12.05.2012 00:27:06 - Run 5
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Lennart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,23 Gb Paging File | 3,10 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,21 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,00 Gb Free Space | 67,06% Space Free | Partition Type: FAT32
 
Computer Name: LG-VAIO | User Name: Lennart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B53604B3-8612-4F21-8EBC-34D34ECB0DE2}" = TableNinja
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Revo Uninstaller" = Revo Uninstaller 1.93
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---



11)=???

10)
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 12.05.2012 00:27:06 - Run 5
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Lennart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,23 Gb Paging File | 3,10 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,21 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,00 Gb Free Space | 67,06% Space Free | Partition Type: FAT32
 
Computer Name: LG-VAIO | User Name: Lennart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
PRC - [2012.04.20 02:56:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2011.01.28 07:13:43 | 004,538,368 | ---- | M] (PostgreSQL Global Development Group) -- C:\Programme\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.10.01 02:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007.06.22 10:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
PRC - [2005.07.22 15:02:46 | 000,159,744 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.11 22:32:36 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.11 22:32:36 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.05.11 21:37:23 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.05.11 21:37:23 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.02.15 07:03:36 | 000,429,040 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
MOD - [2012.02.15 07:03:34 | 003,772,912 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
MOD - [2012.02.15 07:02:10 | 000,122,880 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avutil-51.dll
MOD - [2012.02.15 07:02:08 | 000,220,672 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avformat-53.dll
MOD - [2012.02.15 07:02:07 | 001,747,456 | ---- | M] () -- C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\avcodec-53.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007.06.22 10:49:06 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.06.22 10:34:44 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2005.10.08 16:27:48 | 000,155,648 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe
MOD - [2005.08.17 13:23:16 | 000,151,552 | ---- | M] () -- C:\Programme\Razer\Copperhead\download.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.06 01:16:11 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.01.28 07:15:33 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.24 18:15:55 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.24 18:15:13 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2011.05.24 18:15:13 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.09.26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.09.13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 23 30 5A 13 78 1D CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lennart\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Complitly plugin for chrome = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: Google Mail = C:\Users\Lennart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Lennart\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [razer] C:\Programme\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.fr - {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Programme\PokerStars.FR\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Lennart\Desktop\PartyPoker.lnk ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09DEE290-71D8-4C7B-9554-FCFFF91136F4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AE83C8C-0E2D-4783-905A-37872C36A583}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lennart\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.11 22:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.11 22:49:02 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lennart\Desktop\esetsmartinstaller_deu.exe
[2012.05.11 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.11 21:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.11 21:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.11 21:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.11 21:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.11 21:25:29 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.11 21:25:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.11 21:25:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.11 21:25:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.10 07:22:44 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.05.10 07:22:44 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012.05.10 07:22:43 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012.05.10 07:22:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.05.10 07:22:43 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012.05.10 07:21:36 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.05.10 07:21:35 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.05.10 07:21:35 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.05.08 19:05:07 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.07 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\reg
[2012.05.07 22:01:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.04 10:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.04 09:49:14 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 20:59:10 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\trojan
[2012.05.03 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Lennart\AppData\Roaming\Malwarebytes
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 17:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 17:57:00 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 17:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.02 09:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3E000CCB160003A3B9570F1C8B
[2012.04.29 07:19:02 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.27 06:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
[2012.04.27 06:01:51 | 000,000,000 | ---D | C] -- C:\Users\Lennart\Desktop\other
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.12 00:31:45 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 00:31:45 | 000,004,880 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.12 00:16:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.11 22:49:05 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lennart\Desktop\esetsmartinstaller_deu.exe
[2012.05.11 22:47:48 | 000,628,118 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.11 22:47:48 | 000,595,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.11 22:47:48 | 000,127,914 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.11 22:47:48 | 000,105,138 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.11 22:32:07 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2012.05.11 22:31:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.11 22:31:38 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 22:30:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.11 21:35:52 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.11 21:32:06 | 000,164,139 | ---- | M] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2012.05.11 21:25:13 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.05.11 21:25:13 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.05.11 21:25:13 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.05.11 21:25:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.05.11 21:25:13 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.11 07:18:09 | 000,002,417 | ---- | M] () -- C:\Users\Lennart\Desktop\TableNinja.lnk
[2012.05.10 08:50:06 | 000,254,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.08 20:19:59 | 009,841,318 | ---- | M] () -- C:\Users\Lennart\Desktop\The Baseballs - I Don't Feel Like Dancing.mp3
[2012.05.08 19:15:09 | 000,302,592 | ---- | M] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:05:07 | 000,001,057 | ---- | M] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:45 | 000,089,088 | ---- | M] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:30 | 001,873,189 | ---- | M] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.06 01:16:11 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.05.06 01:16:11 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.05.04 10:23:10 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.04 09:49:14 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Lennart\Desktop\OTL (1).exe
[2012.05.03 17:57:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.27 06:37:24 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
[2012.04.25 23:57:36 | 000,003,323 | ---- | M] () -- C:\Users\Lennart\Desktop\Xpadder.ini
[2012.04.20 17:32:49 | 007,165,928 | ---- | M] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
 
========== Files Created - No Company Name ==========
 
[2012.05.11 21:35:52 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.08 20:19:45 | 009,841,318 | ---- | C] () -- C:\Users\Lennart\Desktop\The Baseballs - I Don't Feel Like Dancing.mp3
[2012.05.08 19:15:08 | 000,302,592 | ---- | C] () -- C:\Users\Lennart\Desktop\oehmjijz.exe
[2012.05.08 19:05:07 | 000,001,057 | ---- | C] () -- C:\Users\Lennart\Desktop\Revo Uninstaller.lnk
[2012.05.08 18:54:22 | 000,066,500 | ---- | C] () -- C:\Users\Lennart\Desktop\husng.com-nash.jpg
[2012.05.07 22:22:49 | 000,089,088 | ---- | C] () -- C:\Windows\System32\mbr.exe
[2012.05.07 22:21:44 | 000,089,088 | ---- | C] () -- C:\Users\Lennart\Desktop\mbr.exe
[2012.05.07 20:40:11 | 001,873,189 | ---- | C] () -- C:\Users\Lennart\Desktop\Foto0457.jpg
[2012.05.04 10:23:10 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.03 17:57:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.02 07:47:46 | 000,021,746 | ---- | C] () -- C:\Users\Lennart\Desktop\adv.4bet-chart.jpg
[2012.04.29 07:19:05 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.20 17:32:35 | 007,165,928 | ---- | C] () -- C:\Users\Lennart\Desktop\Mike Candys feat. Evelyn & Patrick Miller - 2012  (If The World Would End) (Official Video HD).mp3
[2012.04.11 14:24:33 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.02.21 15:01:03 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.21 15:01:03 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll
[2012.02.21 15:01:03 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2011.08.22 16:25:28 | 000,077,824 | ---- | C] () -- C:\Windows\System32\CamTraxAPI.dll
[2011.06.02 21:56:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.29 00:27:14 | 000,005,120 | ---- | C] () -- C:\Users\Lennart\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.28 09:08:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.28 09:08:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.25 07:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.05.24 21:35:34 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.24 20:19:54 | 000,000,045 | ---- | C] () -- C:\Users\Lennart\AppData\Local\machpro.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.dat
[2011.05.24 18:50:17 | 000,164,139 | ---- | C] () -- C:\Users\Lennart\AppData\Roaming\nvModes.001
[2011.05.24 18:26:09 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.05.24 16:16:35 | 000,000,552 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d8caps.dat
[2011.05.24 15:34:47 | 000,000,680 | ---- | C] () -- C:\Users\Lennart\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2012.05.11 17:42:09 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Applian FLV and Media Player
[2011.06.10 22:48:01 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canneverbe Limited
[2011.08.12 17:46:56 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Canon
[2012.01.30 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Complitly
[2012.02.21 15:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\concept design
[2012.02.17 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DonationCoder
[2012.01.14 22:34:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoft
[2011.10.28 10:49:45 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.29 08:40:24 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\HEM Data
[2012.05.11 21:03:40 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ICQ
[2012.03.09 15:58:37 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\NesterSoft
[2011.05.27 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\OpenOffice.org
[2012.05.03 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Oqgi
[2011.10.20 21:54:11 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\PacificPoker
[2011.05.24 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Roaming
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Savai
[2012.04.27 15:22:22 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Unylle
[2012.05.03 19:32:41 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\Yzbowia
[2012.05.07 21:54:35 | 000,000,000 | ---D | M] -- C:\Users\Lennart\AppData\Roaming\ZiggyTV
[2012.05.11 22:30:59 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---


OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 12.05.2012 00:27:06 - Run 5
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Lennart\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 56,55% Memory free
4,23 Gb Paging File | 3,10 Gb Available in Paging File | 73,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 108,21 Gb Free Space | 61,40% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 5,00 Gb Free Space | 67,06% Space Free | Partition Type: FAT32
 
Computer Name: LG-VAIO | User Name: Lennart | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F8F97547-8641-40FE-8D4F-DD6D47C83DC6}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EF8326A-C7B5-4B72-9429-929F8A7915BD}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{1E56E5E6-89C6-4057-ABC3-660876B2D0F2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{499D8AC4-DBE4-43ED-80E1-5E6F0DB6158A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{51833592-6F9A-4D6B-B0E5-E3DFA62F88E6}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{5483413C-C756-43B3-BA02-64C83705320A}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{63A96121-1CA8-486E-AAF2-973F8461634A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{6BFFA87B-EAD1-4EDF-B042-880A6430953A}" = protocol=17 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{6F1B8BFD-8F40-48D5-8298-23894CDC8DB4}" = protocol=6 | dir=in | app=c:\handsfreepoker\handsfreepoker.exe | 
"{9529D3BC-A351-4061-9EBA-B4C722F3F4FE}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{96A528DA-90C7-429A-93C5-D7B7C3651BCD}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{9A5B7B1F-B29A-4C67-BECE-B6149DE20D1C}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A036A6C2-FA5D-4B1C-8A74-3B8455B52255}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0395603-8E1D-4564-9809-FF189B59A552}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{E0562FF7-DAF0-4636-8AAF-A1B9E058D406}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"{EA9AAC48-9845-45BD-8856-906BC6B2C06D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{6E0FE478-95AB-4293-B263-18A744D68ECB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{C768F9C2-F4A9-4D65-9387-CA805B6C9CC7}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{E621255A-6118-4D9E-A9F5-7EE0783FCB60}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{EAABC7A3-1CE7-4CCB-B332-BCD3CA12711A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{04A92F29-C15D-45E3-951F-A8CEDAC4DA8E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{6D16EAE4-A642-4C9C-B114-CDB5976B5261}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{998978EE-A97B-490C-B164-5AA0CF73119E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{9E1F8011-42CF-44C8-8194-83209371B469}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{177ADA1F-6D3B-404A-99DA-D7E0E2A36621}_is1" = Videograbber 2010
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{40E00130-657E-4B28-8CF2-47473B75C9DB}" = HandsFreePoker 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FFBB818-B13C-11E0-931D-B2664824019B}_is1" = Complitly
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = concept/design onlineTV 6
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{835F8A61-F790-4500-B2D0-E289D59B3DEC}" = TableNinjaFT
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B53604B3-8612-4F21-8EBC-34D34ECB0DE2}" = TableNinja
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4131DB6-878D-4D3C-89C1-D1AFBB8E6B3D}" = PokerStrategy.com Equilab
"{D6D5CFB3-7095-4073-B6B7-B7E909838C57}" = Razer Copperhead
"888poker" = 888poker
"A6FEF586A1321319232A34BE6C2169C224776510" = Windows-Treiberpaket - Ricoh R5U870 (UVC)  (06/18/2007 6.1004.211.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AutoHotkey" = AutoHotkey 1.0.48.05
"CamSpace" = CamSpace
"Canon MP620 series Benutzerregistrierung" = Canon MP620 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Disketch" = Disketch CD Label Software
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EuroPoker_is1" = EuroPoker
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"HoldemManager" = Holdem Manager
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.fr" = PokerStars.fr
"PostgreSQL 8.4" = PostgreSQL 8.4
"Revo Uninstaller" = Revo Uninstaller 1.93
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"The Video Diary" = The Video Diary
"TIMELEFT3_is1" = TimeLeft
"V4PKR" = V4PKR
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.9
"WebcamVideoDiary_is1" = WebcamVideoDiary 1.02.01
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6079ee11468c7023" = e-Speaking Voice and Speech Recognition Software
"Google Chrome" = Google Chrome
"William Hill Poker" = William Hill Poker
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

--- --- ---



11)=???