|
Log-Analyse und Auswertung: iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, HintergrundmusikWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.07.2010, 22:35 | #1 |
| iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Hallo, Ich habe bereits viel auf eurem Board und im Internet gestöbert, kann aber keine Universalanleitung zum bereinigen dieses Problems finden (gibt es evtl auch nicht?!). Allerdings hatten gab es heute schon einige Anfragen zur gleichen Problematik! Wie bei den anderen auch habe ich ständig IE-Popups (nutze Firefox), ständig 2 automatisch startende iexplore.exe Prozesse, etwa alle halbe Stunde 20 sek Schlachtmusik im Hintergrund sowie eine sich selbstständig machende Wave-Lautstärke. Ich hoffe ihr könnt mir irgendwie helfen, bitte?! Hier mein Hijack-Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:16:57, on 18.07.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Windows SteadyState\SCTSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\CDBurnerXP\NMSAccessU.exe C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe C:\Programme\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\FlashMute\FlashMute.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\UltraMon\UltraMon.exe C:\Programme\UltraMon\UltraMonTaskbar.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe C:\WINDOWS\system32\taskmgr.exe C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [XboxStat] "c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\RunOnce: [IERESETATTRIB] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\system32\ieudinit.exe -ResetFileAttributes O4 - HKLM\..\RunOnce: [IERESETICONS] %SystemRoot%\system32\cmd.exe /d /q /c %SystemRoot%\iereseticons.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [FlashMute] C:\Programme\FlashMute\FlashMute.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Default user') O4 - Global Startup: AutorunsDisabled O4 - Global Startup: UltraMon.lnk = ? O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O14 - IERESET.INF: START_PAGE_URL=hxxp://www.asus.com O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - hxxp://simcity.ea.com/play/classic/SimCityX.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\system32\mstmdm.dll (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 12163 bytes PS: Ja, ich weiß mein System ist verhunzt...wird nach der Masterarbeit neu aufgesetzt (Backups mache ich regelmäßig) |
18.07.2010, 22:57 | #2 |
/// Malwareteam | iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, HintergrundmusikEine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
Schritt 2 Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
18.07.2010, 23:29 | #3 |
| iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Danke für die schnelle Antwort...hier schon mal die Log-Files von OTL:
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 18.07.2010 23:59:59 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Tristan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 270,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,67 Gb Total Space | 3,58 Gb Free Space | 4,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT F: Drive not present or media not loaded Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASUS_LAPTOP Current User Name: Tristan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\HiJackThis.exe (Trend Micro Inc.) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) PRC - C:\Programme\UltraMon\UltraMon.exe (Realtime Soft Ltd) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\Programme\FlashMute\flashmute.exe () PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\sndvol32.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation) MOD - C:\Programme\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd) MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd) MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\FlashMute\mutelib.dll () MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Windows SteadyState) -- C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (nTuneService) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Spiele\UltraStar Deluxe\zlportio.sys File not found DRV - (TSP) -- C:\WINDOWS\System32\DRIVERS\klif.sys File not found DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys File not found DRV - (s24trans) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys File not found DRV - (RTCore32) -- C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\rmclock_235_bin\RTCore32.sys File not found DRV - (naecd) -- C:\DOKUME~1\Tristan\LOKALE~1\Temp\naecd.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation) DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI Professional LLC) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (BDA_Loader_225) -- C:\WINDOWS\system32\drivers\BDA_Loader_225.sys (WideView Technology Inc.) DRV - (BDA_Capture_225) -- C:\WINDOWS\system32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD) DRV - (WDM_Capture_225) -- C:\WINDOWS\system32\drivers\WDM_Capture_225.sys (Computer & Entertainment, Inc.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC) DRV - (risdpntk) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys (REDC) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.isnichwahr.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.22 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 12:17:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.03 12:17:50 | 000,000,000 | ---D | M] [2008.07.21 19:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Extensions [2010.07.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions [2010.07.07 09:55:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.02.13 13:37:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} [2010.04.20 16:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.02.04 15:44:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2009.08.26 08:06:59 | 000,000,000 | ---D | M] (TableTools) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A} [2010.01.19 17:21:17 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2009.09.21 15:48:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.05.15 15:49:08 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.07.15 18:04:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.08.03 00:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} [2010.07.17 13:10:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.23 10:05:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.07.15 18:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\autopager@mozilla.org [2010.02.12 22:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.11.28 15:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\firefox@tvunetworks.com [2009.08.11 18:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\moveplayer@movenetworks.com [2010.07.17 13:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\staged-xpis [2009.08.24 21:37:12 | 000,005,318 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\com-searchde.xml [2009.09.19 11:05:43 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\transfermarktde.xml [2009.10.09 03:22:33 | 000,004,153 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\youtube.xml [2010.07.18 15:37:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.03 12:17:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.03 12:17:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.03 12:17:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.03 12:17:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.03 12:17:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.24 22:50:21 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [FlashMute] C:\Programme\FlashMute\flashmute.exe () O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [IERESETATTRIB] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [IERESETICONS] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2009.06.11 11:26:43 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\System32\mstmdm.dll File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008.05.09 06:19:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\AutoRun\command - "" = H:\ O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.18 23:59:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe [2010.07.18 22:57:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\ieResetIcons.exe [2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.17 12:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.07.14 11:58:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.07.09 19:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.09 19:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.18 23:59:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe [2010.07.18 23:14:25 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\NTUSER.DAT [2010.07.18 22:58:48 | 000,000,230 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf [2010.07.18 22:48:45 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.07.18 22:48:14 | 000,021,876 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.07.18 22:46:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.18 22:46:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.18 22:36:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.07.17 12:32:18 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.15 17:50:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.11 15:01:04 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc [2010.07.10 15:08:32 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk [2010.07.09 16:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.04 22:33:58 | 000,108,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.23 20:12:18 | 001,044,772 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.23 20:12:18 | 000,478,288 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.23 20:12:18 | 000,436,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.23 20:12:18 | 000,091,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.23 20:12:18 | 000,068,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.20 03:36:00 | 000,038,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel [2010.06.20 00:38:20 | 000,222,257 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Kai Moritz.jpg [2010.06.19 01:29:40 | 000,002,369 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes Folder Watch (Manual).lnk [45 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [41 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.18 22:58:48 | 000,000,230 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf [2010.07.17 12:32:18 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.11 15:00:46 | 000,045,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc [2010.07.10 15:08:32 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk [2010.06.20 03:36:00 | 000,038,545 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel [2010.06.20 00:46:15 | 000,222,257 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Kai Moritz.jpg [2010.02.12 13:21:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010.02.12 13:21:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010.02.12 13:21:22 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2009.11.30 22:26:59 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.10.01 09:34:54 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI [2009.04.08 03:03:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2008.12.18 04:10:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\acez3dfireplace.ini [2008.12.03 03:38:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008.07.23 20:24:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.07.09 22:21:44 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008.07.09 22:21:41 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008.07.04 09:32:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008.05.26 18:56:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008.05.21 10:33:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008.05.14 19:29:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.05.14 18:53:26 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.05.10 13:22:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008.05.09 06:41:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.05.09 06:38:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2008.05.09 06:30:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2008.05.09 06:25:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2008.05.09 06:25:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008.05.09 06:23:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2008.05.09 06:00:31 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini [2008.05.09 05:58:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll [2005.03.02 13:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.09.07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004.09.07 16:34:59 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI ========== LOP Check ========== [2010.03.27 23:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton [2009.11.30 22:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\id Software [2010.05.12 19:39:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iTunesFolderWatch [2009.10.05 00:01:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU [2010.04.22 04:27:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ODIR [2008.09.22 03:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap [2009.02.23 12:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.04.01 00:32:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.02.23 12:58:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2010.03.02 16:26:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.07.24 16:26:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\1&1 [2010.03.27 23:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Ableton [2008.11.23 17:37:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Akai Professional LLC [2010.02.08 07:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Amazon [2009.04.28 10:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Canneverbe_Limited [2009.02.25 02:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Conor O'Kane [2010.02.18 01:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Cornelsen [2008.07.09 21:52:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\DAEMON Tools [2010.06.12 05:25:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\foobar2000 [2008.11.17 05:15:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\GetRightToGo [2010.06.20 03:36:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\gtk-2.0 [2010.07.17 13:00:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\ICQ [2009.02.22 20:23:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\id Software [2008.08.02 00:35:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\InterVideo [2009.07.06 19:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\IrfanView [2008.12.06 02:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Leadertech [2009.01.07 20:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper [2008.06.28 20:51:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\RouterControl [2008.07.29 20:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Steinberg [2010.03.28 05:51:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\TeamViewer [2008.05.21 10:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\TuneUp Software [2009.05.26 00:03:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Vso [2008.05.19 14:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Windows Desktop Search ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 19.07.2010 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Tristan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 270,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 63,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,67 Gb Total Space | 3,58 Gb Free Space | 4,92% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT F: Drive not present or media not loaded Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ASUS_LAPTOP Current User Name: Tristan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- () "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "H:\Installed\Civ4\Civilization4.exe" = H:\Installed\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found "C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- () "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) "C:\Spiele\Combat Arms EU\NMService.exe" = C:\Spiele\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.) "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- () "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel "{1C94C999-15D2-4C75-9A73-BCC8A677D42E}" = UltraMon "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 18 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37D19D22-032C-469E-822B-9F8BD743106E}" = Tiger Woods PGA Tour Golf "{3BE00B77-04AC-4DFF-BD95-BFF23CB29C27}" = iTunesFolderWatch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads! "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1" = GTR 2 1.0.0.0 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{7915FC23-4DB3-4C23-BE74-443ACD13E4A2}_is1" = Archlord Episode 3 "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8667C09D-CD26-40BB-95F6-423272ACAA0A}_is1" = WinTimeKill 3.2 "{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0 "{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads! "{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising "{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "7-Zip" = 7-Zip 4.65 "AC3Filter" = AC3Filter (remove only) "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.4 Professional "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen "AirStrike 3D: Operation W.A.T." = AirStrike 3D: Operation W.A.T. "Alien Shooter 2" = Alien Shooter 2 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ASIO4ALL" = ASIO4ALL "Asus ChkMail" = Asus ChkMail "Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "Billiard Master 2" = Billiard Master 2 "Bowling Master" = Bowling Master "Collab" = Collab "Combat Arms EU" = Combat Arms EU "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Duden" = Duden "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition "EAX Unified" = EAX Unified "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FL Studio 8" = FL Studio 8 "foobar2000" = foobar2000 v0.9.6 "Gestrandet" = Gestrandet "Gothic II" = Gothic II "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "Hamachi" = Hamachi 1.0.3.0 "HControl" = ATK0100 ACPI UTILITY "HijackThis" = HijackThis 2.0.2 "Homeworld2" = Homeworld2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "IL Download Manager" = IL Download Manager "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Live 8.0.1" = Live 8.0.1 "MediaMonkey_is1" = MediaMonkey 3.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MotoGear" = MotoGear "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Native Instruments Traktor Dj Studio v3.0.1.108" = Native Instruments Traktor Dj Studio v3.0.1.108 "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 "NVIDIA Drivers" = NVIDIA Drivers "ODIR_is1" = ODIR "Orions" = Orions "PartyPoker" = PartyPoker "PGS Pair it" = PGS Pair it "Playlogic_KOTT2" = Knights of the Temple 2 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "QuicktimeAlt_is1" = QuickTime Alternative 2.8.0 "RealAlt_is1" = Real Alternative 1.9.0 "RouterControl" = RouterControl 1.91 "SFT Loader" = SFT Loader 2006 b4 "SopCast" = SopCast 3.0.3 "Spb Brain Evolution for Pocket PC" = Spb Brain Evolution for Pocket PC "Spb Finance" = Spb Finance "Spb Pocket Plus" = Spb Pocket Plus "Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TeamViewer 5" = TeamViewer 5 "Tilelander" = Tilelander "Toxic Biohazard" = Toxic Biohazard "TVAnts 1.0" = TVAnts 1.0 "UltraISO_is1" = UltraISO Premium V9.33 "UltraStar Deluxe" = UltraStar Deluxe "Update Service" = Update Service "UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VideoLAN VLC media player 0.8.6f "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.4.6 "WinRAR archiver" = WinRAR "WisBar Advance Desktop_is1" = WisBar Advance Desktop 1.0 build 5 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "wsu_is1" = WinSpeedUp 2.9 "wwtbam" = wwtbam "X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07 "X-Lite 1.5_is1" = X-Lite 3.0 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FlashMute" = FlashMute "Skat-Online V7" = Skat-Online V7 "Vietcong 2" = Vietcong 2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.07.2010 16:40:16 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 71391 Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 86985 Error - 18.07.2010 16:40:32 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 86985 Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 102610 Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 102610 Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 118250 Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 118250 [ OSession Events ] Error - 30.11.2008 12:34:38 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18168 seconds with 300 seconds of active time. This session ended with a crash. Error - 19.12.2008 01:33:10 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 486 seconds with 180 seconds of active time. This session ended with a crash. Error - 22.01.2009 04:40:25 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 704 seconds with 300 seconds of active time. This session ended with a crash. Error - 25.03.2009 03:45:32 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19637 seconds with 240 seconds of active time. This session ended with a crash. Error - 19.04.2009 06:28:31 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1626 seconds with 60 seconds of active time. This session ended with a crash. Error - 06.10.2009 08:08:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5739 seconds with 240 seconds of active time. This session ended with a crash. Error - 11.12.2009 07:46:48 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10606 seconds with 180 seconds of active time. This session ended with a crash. Error - 17.12.2009 03:08:28 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3274 seconds with 300 seconds of active time. This session ended with a crash. Error - 04.02.2010 02:32:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57008 seconds with 3480 seconds of active time. This session ended with a crash. Error - 04.03.2010 12:55:39 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27168 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 14.07.2010 05:40:42 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen. Error - 14.07.2010 05:40:56 | Computer Name = ASUS_LAPTOP | Source = ipnathlp | ID = 32003 Description = Der Übersetzer für Netzwerkadressen (NAT) konnte keine Anfrage des Übersetzungsmoduls des Kernelmodus stellen. Möglicherweise liegen eine falsche Konfiguration, unzureichende Ressourcen oder ein interner Fehler vor. Die Daten enthalten den Fehlercode. Error - 15.07.2010 11:51:44 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter. Error - 15.07.2010 11:51:44 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 17.07.2010 06:17:57 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen. Error - 17.07.2010 06:18:42 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst nTuneService. Error - 17.07.2010 06:19:09 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst stisvc. Error - 18.07.2010 09:27:23 | Computer Name = ASUS_LAPTOP | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 5.216.255.157 über die Netzwerkkarte mit der Netzwerkadresse 7A7905D8FF9D ist verloren gegangen. Error - 18.07.2010 16:26:38 | Computer Name = ASUS_LAPTOP | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {9E175B68-F52A-11D8-B9A5-505054503030} Error - 18.07.2010 16:39:02 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst nTuneService. [ TuneUp Events ] Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > |
19.07.2010, 11:05 | #4 |
| iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Guten Morgen, Habe über Nacht den Rootkit-Scan laufen lassen - hat ganz schön gedauert, aber jetzt ist die Log-File da: Gmer.log: GMER Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit scan 2010-07-19 11:41:29 Windows 5.1.2600 Service Pack 3 Running: rskhylmd.exe; Driver: C:\DOKUME~1\Tristan\LOKALE~1\Temp\pwriqpog.sys ---- System - GMER 1.0.15 ---- SSDT F7B6383E ZwCreateKey SSDT F7B63834 ZwCreateThread SSDT F7B63843 ZwDeleteKey SSDT F7B6384D ZwDeleteValueKey SSDT F7B63852 ZwLoadKey SSDT F7B63820 ZwOpenProcess SSDT F7B63825 ZwOpenThread SSDT F7B6385C ZwReplaceKey SSDT F7B63857 ZwRestoreKey SSDT F7B63848 ZwSetValueKey SSDT F7B6382F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF1671300, 0x3AE88, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF786F300, 0x1B7E, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\USBSTOR \Device\0000009c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\USBSTOR \Device\000000a1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\VClone \Device\Scsi\VClone1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\VClone \Device\Scsi\VClone1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0x3E 0x98 0xEA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x62 0x46 0xD3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0xE5 0xB6 0x9F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0xD9 0x14 0x93 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x58 0x3E 0x98 0xEA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x62 0x46 0xD3 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0xE5 0xB6 0x9F ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x67 0xD9 0x14 0x93 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x56 0x66 0xEF 0xB5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xF5 0xAD 0x50 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA2 0x52 0x10 0x0A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0xCB 0x6E 0xEA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x71 0xE5 0xB6 0x9F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x76 0xC3 0xD1 0x14 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3144017088-4020193912-339086136-1005@RefCount 55 ---- EOF - GMER 1.0.15 ---- --- --- --- PS: Können die Emulations-Programme wieder per "defogger" aktiviert werden? |
19.07.2010, 13:44 | #5 |
/// Malwareteam | iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Du kannst mit DeFogger die Laufwerke wieder aktivieren und den DeFogger dann löschen. Die Infektion hast Du Dir über ein externen Medium geholt. Schritt 1 Teatimer abstellen Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung. Schritt 2 Desinfizierung/Absicherung externer Medien Lade Dir den Flash Disinfector von sUBs und speichere Flash_Disinfector.exe auf Deinem Desktop ab. Gehe nun wie folgt vor:
Flash Disinfector desinfiziert all Deine Laufwerke von Autoruninfektionen und erstellt einen versteckten Ordner mit demselben Namen, so dass dein Datenträger in Zukunft vor dieser Infektion geschützt ist. Während dem Scan wird Dein Desktop kurzfristig verschwinden und dann wiederkommen. Das ist normal. Schritt 3 Java aktualisieren Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu. Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen. Schritt 4 Sicherheitsrisiko Adobe Arcrobat Reader Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Die Empfehlung lautet, die alte Version über Systemsteuerung => Software zu deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. Starte den Rechner neu und downloade den aktuellen Acrobat-Reader 9.3.x herunter und installiere ihn, achte bei der Installation darauf, Zusatzprogramme und/oder Toolbars abzuwählen. Da der Adobe Acrobat Reader immer häufiger für gezielte Verbreitung von Malware genutzt wird, kannst Du stattdessen auch einen alternativen PDF-Anzeiger zu nutzen, beispielsweise den Foxit PDF Reader. Er ist "schlanker" und benutzt weniger Resourcen. Achte auch hier darauf, bei der Installation Zusatzprogramme und/oder Toolbars abzuwählen. Schritt 5 C:\Programme\Bonjour\mDNSResponder.exe Bei Dir läuft Bonjour, welches von Apple ungefragt z. B. bei iTunes oder Safari-Browser mitinstalliert wird. Das Programm wird von vielen Usern gar nicht gebraucht. Ich habe bei Wikipedia ausführliche Informationen zu dem Programm Bonjour gefunden und beschreibe Dir im Anschluss, wie man das Programm wieder deinstallieren kann, falls das über den normalen Weg Systemsteuerung - Software nicht möglich ist. Solltest Du es nicht brauchen, bitte zunächst versuchen, es über Systemsteuerung => Software zu deinstallieren. Sollte das nicht möglich sein, fahre wie folgt fort:
Schritt 6 Fixen mit OTL
Code:
ATTFilter :OTL O21 - SSODL: UpdateCheck - {F536F5F7-8B63-42E9-B6BB-CCA3105651A4} - C:\WINDOWS\System32\mstmdm.dll O4 - HKCU..\Run: [] File not found O4 - HKLM..\Run: [KernelFaultCheck] File not found O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\AutoRun\command - "" = H:\ O33 - MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell - "" = AutoRun O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\AutoRun\command - "" = G:\ -- File not found O33 - MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\Shell\open\Command - "" = rundll32.exe .\desktop.dll,InstallM O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play :Commands [CLEARALLRESTOREPOINTS] [purity] [emptytemp]
Schritt 7 Downloade Malwarebytes Anti-Malware (ca. 2 MB) von einem dieser Downloadspiegel: Malwarebytes - MajorGeeks.com - BestTechie
|
19.07.2010, 20:26 | #6 |
| iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Guten Abend, Ich habe jetzt die Schritte 1-6 abgearbeitet wie du es beschrieben hast (wirklich super verständlich, danke). Schritt 2: Ist es korrekt, das der Flash Disinfecter kaum 5 Sekunden für den Scan benötigt? Kam mir verdächtig kurz vor, bei 2 externen Speichermedien und interner 80GB Platte. Schritt 6: Die OTL.exe ist beim ersten Fixversuch kurz vorm Ende abgeschmiert. Beim Neustart gab es leider auch keine Log-File. Daher habe ich den Fix einfach nochmal durchgeführt und er ist wieder am Ende abgestürzt. Diesmal sagte er vorher aber schon "Prozess Complete" und beim Neustarten habe ich auch eine Log-File gehabt. (Hätte ich wieder die SafeList bei Extra-Registrierung und LOP- und Purity-Prüfung ankreuzen müssen?) Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\UpdateCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F536F5F7-8B63-42E9-B6BB-CCA3105651A4}\ not found. File C:\WINDOWS\System32\mstmdm.dll not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found. Item G:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1d4a5efc-cdea-11dd-aee3-0012f09d3bad}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8eb66386-3f0f-11df-b0ac-0012f09d3bad}\ not found. File G:\Menu.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a38331cb-176d-11df-b086-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found. Item H:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba4abe62-31c2-11df-b0a0-0012f09d3bad}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb47865f-6f59-11dd-aa95-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found. Item G:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4443c20-3fde-11df-b0ae-0012f09d3bad}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdcae8d3-2694-11dd-96c0-0012f09d3bad}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found. Item G:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5dd17c0-03c8-11df-b072-0012f09d3bad}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found. Item G:\ is whitelisted and cannot be moved. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcad9a5a-a11b-11dd-ae8d-0012f09d3bad}\ not found. File rundll32.exe .\desktop.dll,InstallM not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File .\recycled\info.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. ========== COMMANDS ========== Unable to start service SRService! [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 208658 bytes ->Flash cache emptied: 75 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes User: Gast ->Temp folder emptied: 161602 bytes ->Temporary Internet Files folder emptied: 101007 bytes ->FireFox cache emptied: 67321646 bytes ->Flash cache emptied: 5357 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 465852 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 144185235 bytes ->Flash cache emptied: 1492 bytes User: Tristan ->Temp folder emptied: 1120445786 bytes ->Temporary Internet Files folder emptied: 294978092 bytes ->Java cache emptied: 89055034 bytes ->FireFox cache emptied: 66250564 bytes ->Flash cache emptied: 1620727 bytes User: Uni ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 75 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 3775367 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 28008034 bytes RecycleBin emptied: 333463024 bytes Total Files Cleaned = 2.051,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 07192010_205652 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[10] not found! File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[11] not found! File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[8] not found! File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\BKW9UX47\st[9] not found! Registry entries deleted on Reboot... Nochmal tausend Dank für die Mühe. |
19.07.2010, 21:48 | #7 |
/// Malwareteam | iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Die Dateien dürfte bereits beim zweiten Fix gelöscht worden sein. Ja Flashdesinfector geht nicht lange das ist normal. Führe noch Schritt 7 aus. Danach poste gleich noch neue OTL Logs: Erneuter Systemscan mit OTL
|
20.07.2010, 13:30 | #8 |
| iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Mahlzeit, Habe gestern noch den Anti-Malware Scan gemacht und danach die OTL.exe ausgeführt. Die Log-Files gibt es im Anhang. Leider habe ich aber immer noch 2 laufende (und selbstständig neu startende) iexplore.exe Prozesse, ständige Ppups ohne erkennbaren Grund und auch die Wave-Lautstärke führt nach wie vor ein Eigenleben. Hast du noch eine Idee was man tun könnte? Oder habe ich etwas falsch gemacht? Die allgemeine Performance des Systems ist allerdings besser geworden. Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4327 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 20.07.2010 02:14:29 mbam-log-2010-07-20 (02-14-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|G:\|H:\|M:\|) Durchsuchte Objekte: 329062 Laufzeit: 2 Stunde(n), 22 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 1 Infizierte Dateien: 11 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\Programme\VVSN (Adware.WhenU) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Programme\Image-Line\Toxic Biohazard\Toxic Biohazard.dll (Trojan.Backdoor) -> Quarantined and deleted successfully. C:\Audio\Cubase SX\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Audio\Traktor DJ Studio 3\UNWISE.EXE (Malware.Packer.Morphine) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\Tools\FlashMute_2.exe (Adware.BetterInternet) -> Quarantined and deleted successfully. C:\Spiele\Flat Out 2\Trainer\pdtrain.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. H:\Backup Tristan\Downloads\TuneUpUtilities2009.8.0.2000.35\Keygen(FFF)\TuneUp.Utilities.2009-keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. M:\Keygen.EXE (Trojan.Agent) -> Quarantined and deleted successfully. M:\Downloads\Programme & Tools\Internet-Tools\Downloaden\ALPlugin-1.0.2.4-setup.exe (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully. M:\Downloads\Programme & Tools\Burning-Tools\Alcohol 1.9.5\Activator\alcohol_activator.exe (Trojan.Agent) -> Quarantined and deleted successfully. M:\Downloads\Programme & Tools\Audio-Tools\Tools\MP3\Winamp 5.03\Viz\Cubes_Visualization.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. M:\Downloads\Programme & Tools\Audio-Tools\Novation\Novation.V-Station.VSTi.v1.20.Incl.KeyGen-H2O\nvsta120.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully. Code:
ATTFilter OTL Extras logfile created on: 20.07.2010 02:38:46 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Tristan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 565,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,67 Gb Total Space | 5,56 Gb Free Space | 7,65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT F: Drive not present or media not loaded Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32 Drive H: | 74,53 Gb Total Space | 0,57 Gb Free Space | 0,77% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive M: | 279,39 Gb Total Space | 21,82 Gb Free Space | 7,81% Space Free | Partition Type: FAT32 Computer Name: ASUS_LAPTOP Current User Name: Tristan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- () "C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.) "H:\Installed\Civ4\Civilization4.exe" = H:\Installed\Civ4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- File not found "C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- () "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon) "C:\Spiele\Combat Arms EU\CombatArms.exe" = C:\Spiele\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon) "C:\Spiele\Combat Arms EU\Engine.exe" = C:\Spiele\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon) "C:\Spiele\Combat Arms EU\NMService.exe" = C:\Spiele\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.) "C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- () "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Oracle) "C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- () "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{005E738B-5A0A-4483-A900-877D183A8F45}_is1" = BlindWrite 6 "{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3 "{0325F1C1-883A-41AB-8981-B27359ABDFAF}" = Joint Operations: Typhoon Rising "{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets "{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel "{1C94C999-15D2-4C75-9A73-BCC8A677D42E}" = UltraMon "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2EB3B0AB-4FEB-4548-B7E7-7A0E73F69125}" = CrazyTalk v5.1 SE "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{37D19D22-032C-469E-822B-9F8BD743106E}" = Tiger Woods PGA Tour Golf "{3BE00B77-04AC-4DFF-BD95-BFF23CB29C27}" = iTunesFolderWatch "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4 "{44E1DE63-C8FA-4C70-B4AA-0C49A947ACDE}" = Sid Meier's Railroads! "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam, NB Pro "{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3 "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{53BA6007-3516-4CF8-844D-80FA625E6ACD}_is1" = GTR 2 1.0.0.0 "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass® Client "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files "{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{7915FC23-4DB3-4C23-BE74-443ACD13E4A2}_is1" = Archlord Episode 3 "{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles "{8667C09D-CD26-40BB-95F6-423272ACAA0A}_is1" = WinTimeKill 3.2 "{8865B208-4759-4308-8DB5-3C18D2F568E2}" = CrazyTalk for Skype "{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6 "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis 3 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0 "{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}" = Prey "{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch "{AC76BA86-7AD7-2448-5A64-7E8A45000001}" = Adobe Reader Chinese Traditional Fonts "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{B9D0D8B4-928A-4BC8-8681-20DEB8633602}_is1" = CoH Vire Map Pack "{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3 "{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3 "{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState "{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3 "{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3 "{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash "{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler "{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3 "{EE3FBD3C-782E-4A90-9507-0ECFE1FECCE4}" = Sid Meier's Railroads! "{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising "{F87F2E18-4720-4F97-B3E5-E930D649D92B}" = Mobile Mouse Server "{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "7-Zip" = 7-Zip 4.65 "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen "AirStrike 3D: Operation W.A.T." = AirStrike 3D: Operation W.A.T. "Alien Shooter 2" = Alien Shooter 2 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "ASIO4ALL" = ASIO4ALL "Asus ChkMail" = Asus ChkMail "Asus_A6_ScreenSaver" = Asus_A6_ScreenSaver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind "Billiard Master 2" = Billiard Master 2 "Bowling Master" = Bowling Master "Collab" = Collab "Combat Arms EU" = Combat Arms EU "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Duden" = Duden "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition "EAX Unified" = EAX Unified "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FL Studio 8" = FL Studio 8 "foobar2000" = foobar2000 v0.9.6 "Gestrandet" = Gestrandet "Gothic II" = Gothic II "Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben "Hamachi" = Hamachi 1.0.3.0 "HControl" = ATK0100 ACPI UTILITY "HijackThis" = HijackThis 2.0.2 "Homeworld2" = Homeworld2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "IL Download Manager" = IL Download Manager "InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA "InstallShield_{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}" = Quake 4(TM) "InstallShield_{169E414A-37C7-434E-9021-27A03AE087CD}" = ASUS Video Security "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune "InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters "IrfanView" = IrfanView (remove only) "JDownloader" = JDownloader "Live 8.0.1" = Live 8.0.1 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaMonkey_is1" = MediaMonkey 3.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MotoGear" = MotoGear "MozBackup" = MozBackup 1.4.9 "Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6) "Native Instruments Traktor Dj Studio v3.0.1.108" = Native Instruments Traktor Dj Studio v3.0.1.108 "Network Stumbler" = Network Stumbler 0.4.0 (remove only) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06 "NVIDIA Drivers" = NVIDIA Drivers "ODIR_is1" = ODIR "Orions" = Orions "PartyPoker" = PartyPoker "PGS Pair it" = PGS Pair it "Playlogic_KOTT2" = Knights of the Temple 2 "PoiZone" = PoiZone "PunkBusterSvc" = PunkBuster Services "QuicktimeAlt_is1" = QuickTime Alternative 2.8.0 "RealAlt_is1" = Real Alternative 1.9.0 "RouterControl" = RouterControl 1.91 "SFT Loader" = SFT Loader 2006 b4 "SopCast" = SopCast 3.0.3 "Spb Brain Evolution for Pocket PC" = Spb Brain Evolution for Pocket PC "Spb Finance" = Spb Finance "Spb Pocket Plus" = Spb Pocket Plus "Steinberg Cubase SX v2.01" = Steinberg Cubase SX v2.01 "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemRequirementsLab" = System Requirements Lab "TeamViewer 5" = TeamViewer 5 "Tilelander" = Tilelander "Toxic Biohazard" = Toxic Biohazard "TVAnts 1.0" = TVAnts 1.0 "UltraISO_is1" = UltraISO Premium V9.33 "UltraStar Deluxe" = UltraStar Deluxe "Update Service" = Update Service "UUSEE(ÓÆÊÓÍøÂçµçÊÓ)" = UUSEE(ÓÆÊÓÍøÂçµçÊÓ) 4.3.6.5 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VideoLAN VLC media player 0.8.6f "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.4.6 "WinRAR archiver" = WinRAR "WisBar Advance Desktop_is1" = WisBar Advance Desktop 1.0 build 5 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "wsu_is1" = WinSpeedUp 2.9 "wwtbam" = wwtbam "X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07 "X-Lite 1.5_is1" = X-Lite 3.0 "Zattoo" = Zattoo 3.3.4 Beta ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FlashMute" = FlashMute "Skat-Online V7" = Skat-Online V7 "Vietcong 2" = Vietcong 2 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 102610 Error - 18.07.2010 16:40:47 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 102610 Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 118250 Error - 18.07.2010 16:41:03 | Computer Name = ASUS_LAPTOP | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 118250 Error - 19.07.2010 13:20:06 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828, fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b. Error - 19.07.2010 13:52:52 | Computer Name = ASUS_LAPTOP | Source = MsiInstaller | ID = 11719 Description = Product: Adobe Reader Chinese Traditional Fonts -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error - 19.07.2010 14:37:27 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung otl.exe, Version 3.2.9.1, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x18804e7c. Error - 19.07.2010 15:04:53 | Computer Name = ASUS_LAPTOP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung otl.exe, Version 3.2.9.1, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x18804e7c. [ OSession Events ] Error - 30.11.2008 12:34:38 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18168 seconds with 300 seconds of active time. This session ended with a crash. Error - 19.12.2008 01:33:10 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 486 seconds with 180 seconds of active time. This session ended with a crash. Error - 22.01.2009 04:40:25 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 704 seconds with 300 seconds of active time. This session ended with a crash. Error - 25.03.2009 03:45:32 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19637 seconds with 240 seconds of active time. This session ended with a crash. Error - 19.04.2009 06:28:31 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1626 seconds with 60 seconds of active time. This session ended with a crash. Error - 06.10.2009 08:08:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5739 seconds with 240 seconds of active time. This session ended with a crash. Error - 11.12.2009 07:46:48 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10606 seconds with 180 seconds of active time. This session ended with a crash. Error - 17.12.2009 03:08:28 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3274 seconds with 300 seconds of active time. This session ended with a crash. Error - 04.02.2010 02:32:30 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57008 seconds with 3480 seconds of active time. This session ended with a crash. Error - 04.03.2010 12:55:39 | Computer Name = ASUS_LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27168 seconds with 120 seconds of active time. This session ended with a crash. [ System Events ] Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034 Description = Dienst "nTune Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034 Description = Dienst "TeamViewer 5" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.07.2010 14:56:53 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034 Description = Dienst "StarWind AE Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.07.2010 14:56:54 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7034 Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 19.07.2010 14:56:55 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 19.07.2010 14:56:55 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 19.07.2010 15:07:28 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 19.07.2010 15:07:30 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 Error - 19.07.2010 20:25:03 | Computer Name = ASUS_LAPTOP | Source = SRService | ID = 104 Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen. Error - 19.07.2010 20:25:05 | Computer Name = ASUS_LAPTOP | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%2 [ TuneUp Events ] Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 25.03.2009 08:56:50 | Computer Name = ASUS_LAPTOP | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > Code:
ATTFilter OTL logfile created on: 20.07.2010 02:38:46 - Run 2 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Tristan\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 565,00 Mb Available Physical Memory | 55,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 72,67 Gb Total Space | 5,56 Gb Free Space | 7,65% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1,89 Gb Total Space | 1,58 Gb Free Space | 83,75% Space Free | Partition Type: FAT F: Drive not present or media not loaded Drive G: | 3,73 Gb Total Space | 1,18 Gb Free Space | 31,75% Space Free | Partition Type: FAT32 Drive H: | 74,53 Gb Total Space | 0,57 Gb Free Space | 0,77% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive M: | 279,39 Gb Total Space | 21,82 Gb Free Space | 7,81% Space Free | Partition Type: FAT32 Computer Name: ASUS_LAPTOP Current User Name: Tristan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\UltraMon\UltraMonTaskbar.exe (Realtime Soft Ltd) PRC - C:\Programme\UltraMon\UltraMon.exe (Realtime Soft Ltd) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) PRC - C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) PRC - C:\WINDOWS\ATK0100\ATKOSD.exe () PRC - C:\WINDOWS\ATK0100\HControl.exe () PRC - C:\Programme\FlashMute\flashmute.exe () PRC - C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll (Microsoft Corporation) MOD - C:\Programme\UltraMon\RTSUltraMonHook.dll (Realtime Soft Ltd) MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd) MOD - C:\WINDOWS\system32\msi.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\FlashMute\mutelib.dll () MOD - C:\WINDOWS\system32\nview.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TeamViewer5) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Windows SteadyState) -- C:\Programme\Windows SteadyState\SCTSvc.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (nTuneService) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (zlportio) -- C:\Spiele\UltraStar Deluxe\zlportio.sys File not found DRV - (TSP) -- C:\WINDOWS\System32\DRIVERS\klif.sys File not found DRV - (SANDRA) -- C:\Programme\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\Sandra.sys File not found DRV - (s24trans) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys File not found DRV - (RTCore32) -- C:\Dokumente und Einstellungen\Tristan\Desktop\Downloads\rmclock_235_bin\RTCore32.sys File not found DRV - (naecd) -- C:\DOKUME~1\Tristan\LOKALE~1\Temp\naecd.sys File not found DRV - (EagleNT) -- C:\WINDOWS\System32\drivers\EagleNT.sys File not found DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys File not found DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (epmntdrv) -- C:\WINDOWS\system32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\WINDOWS\system32\EuGdiDrv.sys () DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (nhcDriverDevice) -- C:\WINDOWS\system32\drivers\nhcDriver.sys (pBUS-167 Software - hxxp://www.pbus-167.com) DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.) DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (UltraMonUtility) -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys (Realtime Soft Ltd) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys (Alcohol Soft Co., Ltd.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (NVR0Dev) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.) DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation) DRV - (MPD16USB) -- C:\WINDOWS\system32\drivers\MPD16USB.sys (AKAI Professional LLC) DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (BDA_Loader_225) -- C:\WINDOWS\system32\drivers\BDA_Loader_225.sys (WideView Technology Inc.) DRV - (BDA_Capture_225) -- C:\WINDOWS\system32\drivers\BDA_Capture_225.sys (WideViewer Electronics CO., LTD) DRV - (WDM_Capture_225) -- C:\WINDOWS\system32\drivers\WDM_Capture_225.sys (Computer & Entertainment, Inc.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (Cam5603D) -- C:\WINDOWS\system32\drivers\BisonCam.sys (Bison Electronics. Inc. ) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ATKACPI.sys () DRV - (R592) -- C:\WINDOWS\system32\DRIVERS\R592.sys (REDC) DRV - (risdpntk) -- C:\WINDOWS\system32\DRIVERS\risdpntk.sys (REDC) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation ) DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/#!/?ref=home IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.isnichwahr.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.22 FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2 FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.5 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.03 12:17:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.19 20:29:00 | 000,000,000 | ---D | M] [2008.07.21 19:56:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Extensions [2010.07.19 20:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions [2010.07.07 09:55:37 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.04.20 16:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.02.04 15:44:52 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2009.08.26 08:06:59 | 000,000,000 | ---D | M] (TableTools) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{7C7F5C11-4ACD-4CDB-9293-2E3F46654E2A} [2010.01.19 17:21:17 | 000,000,000 | ---D | M] (Context Search) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF} [2009.09.21 15:48:51 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42} [2010.05.15 15:49:08 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.07.15 18:04:57 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.08.03 00:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} [2010.07.17 13:10:50 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.23 10:05:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.07.15 18:04:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\autopager@mozilla.org [2010.02.12 22:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.11.28 15:13:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\firefox@tvunetworks.com [2009.08.11 18:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\moveplayer@movenetworks.com [2010.07.17 13:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\extensions\staged-xpis [2009.08.24 21:37:12 | 000,005,318 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\com-searchde.xml [2009.09.19 11:05:43 | 000,001,699 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\transfermarktde.xml [2009.10.09 03:22:33 | 000,004,153 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Mozilla\Firefox\Profiles\5wfrgxn2.default\searchplugins\youtube.xml [2010.07.19 20:12:53 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.19 19:05:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.19 19:04:39 | 000,423,656 | ---- | M] (Oracle) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.03 12:17:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.03 12:17:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.03 12:17:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.03 12:17:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.03 12:17:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.02.24 22:50:21 | 000,000,972 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com O1 - Hosts: 127.0.0.1 www.alcohol-soft.com O1 - Hosts: 127.0.0.1 images.alcohol-soft.com O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com O1 - Hosts: 127.0.0.1 alcohol-soft.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [XboxStat] c:\Programme\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [FlashMute] C:\Programme\FlashMute\flashmute.exe () O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2009.06.11 11:26:43 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{1C94C999-15D2-4C75-9A73-BCC8A677D42E}\IcoUltraMon.ico () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.de/scan_de/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} hxxp://simcity.ea.com/play/classic/SimCityX.cab (SimCityX Control) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://www.arcadetown.com/swf/popcap/popcaploader_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\nView_Wallpaper\PerMonitorWallpaper0.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2008.05.09 06:19:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.19 17:05:21 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.07.19 17:05:22 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT ] O32 - AutoRun File - [2010.07.19 17:05:24 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010.07.19 17:05:22 | 000,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.07.19 17:05:24 | 000,000,000 | RHSD | M] - M:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.19 22:02:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\Malwarebytes [2010.07.19 22:02:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.19 22:02:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.19 22:02:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.19 22:02:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.19 20:35:44 | 000,000,000 | ---D | C] -- C:\_OTL [2010.07.19 19:06:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.07.19 19:05:10 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.19 19:05:10 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.19 19:05:09 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.19 19:05:09 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.19 19:05:09 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.19 17:05:21 | 000,000,000 | RHSD | C] -- C:\autorun.inf [2010.07.19 12:16:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.07.18 23:59:09 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe [2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tristan\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.17 12:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.07.17 12:32:01 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2010.07.14 11:58:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.07.10 15:08:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.07.09 19:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.09 19:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.20 02:30:49 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.07.20 02:30:21 | 000,021,876 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.07.20 02:25:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.20 02:24:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.20 02:23:37 | 010,223,616 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\NTUSER.DAT [2010.07.19 22:02:29 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.19 20:35:54 | 001,088,854 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.07.19 20:35:54 | 000,478,288 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.07.19 20:35:54 | 000,436,236 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.07.19 20:35:54 | 000,091,638 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.07.19 20:35:54 | 000,068,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.19 20:29:01 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.07.19 20:00:40 | 001,568,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.19 19:04:37 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.19 19:04:37 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010.07.19 19:04:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010.07.19 19:04:37 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe [2010.07.19 19:04:37 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010.07.19 17:25:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.07.19 16:14:06 | 000,011,250 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Splash Lineup.xlsx [2010.07.19 15:02:33 | 000,132,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Flash_Disinfector.exe [2010.07.19 00:34:06 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\rskhylmd.exe [2010.07.18 23:59:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tristan\Desktop\OTL.exe [2010.07.17 12:32:18 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.15 17:50:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.11 15:01:04 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc [2010.07.10 15:08:32 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk [2010.07.09 16:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.07.04 22:33:58 | 000,108,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.20 03:36:00 | 000,038,545 | ---- | M] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.19 22:02:29 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.19 20:29:01 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.07.19 16:14:05 | 000,011,250 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Splash Lineup.xlsx [2010.07.19 15:02:31 | 000,132,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Flash_Disinfector.exe [2010.07.19 00:34:06 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\rskhylmd.exe [2010.07.17 12:32:18 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.07.11 15:00:46 | 000,045,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Individuelle Reflexion zur Vorlesung.doc [2010.07.10 15:08:32 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\Desktop\Spybot - Search & Destroy.lnk [2010.06.20 03:36:00 | 000,038,545 | ---- | C] () -- C:\Dokumente und Einstellungen\Tristan\.recently-used.xbel [2010.02.12 13:21:24 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2010.02.12 13:21:23 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2010.02.12 13:21:22 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2009.11.30 22:26:59 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.10.01 09:34:54 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI [2009.04.08 03:03:18 | 000,000,012 | ---- | C] () -- C:\WINDOWS\dirsaver.ini [2008.12.18 04:10:25 | 000,000,207 | ---- | C] () -- C:\WINDOWS\acez3dfireplace.ini [2008.12.03 03:38:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2008.07.23 20:24:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008.07.09 22:21:44 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2008.07.09 22:21:41 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2008.07.04 09:32:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008.05.26 18:56:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008.05.21 10:33:38 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2008.05.14 19:29:10 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.05.14 18:53:26 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.05.10 13:22:44 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008.05.09 06:41:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.05.09 06:38:19 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2008.05.09 06:30:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2008.05.09 06:25:36 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2008.05.09 06:25:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2008.05.09 06:23:17 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2008.05.09 06:00:31 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini [2008.05.09 05:58:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys [2007.03.12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2006.09.13 13:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll [2005.03.02 13:12:14 | 000,000,483 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.09.07 16:34:59 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS [2004.09.07 16:34:59 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI < End of report > Geändert von Sane23 (20.07.2010 um 14:18 Uhr) |
21.07.2010, 10:42 | #9 |
/// Malwareteam | iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik Kein weiterer Support möglich Die Nutzung von Cracks, Keygens und Patchs, die das Ziel haben, Bezahlsoftware ohne Bezahlung nutzbar zu machen, ist illegal und wir haben uns darauf geeinigt, dass wir uns nicht der Beihilfe schuldig machen werden. Dieses Forum unterliegt deutschen Gesetzen und die sind diesbezüglich sehr streng. Dass Cracks und Keygens im Wesentlichen dazu dienen, um auf den Computern Malware und Backdoors unterzubringen, ist kein Geheimnis und muss jedem klar sein. Da bleibt mir nichts weiter, als Dir zu empfehlen, in Zukunft auf derlei Software zu verzichten. Mit solcher Software endet der Support und beschränkt sich auf den Hinweis in Zukunft von solchen Sache die Finger zu lassen und das System neu zu installieren. Wenn Du das System neu installiert hast, kannst Du gerne einen neuen Thread eröffnen. Dieser Thread wird geschlossen. |
Themen zu iexplore.exe, Wave-Lautstärke spinnt, IE Pop-Ups, Hintergrundmusik |
antivir, antivir guard, avira, bho, bonjour, browser, cdburnerxp, desktop, einstellungen, firefox, frage, hijackthis, hintergrundmusik, hkus\s-1-5-18, iexplore.exe, internet, internet explorer, logfile, mozilla, neu aufgesetzt, object, plug-in, prozesse, rundll, schlachtmusik, senden, software, system, windows, windows xp |