pc sauber nach flacor.dat?

old-man · 03.08.2010, 16:55

hallo,ich hatte bis vor kurzem den besagten virus und hab ihn mit Malwarebytes entfernt

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4385

Windows 6.0.6000
Internet Explorer 8.0.6001.18882

03.08.2010 16:11:49
mbam-log-2010-08-03 (16-11-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 180317
Laufzeit: 6 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.

nach einem neustart kam die meldung das das angegebene modul flacor.dat nicht gefuden werden könne,diese nachricht konnte ich mit dem CCleaner entfernen
nun das malwarebytes-log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4385

Windows 6.0.6000
Internet Explorer 8.0.6001.18882

03.08.2010 16:38:43
mbam-log-2010-08-03 (16-38-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 179828
Laufzeit: 6 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und die rsit-files

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.08 2010-08-03 16:49:14

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Allods Online 1.0.04.22-->C:\gPotato.eu\Allods Online\uninst.exe
Amazon Toolbar-->regsvr32 /u /s "C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll" 
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchLord-->"C:\Users\Public\Downloads\Webzen\ArchLord\unins000.exe"
ArcSoft Camera Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE6F8DC5-8639-

4E7F-A0FE-EEB0522FCAAC}\Setup.exe" -l0x7 
Ashampoo Magical Snap FREE-->"C:\Program Files\Ashampoo\Ashampoo Magical Snap FREE\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Big Fish Games Center (remove only)-->C:\Big Fish Games\Uninstall.exe
Big Fish Games Sudoku (remove only)-->C:\Big Fish Games\Sudoku\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bounty Bay Online-->"C:\Program Files\Yusho Frogster Games\Bounty Bay Online\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0407
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Chrome SpecForce-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{5233A5FC-F083-4317-96F8-58FBB4020B3A} /l1031 /Z"UNINSTALL"
Cradle of Rome (remove only)-->C:\Big Fish Games\Cradle of Rome\Uninstall.exe
Die Gilde 2 - Gold Edition-->C:\Program Files\Die Gilde 2 - Gold Edition\uninstall.exe
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x7  -removeonly
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x7 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x7 UNINST
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON-Drucker-Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Firebird SQL Server - MAGIX Edition-->C:\Program Files\MAGIX\Common\Database\unwise.exe
FirstSteps Diagnostics-->MsiExec.exe /X{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}
flatster-->"C:\Program Files\flatster\unins000.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
FreePDF (Remove only)-->C:\Program Files\FreePDF_XP\fpsetup.exe /r
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)-->C:\Windows\SQL9_KB970892_ENU\Hotfix.exe /Uninstall
GPL Ghostscript 8.70-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.70\uninstal.txt"
Guild 2 Patch-->MsiExec.exe /I{E9E09EAA-0FF8-42A1-ACAB-67F2A691E50F}
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-

5EB1-4881-8EDB-082532ACEC6D}\Setup.exe" -l0x7 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ 

REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-

4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LastChaosGER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{99A37AC7-E724-4621-B167-500B5A52B69C}\setup.exe" -l0x9  -removeonly
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0007 -removeonly
Luxor Amun Rising (remove only)-->C:\Big Fish Games\Luxor Amun Rising\Uninstall.exe
Mahjong Towers Eternity EU (remove only)-->C:\Big Fish Games\Mahjong Towers Eternity EU\Uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{7FB12670-0F93-4E1E-B2F5-4F339199A03A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{849A32C3-E75A-4791-9B11-E568BA3525A4}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MindManager X5 Viewer-->MsiExec.exe /I{C4BB8237-3778-4DA8-9843-2410618F6748}
Mozilla Firefox (3.6.8)-->C:\ProgramData\uninstall\helper.exe
Mozilla Thunderbird (3.0.4)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyDSC2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-

98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x9 
Mystery Case Files - Prime Suspects (remove only)-->C:\Big Fish Games\Mystery Case Files - Prime Suspects\Uninstall.exe
NAVIGON Fresh 2.0.0-->C:\Program Files\NAVIGON\NAVIGON Fresh\uninst.exe
Nero 8 Essentials-->MsiExec.exe /X{6803A6E6-48FF-48AB-B558-7B651BBE1031}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA GAME System Software 2.8.1-->MsiExec.exe /I{4F0C7CCF-5666-474B-B02E-AC514A95EC93}
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
OpenAL-->"C:\Program Files\OpenAL\Oalinst.exe" /U
phonostar-Player Version 2.01.2-->"C:\Program Files\phonostar\unins000.exe"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD

-B1F1-0C86DA40E443}\SETUP.EXE" -l0x7 anything
PixiePack Codec Pack-->MsiExec.exe /I{9C450606-ED24-4958-92BA-B8940C99D441}
Poker Superstars II (remove only)-->C:\Big Fish Games\Poker Superstars II\Uninstall.exe
PrintParade Studio-->C:\PROGRA~1\PRINTP~1\UNWISE.EXE C:\PROGRA~1\PRINTP~1\INSTALL.LOG
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Rakion International-->"C:\Program Files\Softnyx\RakionIS\unins000.exe"
Rappelz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01A8838A-9469

-425F-A5FB-FC14D4CF93B9}\setup.exe" -l0x7  -removeonly
RealPopup-->"C:\Program Files\RealPopup\unins000.exe"
Recovery Toolbox for RAR 1.1-->"C:\Program Files\Recovery Toolbox for RAR\unins000.exe"
Redmark Vereinsverwaltung easy-->MsiExec.exe /I{06A75F9F-BB8B-4548-93F8-621A183536D2}
RedMon - Redirection Port Monitor-->C:\Windows\system32\unredmon.exe
Runes of Magic-->"C:\ONLINE-GAMES\Runes_of_Magic\Runes of Magic\unins000.exe"
SA32xx Device Manager-->C:\Program Files\InstallShield Installation Information\{7CDC26F7-D6BF-442A-B599-0075A48310F7}\setup.exe -runfromtemp -l0x0007 -removeonly
SA32xx Media Converter-->C:\Program Files\InstallShield Installation Information\{D57ACD92-6A27-43BB-B3AE-894930940D41}\setup.exe -runfromtemp -l0x0007 -removeonly
SAMSUNG Android USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\Shrewsbury\SSADUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6_old\SSBCUninstall.exe
Samsung Mobile Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7\SSECUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\Windows\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Modem V2 Software-->C:\Windows\system32\Samsung_USB_Drivers\3_6810\SSCEUninstall.exe
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Download Driver Software-->C:\Windows\system32\Samsung_USB_Drivers\NXP_Driver\SSDUUninstall.exe
SAMSUNG Mobile USB Driver-->MsiExec.exe /I{7184F382-8A6C-4B85-A3AC-B63734B1E241}
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
Samsung Mobile USB Modem Device Software-->C:\Windows\system32\Samsung_USB_Drivers\7_681B\SECUUninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung New PC Studio-->"C:\Program Files\InstallShield Installation Information\{F193FC0E-9E18-40FC-A974-509A1BDD240A}\setup.exe" -runfromtemp -l0x0407 -removeonly
Samsung New PC Studio-->MsiExec.exe /X{F193FC0E-9E18-40FC-A974-509A1BDD240A}
SAMSUNG SYMBIAN USB Download Driver-->C:\Program Files\SAMSUNG\SYMBIAN USB Download Driver\Uninstall.exe
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-

4441-A3E5-EB6977251C86}\Setup.exe"  anything
SAMSUNG USB Mobile Device Software-->C:\Windows\system32\Samsung_USB_Drivers\6\SS_BUninstall.exe
SamsungConnectivityCableDriver-->MsiExec.exe /X{7E84FAC8-C518-40F9-9807-7455301D6D25}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-

59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-

BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-

6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Synkron 1.6.1-->"C:\Program Files\Synkron\unins000.exe"
TeamDrive-->MsiExec.exe /X{1E7FDC95-FD1D-4552-8AE0-FEBD8BE44514}
TeamDrive-->MsiExec.exe /X{42FDC670-AF90-45F6-9B39-6930DF79502C}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TIPP10 Version 2.0.1-->"C:\Users\Timo\Downloads\Tipp10\unins000.exe"
TMPGEnc DVD Author 3 with DivX Authoring-->MsiExec.exe /I{26771121-732D-481F-BDDB-F965E7983BE8}
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Ulead VideoStudio SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\Setup.exe" -l0x7 
Unlocker 1.8.9-->C:\Program Files\Unlocker\uninst.exe
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-

3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
USB2.0 Capture Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation 

Information\{E337B156-DF81-48D8-8977-B1574EE87BCF}\Setup.exe" -l0x7 
Vereinsverwaltung easy 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C97A5CA-

A130-4988-9FAA-273632ED4CBF}\Setup.exe" 
VideoCam Suite 2.0-->C:\Program Files\InstallShield Installation Information\{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}\setup.exe -runfromtemp -l0x0007 -removeonly
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Villagers (remove only)-->C:\Big Fish Games\Virtual Villagers\Uninstall.exe
VirtualCom driver-->MsiExec.exe /I{1943A043-5C85-4A16-A0D0-D687B2C1A40F}
Webzen Game Starter-->"C:\Program Files\InstallShield Installation Information\{255FC1CF-2620-4B64-BE02-79B9E609BB3D}\setup.exe" -runfromtemp -l0x0009 -removeonly
WER WIRD MILLIONÄR - JUNIOR-->MsiExec.exe /I{18B0210F-7B11-45C4-9F9D-5366D7160AB0}
Windows Live Anmelde-Assistent-->MsiExec.exe /I{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}
Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\1E28F12B7828B817\DPInst.exe /u C:\Windows\System32

\DriverStore\FileRepository\mbtmdm.inf_afb0631d\mbtmdm.inf
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AntiVir Desktop
AS: AntiVir Desktop
AS: Windows-Defender

======System event log======

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 185766
Source Name: Service Control Manager
Time Written: 20100803144340.000000-000
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 10029
Message: DCOM hat den Dienst TrustedInstaller mit den Argumenten "" gestartet, um den Server auszuführen:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 185767
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100803144449.000000-000
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 7036
Message: Dienst "Windows Modules Installer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 185768
Source Name: Service Control Manager
Time Written: 20100803144449.000000-000
Event Type: Informationen
User: 

Computer Name: ***
Event Code: 4
Message: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht 

lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr 

verfügbar ist.
Record Number: 185769
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100803144503.000000-000
Event Type: Warnung
User: 

Computer Name: ***
Event Code: 4
Message: Der Druckspooler konnte eine vorhandene Druckerverbindung nicht erneut öffnen, weil er die Konfigurationsinformationen aus dem Registrierungsschlüssel S-1-5-18\Printers\Connections nicht 

lesen konnte. Der Druckspooler konnte den Registerierungsschlüssel nicht öffnen. Es könnte sein, dass der Registrierungsschlüssel beschädigt ist oder fehlt oder dass die Registrierung nicht mehr 

verfügbar ist.
Record Number: 185770
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100803144503.000000-000
Event Type: Warnung
User: 

=====Application event log=====

Computer Name: ***
Event Code: 4096
Message: Der AntiVir Dienst wurde erfolgreich gestartet!
Record Number: 185256
Source Name: Avira AntiVir
Time Written: 20100803144115.000000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 4354
Message: Das COM+-Ereignissystem konnte die ConnectionMadeNoQOCInfo-Methode für das Abonnement {C708F205-D87A-4FFC-A3DF-0DBC4627902E}-{00000000-0000-0000-0000-

000000000000}-{00000000-0000-0000-0000-000000000000} nicht auslösen. Das vom Abonnenten zurückgegebene HRESULT war 80040210.
Record Number: 185257
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100803144119.000000-000
Event Type: Warnung
User: 

Computer Name: ***
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 185258
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20100803144208.180256-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: ***
Event Code: 11
Message: Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei 

<h**p://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im 

Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Record Number: 185259
Source Name: Microsoft-Windows-CAPI2
Time Written: 20100803144318.000000-000
Event Type: Fehler
User: 

Computer Name: ***
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 185260
Source Name: SecurityCenter
Time Written: 20100803144318.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: ***
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		***$
	Kontodomäne:		MSHEIMNETZ
	Anmelde-ID:		0x3e7

Anmeldetyp:			2

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-21-152039969-3448965500-3346611246-1000
	Kontoname:		***
	Kontodomäne:		***
	Anmelde-ID:		0x56580c
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0xfd0
	Prozessname:		C:\Windows\System32\consent.exe

Netzwerkinformationen:
	Arbeitsstationsname:	***
	Quellnetzwerkadresse:	::1
	Quellport:		0

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		CredPro
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie 

"Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 185864
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100709181649.118886-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-152039969-3448965500-3346611246-1000
	Kontoname:		***
	Kontodomäne:		***
	Anmelde-ID:		0x5657ff

Berechtigungen:		SeSecurityPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeTakeOwnershipPrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeLoadDriverPrivilege
			SeImpersonatePrivilege
Record Number: 185865
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100709181649.118886-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-152039969-3448965500-3346611246-1000
	Kontoname:		***
	Kontodomäne:		***
	Anmelde-ID:		0x56580c

Anmeldetyp:			2

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur 

zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 185866
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100709181649.119863-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***
Event Code: 4634
Message: Ein Konto wurde abgemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-152039969-3448965500-3346611246-1000
	Kontoname:		***
	Kontodomäne:		***
	Anmelde-ID:		0x5657ff

Anmeldetyp:			2

Dieses Ereignis wird generiert, wenn eine Anmeldesitzung zerstört wird. Es kann anhand des Wertes der Anmelde-ID positiv mit einem Anmeldeereignis korreliert werden. Anmelde-IDs sind nur 

zwischen Neustarts auf demselben Computer eindeutig.
Record Number: 185867
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100709181656.960181-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: ***
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		***$
	Kontodomäne:		MSHEIMNETZ
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		***
	Kontodomäne:		***
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x2ac
	Prozessname:		C:\Windows\System32\consent.exe

Netzwerkinformationen:
	Netzwerkadresse:	::1
	Port:			0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-

Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 185868
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100709181848.866105-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead 

Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------

--- --- ---

und

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by *** at 2010-08-03 16:49:11
Microsoft® Windows Vista™ Home Premium  
System drive C: has 55 GB (18%) free of 311 GB
Total RAM: 2047 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:12, on 03.08.2010
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\***\Desktop\RSIT.exe
C:\Program Files\trend micro\***.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: TBSB04045 - {C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Amazon Toolbar - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-152039969-3448965500-3346611246-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User '***')
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O4 - Startup: TeamDrive2.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - h**p://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - h**p://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - h**p://javadl-esd.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 9858 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{7080964A-3D96-4116-B628-6587E344B0DA}.job
C:\Windows\tasks\User_Feed_Synchronization-{91E93BC7-8B5E-4332-A553-6EF5D16A122C}.job
C:\Windows\tasks\User_Feed_Synchronization-{A85ED906-5250-4E4F-AE1B-4A97B4CABF5C}.job
C:\Windows\tasks\User_Feed_Synchronization-{B6D6128A-3CF1-406B-9062-A041A5B2944C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE}]
TBSB04045 Class - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll [2008-04-14 2433024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2009-05-23 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EEB30C11-DF11-46DF-B763-BAF798CA65F3} - Amazon Toolbar - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll [2008-04-14 2433024]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-10-22 1006264]
"RtHDVCpl"=RtHDVCpl.exe []
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"Skytel"=Skytel.exe []
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"NPSStartup"= []
"FreePDF Assistant"=C:\Program Files\FreePDF_XP\fpassist.exe [2009-09-05 385024]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-10 1232896]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-10-01 107864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe [2002-09-11 401408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhonostarTimer]
C:\Program Files\phonostar\ps_timer.exe [2009-05-13 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-11 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ServiceLayer]
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe [2002-05-23 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk]
C:\PROGRA~1\PANASO~1\VIDEOC~1\VIDEOC~2.EXE [2009-02-17 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 

Bildschirmausschnitt- und Startprogramm.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
TeamDrive2.lnk - C:\Program Files\TeamDrive2.0\bin\TeamDrive2.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-03 16:49:10 ----D---- C:\rsit
2010-08-03 16:43:23 ----D---- C:\Program Files\trend micro
2010-08-03 16:03:38 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-08-03 16:03:21 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-03 16:03:20 ----D---- C:\ProgramData\Malwarebytes
2010-08-03 16:03:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-03 16:03:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-01 15:57:16 ----D---- C:\Program Files\ESET
2010-08-01 15:28:50 ----D---- C:\Windows\BDOSCAN8
2010-07-25 12:51:06 ----D---- C:\ProgramData\updates
2010-07-24 18:20:18 ----D---- C:\ProgramData\NOS
2010-07-24 18:20:18 ----D---- C:\Program Files\NOS
2010-07-08 18:24:42 ----D---- C:\ProgramData\searchplugins
2010-07-08 16:57:33 ----D---- C:\Users\***\AppData\Roaming\gamigo
2010-07-08 16:56:06 ----D---- C:\Users\***\AppData\Roaming\Martial Empires Luancher OBT
2010-07-08 16:56:06 ----D---- C:\Users\***\AppData\Roaming\launcher
2010-07-08 16:44:45 ----D---- C:\Gamigo
2010-07-04 11:16:59 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 1 months======

2010-08-03 16:49:09 ----D---- C:\Windows\Temp
2010-08-03 16:43:34 ----D---- C:\Windows\Prefetch
2010-08-03 16:43:23 ----RD---- C:\Program Files
2010-08-03 16:13:56 ----D---- C:\Windows\system32\drivers
2010-08-03 16:13:56 ----D---- C:\Windows\schemas
2010-08-03 16:03:20 ----HD---- C:\ProgramData
2010-08-03 16:01:18 ----D---- C:\Windows\tracing
2010-08-03 15:50:37 ----D---- C:\Windows\Minidump
2010-08-03 15:50:37 ----D---- C:\Windows\Debug
2010-08-03 15:50:37 ----D---- C:\Windows
2010-08-03 15:46:16 ----D---- C:\Program Files\CCleaner
2010-08-03 15:34:59 ----SHD---- C:\System Volume Information
2010-08-03 15:28:45 ----D---- C:\Windows\system32\catroot2
2010-08-02 21:44:31 ----D---- C:\Windows\System32
2010-08-02 21:44:31 ----D---- C:\Windows\inf
2010-08-02 21:44:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-02 11:26:05 ----D---- C:\Downloads
2010-08-01 15:57:19 ----SD---- C:\Windows\Downloaded Program Files
2010-07-29 13:40:36 ----D---- C:\ProgramData\uninstall
2010-07-29 13:40:33 ----D---- C:\ProgramData\res
2010-07-29 13:40:33 ----D---- C:\ProgramData\plugins
2010-07-29 13:40:33 ----D---- C:\ProgramData\modules
2010-07-29 13:40:33 ----D---- C:\ProgramData\greprefs
2010-07-29 13:40:33 ----D---- C:\ProgramData\components
2010-07-29 13:40:33 ----D---- C:\ProgramData\chrome
2010-07-29 13:40:33 ----A---- C:\ProgramData\xul.dll
2010-07-29 13:40:29 ----A---- C:\ProgramData\xpcom.dll
2010-07-29 13:40:29 ----A---- C:\ProgramData\updater.ini
2010-07-29 13:40:29 ----A---- C:\ProgramData\updater.exe
2010-07-29 13:40:29 ----A---- C:\ProgramData\ssl3.dll
2010-07-29 13:40:29 ----A---- C:\ProgramData\sqlite3.dll
2010-07-29 13:40:28 ----A---- C:\ProgramData\softokn3.dll
2010-07-29 13:40:28 ----A---- C:\ProgramData\smime3.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\plugin-container.exe
2010-07-29 13:40:26 ----A---- C:\ProgramData\plds4.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\plc4.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\platform.ini
2010-07-29 13:40:26 ----A---- C:\ProgramData\nssutil3.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\nssdbm3.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\nssckbi.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\nss3.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\nspr4.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\mozcrt19.dll
2010-07-29 13:40:26 ----A---- C:\ProgramData\mozcpp19.dll
2010-07-29 13:40:25 ----A---- C:\ProgramData\js3250.dll
2010-07-29 13:40:25 ----A---- C:\ProgramData\freebl3.dll
2010-07-29 13:40:25 ----A---- C:\ProgramData\firefox.exe
2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter-override.ini
2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter.ini
2010-07-29 13:40:24 ----A---- C:\ProgramData\crashreporter.exe
2010-07-29 13:40:21 ----A---- C:\ProgramData\README.txt
2010-07-29 13:40:21 ----A---- C:\ProgramData\application.ini
2010-07-29 13:40:21 ----A---- C:\ProgramData\AccessibleMarshal.dll
2010-07-26 14:20:06 ----D---- C:\Windows\rescache
2010-07-26 12:05:08 ----D---- C:\Windows\ShellNew
2010-07-26 11:20:22 ----D---- C:\Windows\winsxs
2010-07-25 12:23:25 ----SD---- C:\ProgramData\Microsoft
2010-07-07 17:23:41 ----SHD---- C:\$Recycle.Bin
2010-07-07 17:23:25 ----RD---- C:\Users
2010-07-05 20:48:49 ----D---- C:\Users\***\AppData\Roaming\TeamDrive
2010-07-04 11:17:28 ----SHD---- C:\Windows\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-13 691696]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-12-15 5632]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-08-04 278728]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-08-04 25416]
R2 RMCAST;RMCAST (Pgm)-Protokolltreiber; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-09-21 36608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-03 11573800]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-12-20 234016]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2007-10-22 82688]
S3 ayhxfym0;ayhxfym0; C:\Windows\system32\drivers\ayhxfym0.sys []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2009-06-17 63248]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2009-06-17 79248]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SQTECH905C;DualCamera; C:\Windows\System32\Drivers\Capt905c.sys [2006-01-26 34686]
S3 StkAMini;Syntek STK1150; C:\Windows\System32\Drivers\StkAMini.sys [2006-09-27 241628]
S3 StkScan;Syntek STK1150 Filter Driver; C:\Windows\System32\Drivers\StkScan.sys [2006-08-02 4772]
S3 usbaudio;USB-Audiotreiber (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 usbscan;USB-Scannertreiber; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 XDva352;XDva352; \??\C:\Windows\system32\XDva352.sys []
S3 XDva356;XDva356; \??\C:\Windows\system32\XDva356.sys []
S4 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2007-07-12 305176]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\system32\bgsvcgen.exe [2007-06-15 145504]
R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-10-01 238952]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-05-18 66872]
R2 SQLBrowser;SQL Server-Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 StkASSrv;Syntek STK1150 Service; C:\Windows\System32\StkASv2K.exe [2006-05-24 24576]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-09-28 49152]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-16 382248]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-12-16 3453712]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UPnPService;UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S4 MSSQLServerADHelper;Hilfsdienst von SQL Server für Active Directory; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]

-----------------EOF-----------------

--- --- ---
und ich wollte nun wissen ob mein pc sauber ist

Larusso · 03.08.2010, 18:30

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button drücken.
- Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User: müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Hacken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Remove found threads" und "Scan archives".
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

old-man · 04.08.2010, 18:06

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

so, hier das log-file,ist das alles ?

Larusso · 04.08.2010, 19:35

eigentlich nicht

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

old-man · 06.08.2010, 15:14

hier das log-file

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 6, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 05, 2010 14:32:50
Records in database: 4144846
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan statistics:
Objects scanned: 336400
Threats found: 1
Infected objects found: 3
Suspicious objects found: 0
Scan duration: 05:30:42

File name / Threat / Threats count
C:\Jürgen\IncrediMail Data.cab Infected: Email-Worm.Win32.FreeTrip.ag 1
C:\TMP\IncrediMail Data.cab Infected: Email-Worm.Win32.FreeTrip.ag 1
C:\Users\Lenz\AppData\Local\IM\Identities\{098AE047-712A-4C7D-B785-5B5EBB113641}\Message Store\Attachments\mytpt21t4.zip Infected: Email-Worm.Win32.FreeTrip.ag 1

Selected area has been scanned.

Larusso · 06.08.2010, 15:48

Irgendwelche Probleme ?

old-man · 06.08.2010, 20:29

Nein, bis jetzt keine mehr.

Larusso · 06.08.2010, 20:32

Dann checken wir noch ein bisschen durch

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

old-man · 08.08.2010, 12:30

Schritt 1
hier die OTL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.08.2010 13:05:30 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 51,25 Gb Free Space | 16,90% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 142,63 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BUERO
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.07 17:37:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2009.10.01 12:58:26 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.09.05 18:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe
PRC - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
PRC - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 14:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.10.22 19:19:25 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkASv2K.exe
PRC - [2005.08.11 15:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) -- c:\program files\common files\installshield\updateservice\isuspm.exe
PRC - [2005.06.10 04:44:02 | 000,618,496 | R--- | M] (InstallShield Software Corporation) -- C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
PRC - [2005.06.10 04:44:02 | 000,081,920 | R--- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.07 17:37:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2007.10.22 20:18:55 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20656_none_463680b8218be5a3\comctl32.dll
MOD - [2006.11.02 11:44:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.12.16 19:26:00 | 003,453,712 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.10.01 12:58:26 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.21 15:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009.05.13 17:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.11.24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008.11.24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008.11.24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2007.10.22 19:19:25 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.06.15 13:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.09.28 11:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.24 08:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkASv2K.exe -- (StkASSrv)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva356.sys -- (XDva356)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva352.sys -- (XDva352)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.13 14:08:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.20 10:53:32 | 000,234,016 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.12.15 20:37:25 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.12.07 18:23:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.09.21 10:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.08.04 21:43:38 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.08.04 21:43:37 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.05.11 11:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 11:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.05.10 03:21:06 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.03.08 17:47:42 | 000,013,824 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETGEARUHOST.sys -- (NETGEARUHOST)
DRV - [2006.11.28 05:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006.11.28 05:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.09.27 05:01:36 | 000,241,628 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006.08.17 16:04:12 | 000,037,120 | ---- | M] (SerComm) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETGEARUHUB.sys -- (NETGEARUHUB)
DRV - [2006.08.17 16:04:04 | 000,011,648 | ---- | M] (SerComm) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETGEARUCOMP.sys -- (NETGEARUCOMP)
DRV - [2006.08.02 08:44:04 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkScan.sys -- (StkScan)
DRV - [2006.07.05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006.02.20 20:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2006.01.26 14:21:04 | 000,034,686 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Capt905c.sys -- (SQTECH905C)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\ProgramData\components [2010.07.29 13:40:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\ProgramData\plugins [2010.08.05 19:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.16 18:29:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.04.27 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.05 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mgpv39s3.default\extensions
[2010.08.05 19:25:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mgpv39s3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.06.15 18:42:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (TBSB04045 Class) - {C6BFC16B-D6FF-47EB-B5D7-F91FB78F94CE} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Amazon Toolbar) - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Amazon Toolbar) - {EEB30C11-DF11-46DF-B763-BAF798CA65F3} - C:\Program Files\IEToolbar\Amazon Toolbar\amazon.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PS121v2] C:\Program Files\NETGEAR\PS121v2\PS121v2.exe ()
O4 - HKLM..\Run: [RtHDVCpl]  File not found
O4 - HKLM..\Run: [Skytel]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk = C:\Program Files\TeamDrive2.0\bin\TeamDrive2.exe (TeamDrive Systems GmbH)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} </title> <script language="JavaScript" type="text/javascript" src="/ocom/groups/systemobject/@mktg_admin/documents/webcontent/oraclelib.js"> </script> <style type="text/css"> HTML,BODY,TD,H1,H2,H3,H4,OL,UL,DL,LI,DT,DD {font-family:arial,helvetica,san (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.161 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b3c8250-8a1f-11dc-85aa-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b3c8250-8a1f-11dc-85aa-806e6f6e6963}\Shell\AutoRun\command - "" = E:\menu.exe -- File not found
O33 - MountPoints2\{7fa4c7dc-2e99-11df-8f61-00192148ef11}\Shell - "" = AutoRun
O33 - MountPoints2\{7fa4c7dc-2e99-11df-8f61-00192148ef11}\Shell\AutoRun\command - "" = L:\FrameworkCheck.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.MPEGacm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoCam Suite 2.0.lnk - C:\PROGRA~1\PANASO~1\VIDEOC~1\VIDEOC~2.EXE - (Panasonic Corporation)
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DataLayer - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Nokia Tray Application - hkey= - key= - C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe (Nokia Mobile Phones)
MsConfig - StartUpReg: PhonostarTimer - hkey= - key= - C:\Program Files\phonostar\ps_timer.exe (phonostar)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: ServiceLayer - hkey= - key= - C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe (Nokia Mobile Phones)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.07 17:23:53 | 000,013,824 | ---- | C] (SerComm) -- C:\Windows\System32\drivers\NETGEARUHOST.sys
[2010.08.07 17:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\NETGEAR
[2010.08.06 20:08:39 | 000,011,648 | ---- | C] (SerComm) -- C:\Windows\System32\NETGEARUCOMP.sys
[2010.08.06 20:08:39 | 000,011,648 | ---- | C] (SerComm) -- C:\Windows\System32\drivers\NETGEARUCOMP.sys
[2010.08.06 20:04:28 | 000,037,120 | ---- | C] (SerComm) -- C:\Windows\System32\NETGEARUHUB.sys
[2010.08.06 20:04:28 | 000,037,120 | ---- | C] (SerComm) -- C:\Windows\System32\drivers\NETGEARUHUB.sys
[2010.08.05 19:22:29 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.05 19:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.03 16:49:10 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.03 16:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.03 16:03:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.03 16:03:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.03 16:03:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.03 16:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.03 16:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 15:57:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.01 15:28:50 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.07.25 12:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\updates
[2010.07.24 18:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010.07.24 18:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010.07.08 18:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\searchplugins
[2010.07.08 16:57:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gamigo
[2010.07.08 16:56:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Martial Empires Luancher OBT
[2010.07.08 16:56:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\launcher
[2010.07.08 16:44:45 | 000,000,000 | ---D | C] -- C:\Gamigo
[2010.07.04 12:18:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\FreePDF_XP
[2010.06.25 17:17:34 | 000,718,296 | ---- | C] (Mozilla Foundation) -- C:\ProgramData\mozcpp19.dll
[2010.06.25 17:17:34 | 000,014,808 | ---- | C] (Mozilla Corporation) -- C:\ProgramData\plugin-container.exe
[2010.06.14 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.06.13 11:26:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.06.09 20:18:52 | 000,000,000 | ---D | C] -- C:\Program Files\Pegasys Inc
[2010.06.06 22:23:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.06.06 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\TeamDrive2.5
[2010.05.25 19:17:48 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.05.25 19:17:48 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.05.25 19:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010.05.25 19:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Future Games
[2010.05.18 20:11:25 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010.05.18 19:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Whiz
[2010.05.18 19:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.08 13:06:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 13:06:58 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.08 13:04:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7080964A-3D96-4116-B628-6587E344B0DA}.job
[2010.08.08 13:04:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B6D6128A-3CF1-406B-9062-A041A5B2944C}.job
[2010.08.08 13:04:59 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{91E93BC7-8B5E-4332-A553-6EF5D16A122C}.job
[2010.08.08 13:03:45 | 002,883,584 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2010.08.08 12:10:08 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A85ED906-5250-4E4F-AE1B-4A97B4CABF5C}.job
[2010.08.08 12:07:34 | 000,097,333 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.08 12:07:33 | 000,097,333 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.08 12:07:10 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.08.08 12:06:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.08 12:06:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.08 12:06:48 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.07 17:50:21 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.07 17:12:22 | 004,682,406 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.06 20:32:54 | 000,698,076 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.06 20:32:54 | 000,656,652 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.06 20:32:54 | 000,140,146 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.06 20:32:54 | 000,121,368 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.06 20:32:53 | 001,609,420 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.06 19:53:26 | 000,088,424 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.03 16:14:14 | 000,321,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.03 16:03:24 | 000,000,855 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.03 15:46:16 | 000,000,841 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.07.29 13:40:36 | 000,001,211 | ---- | M] () -- C:\ProgramData\updates.xml
[2010.07.29 13:40:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\active-update.xml
[2010.07.29 13:40:29 | 000,467,928 | ---- | M] (sqlite.org) -- C:\ProgramData\sqlite3.dll
[2010.07.29 13:40:29 | 000,000,701 | ---- | M] () -- C:\ProgramData\updater.ini
[2010.07.29 13:40:29 | 000,000,003 | ---- | M] () -- C:\ProgramData\update.locale
[2010.07.29 13:40:28 | 000,000,478 | ---- | M] () -- C:\ProgramData\softokn3.chk
[2010.07.29 13:40:27 | 000,016,246 | ---- | M] () -- C:\ProgramData\removed-files
[2010.07.29 13:40:26 | 000,000,478 | ---- | M] () -- C:\ProgramData\nssdbm3.chk
[2010.07.29 13:40:26 | 000,000,141 | ---- | M] () -- C:\ProgramData\platform.ini
[2010.07.29 13:40:25 | 001,015,768 | ---- | M] () -- C:\ProgramData\js3250.dll
[2010.07.29 13:40:25 | 000,000,478 | ---- | M] () -- C:\ProgramData\freebl3.chk
[2010.07.29 13:40:24 | 000,004,296 | ---- | M] () -- C:\ProgramData\crashreporter.ini
[2010.07.29 13:40:24 | 000,000,705 | ---- | M] () -- C:\ProgramData\crashreporter-override.ini
[2010.07.29 13:40:24 | 000,000,115 | ---- | M] () -- C:\ProgramData\dependentlibs.list
[2010.07.29 13:40:21 | 000,031,393 | ---- | M] () -- C:\ProgramData\LICENSE
[2010.07.29 13:40:21 | 000,002,530 | ---- | M] () -- C:\ProgramData\blocklist.xml
[2010.07.29 13:40:21 | 000,002,126 | ---- | M] () -- C:\ProgramData\application.ini
[2010.07.29 13:40:21 | 000,000,220 | ---- | M] () -- C:\ProgramData\browserconfig.properties
[2010.07.29 13:40:21 | 000,000,000 | ---- | M] () -- C:\ProgramData\.autoreg
[2010.07.08 18:24:43 | 000,001,451 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.07 17:27:31 | 000,000,793 | ---- | M] () -- C:\Users\***\Desktop\Synkron.lnk
[2010.06.30 17:11:48 | 000,001,405 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2010.06.09 20:19:43 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\TMPGEnc DVD Author 3 with DivX Authoring.lnk
[2010.06.06 17:27:52 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\TeamDrive.lnk
[2010.05.25 19:17:48 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.05.25 19:17:48 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.05.18 19:39:34 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.18 19:39:34 | 000,022,328 | ---- | M] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.05.18 19:39:11 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2010.05.11 15:43:27 | 000,000,001 | ---- | M] () -- C:\Windows\System32\SI.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.06 20:08:39 | 000,001,474 | ---- | C] () -- C:\Windows\System32\NETGEARUCOMP.inf
[2010.08.06 20:04:28 | 000,001,434 | ---- | C] () -- C:\Windows\System32\NETGEARUHUB.inf
[2010.08.03 16:03:24 | 000,000,855 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.29 13:40:36 | 000,001,211 | ---- | C] () -- C:\ProgramData\updates.xml
[2010.07.29 13:40:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\active-update.xml
[2010.07.29 13:40:24 | 000,000,115 | ---- | C] () -- C:\ProgramData\dependentlibs.list
[2010.07.07 17:27:31 | 000,000,793 | ---- | C] () -- C:\Users\***\Desktop\Synkron.lnk
[2010.06.30 17:11:48 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Heroes of Might & Magic 5.LNK
[2010.06.27 10:46:45 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.06.09 20:19:43 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\TMPGEnc DVD Author 3 with DivX Authoring.lnk
[2010.06.07 10:55:50 | 000,097,333 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.06.07 10:55:49 | 000,097,333 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.06.06 17:27:52 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\TeamDrive.lnk
[2010.05.18 19:39:34 | 000,022,328 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.05.18 19:39:11 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010.05.11 15:43:27 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SI.bin
[2010.03.13 14:08:30 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.06 19:36:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.12.15 21:15:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.15 21:15:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.15 19:51:14 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.29 22:04:01 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.08.29 22:03:10 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.08.04 21:43:38 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.04 21:43:37 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.02 11:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.01.05 14:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008.09.01 22:16:37 | 000,002,793 | ---- | C] () -- C:\Windows\RBuilder.ini
[2008.07.19 12:39:33 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.06.15 18:50:38 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.04 18:39:34 | 000,002,560 | ---- | C] () -- C:\Windows\System32\ViaClassCoInstaller.dll
[2007.12.31 14:58:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007.12.31 14:58:02 | 000,552,960 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007.11.17 13:42:56 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2008.07.13 16:28:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AD ON Multimedia
[2010.03.13 14:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.01.22 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Desktopicon
[2008.12.01 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EleFun Desktops
[2009.12.29 11:45:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2010.07.08 17:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gamigo
[2009.12.16 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth
[2010.07.08 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\launcher
[2009.08.29 22:04:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.07.08 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Martial Empires Luancher OBT
[2009.12.16 18:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Matus Tomlein
[2009.12.21 15:27:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2009.12.21 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2009.06.08 21:21:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar-Player
[2009.12.15 21:15:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.07.05 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamDrive
[2008.06.15 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Toolbars
[2009.12.31 00:12:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2010.08.07 17:50:23 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.08 13:04:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7080964A-3D96-4116-B628-6587E344B0DA}.job
[2010.08.08 13:04:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{91E93BC7-8B5E-4332-A553-6EF5D16A122C}.job
[2010.08.08 12:10:08 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A85ED906-5250-4E4F-AE1B-4A97B4CABF5C}.job
[2010.08.08 13:04:59 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{B6D6128A-3CF1-406B-9062-A041A5B2944C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008.01.19 09:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007.10.22 18:48:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009.12.15 21:00:53 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.08.06 20:09:00 | 000,000,170 | ---- | M] () -- C:\Driver.log
[2010.07.04 12:18:33 | 000,001,080 | ---- | M] () -- C:\fpRedmon.log
[2007.11.27 19:03:17 | 000,000,059 | ---- | M] () -- C:\hfv.gef
[2010.08.08 12:06:48 | 2146,754,560 | -HS- | M] () -- C:\hiberfil.sys
[2007.10.22 19:54:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007.10.22 19:54:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.08 12:06:47 | 2460,680,192 | -HS- | M] () -- C:\pagefile.sys
[2008.07.20 13:26:19 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2007.10.22 18:50:04 | 000,001,283 | ---- | M] () -- C:\Prodlog.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 14:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008.12.12 12:19:10 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007.10.22 19:34:36 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007.10.22 18:48:16 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007.10.22 18:48:14 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007.10.22 18:48:16 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007.10.22 18:48:22 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007.10.22 18:48:23 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2007.10.22 19:47:30 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2006.11.02 11:46:14 | 000,178,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-05 17:11:09
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:4FF9FD44
< End of report >

--- --- ---

old-man · 08.08.2010, 12:32

und hier die Extras.txt

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.08.2010 13:05:30 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,35 Gb Total Space | 51,25 Gb Free Space | 16,90% Space Free | Partition Type: NTFS
Drive D: | 150,69 Gb Total Space | 142,63 Gb Free Space | 94,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BUERO
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\ProgramData\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [SynkronDelete] -- "C:\Program Files\Synkron\Synkron.exe" "-delete" "%1" ()
Directory [SynkronRename] -- "C:\Program Files\Synkron\Synkron.exe" "-rename" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0029E5A0-0C6B-41C0-9507-78691500F0AD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{09967A52-E37B-48C4-9732-1BED3C7E83F7}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{1047072B-C54D-4718-9C3C-6D2DA39DCC95}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1C296BE6-81F8-4067-A36E-2D227A68455D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{24FAE9BE-B8A0-4867-8C11-5D4ED302E2BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{28F64556-4FA3-457A-9EDD-B9A738BD9FBA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2E6FDD67-2A94-45A6-8AFC-E2D156B57C9D}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{3C87CB4B-33E0-4B51-9168-C081FF01718B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{41E38DFC-252B-4548-BC0C-FC93F37F18AF}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{520E315D-B0B0-44C8-B057-0BA64FBD88C1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{53106AC0-B7CD-4535-98FD-5C0B3528763B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D85D999-CFC8-41EC-B3CB-82B50D19621B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{61455234-B8C5-444C-9776-BF2276BAC3AB}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{679E1577-9CF6-480F-9F75-54BB65142923}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{71EDD224-AF45-4B0E-8B17-4763D49633F0}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{76ABC1CA-C631-4DB7-8703-2AC65A34F1A5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{830AF5D8-479B-4E43-84E7-5D03CDA1D5A9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{93239853-AD9B-4D69-9383-6A573BAD2651}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{93B42E87-4025-453E-AD00-568A91E47452}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A257388F-BCFB-4FF9-81BA-FB32970BA929}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{B0987116-7232-413A-BC74-E487E5DA98EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B780704F-E825-4F2F-960F-9292AAECCA63}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC7D83D7-4F2B-44E7-9814-29C208A1C5B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D0823529-F8C3-43E7-BA84-26AD72B0536A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E791F508-106C-4184-A468-5F816FA0C069}" = rport=138 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{027DB1E1-87C9-47CE-93A7-2D219B2D4CFC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{072B3508-8847-41F3-A007-962617962C09}" = protocol=6 | dir=in | app=c:\demos\steam\steam.exe | 
"{0B4FFE63-AD5F-40E3-8697-4D9E9841D7C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0FCDA598-A643-4962-8C56-730F2AA82F56}" = protocol=17 | dir=in | app=c:\demos\steam\steam.exe | 
"{10B9C232-6584-4596-BC40-9917E92BA376}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{10F26A58-D2D8-494A-B3F9-0F4740AAF84E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{13687405-1552-4ADC-9C23-40DBF77363B4}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{22587780-54DE-43E0-8B45-1D6F4278D660}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{23325AA0-5F10-473B-9BE8-0A4B6380BD0C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{26F5D548-50D9-4994-B7D1-9F39C926AC10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{374F7D5D-34CB-4C4D-AA23-F17055EB365D}" = protocol=6 | dir=in | app=c:\online-games\gpotato.eu\rappelz\launcher.exe | 
"{3C1B3674-6190-4D22-AE81-06E3F0152348}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4427830C-4ED6-419B-9457-11F31E1684C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{463E3BA2-2C8C-4A73-B277-A52E277243D1}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{4B01D465-D8BA-4242-9B02-E1800ADBFBF0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{4E05425B-24FA-418D-9D59-DCE531B79722}" = protocol=6 | dir=in | app=c:\online-games\unreal tournament 3\binaries\ut3.exe | 
"{5BBAB34A-BFBA-4EBF-8F44-8BEF184E05B4}" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_start.exe | 
"{5D3C9D94-06F9-4FCD-8C7F-975B3733E863}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5E956A44-C3E5-4B1E-9D84-ED6CC5CF428F}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{65DB644D-7A19-4FE6-8178-3DDA22E1147E}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 
"{66E92191-18C9-4B36-BB23-67D4F03318DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{67BAD6DC-E83D-43EC-B287-A6054B73DFD2}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{77632480-8FEF-499A-B990-C9BDB141E7EA}" = protocol=6 | dir=out | app=system | 
"{79DC7C62-D682-4B06-B66B-33D758092AA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7B8DCA60-D121-49BF-BCD5-BC3BEC56EAAA}" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_agent.exe | 
"{838990EA-D928-4A4C-BEB0-3CFA380CA41B}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{84390C5C-79F7-40FA-892D-5A25B150EE94}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{8599AC97-3A80-4BB1-9C08-4724227F18E3}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{87B9ECCE-5408-43AA-8178-9D4CF5F24BAC}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 
"{888F5937-A730-4357-B0B7-48EF881996B1}" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_start.exe | 
"{8FD52F49-81AD-46AC-8C8F-C2316BF19E65}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{91C74968-7FB0-4760-A845-DEACD21D0556}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{98B5F24E-48A6-4734-A0BB-963F88D112EB}" = protocol=17 | dir=in | app=c:\users\public\downloads\programme\xlziw.exe | 
"{98E4DBC7-325C-4CF1-A5D2-3EA6A912E37A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A19B32B5-FE0B-4C10-BB42-7CBF6832A503}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{A4225F0D-4B73-474E-B215-14AB5DE03226}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{A5157C0B-A20B-4A8E-AB1F-527B526CAD82}" = protocol=17 | dir=in | app=c:\online-games\gpotato.eu\rappelz\launcher.exe | 
"{A57622EF-D28D-48A2-84BA-33E0652BB77F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{AA6A7F6B-5FCE-465A-9A4F-DED4F4150C16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AB3DCC60-8A53-4E95-82B4-16B436F039C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B085B711-9161-480E-97D9-C3592B1B071D}" = protocol=6 | dir=in | app=c:\users\public\downloads\programme\xlziw.exe | 
"{B303AF0F-B545-4825-9F2F-1972A1D4E132}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B40B64C5-5A3E-4939-96B3-4BF9BEFC6AA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BDF6122B-4779-44C2-81CA-30EBCA08176D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C0C95EEC-001C-4A3C-9AC0-D969AA4A89D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C7E4B74E-4C09-449D-9254-4314F820130B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4A27B24-1C21-44E9-B3B9-E1FCE19D62D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D8E1D8EE-0986-47D7-ABEA-E76FD76AEA9B}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{DDB1310C-2ED0-4711-924A-D0EEF8AE1726}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{E36B0919-4CA2-4CFA-BA6D-ACC4F1F4405C}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{E7FFBF82-F01E-479F-8288-7D223DFCB4EE}" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_agent.exe | 
"{EAA3722E-E84B-4080-BBFE-102E6EBC72EE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F15B009D-509E-4A49-B89B-70427B6CD646}" = protocol=17 | dir=in | app=c:\online-games\unreal tournament 3\binaries\ut3.exe | 
"{F44E5A60-07FB-438B-9842-D706CACA5947}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F7D114C6-D1D0-4DE3-B761-B458737FE648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FCF245B1-3D1A-459F-80C2-42DF7E5EBD03}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FD7B22B2-55ED-4926-8C4F-1B36A3B9D250}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{0AB2768F-0F07-455D-A1A8-D487A880915B}C:\users\public\downloads\programme\yuleech-runesofmagic2_0_1_1821-de.exe" = protocol=6 | dir=in | app=c:\users\public\downloads\programme\yuleech-runesofmagic2_0_1_1821-de.exe | 
"TCP Query User{116D9AE5-22A1-4787-ACB6-3B8133A04E54}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=6 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin | 
"TCP Query User{1851EE8E-9C42-4A8A-B100-1BD7B267D38B}C:\***\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\***\warcraft iii\war3.exe | 
"TCP Query User{2B51EA52-2C37-49F5-AE40-DBE75B004C21}C:\program files\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
"TCP Query User{2DBFDA15-C627-4843-BCAF-C870730E230F}C:\users\public\downloads\left4dead\left4dead.exe" = protocol=6 | dir=in | app=c:\users\public\downloads\left4dead\left4dead.exe | 
"TCP Query User{3D41E005-98A7-4B61-8877-8EAEB0BE100B}C:\program files\intervideo\winrip\winrip.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\winrip\winrip.exe | 
"TCP Query User{58B4981C-37D3-488E-A792-33F9B1C3B6BC}C:\program files\phonostar\ps_olect.exe" = protocol=6 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"TCP Query User{667CB1C0-2B7A-4BB3-9814-30FCDF985CE2}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{70106B52-6853-4440-B629-628E21AEC886}L:\parabellum beta\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=l:\parabellum beta\binaries\parabellumthegame.exe | 
"TCP Query User{7B478806-E9A4-4FC8-A019-BF50F1DF3701}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\vyjqjkff\yuleech-bbo_de_setup_0_21_exe[1].exe" = protocol=6 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\vyjqjkff\yuleech-bbo_de_setup_0_21_exe[1].exe | 
"TCP Query User{8F6AAA8F-F409-43B1-94C4-40490758DA6E}C:\users\timo\parabellum beta\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=c:\users\timo\parabellum beta\binaries\parabellumthegame.exe | 
"TCP Query User{BEB17EFB-4824-40A6-861C-23FB410F88A8}C:\demos\ubisoft\demo\die siedler 7 demo\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\demos\ubisoft\demo\die siedler 7 demo\data\base\_dbg\bin\release\settlers7r.exe | 
"TCP Query User{D3041ECA-C224-4111-B2F4-3246E90E6BD2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{E10B6660-C93B-4FB5-9D7C-DF113C8AA08E}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"TCP Query User{E29AD242-DC3A-4F83-AA77-0DA2FF455900}C:\users\public\downloads\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\users\public\downloads\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{F211E095-EEAF-44E5-9AB2-54B772724460}C:\program files\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\program files\synkron\synkron.exe | 
"TCP Query User{F5301B28-E264-45B4-B4B3-D6EE52A1A720}C:\program files\techland\chrome specforce\specforce.exe" = protocol=6 | dir=in | app=c:\program files\techland\chrome specforce\specforce.exe | 
"TCP Query User{FD46708D-DD32-419D-98C0-FB4413A5E4FC}C:\online-games\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\online-games\metin2\metin2.bin | 
"UDP Query User{049F3E14-36C9-4D9F-A9BF-0ECA8C3B8753}C:\program files\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\program files\synkron\synkron.exe | 
"UDP Query User{1926D7DD-2479-4EEA-8ADF-9DD06B62A47E}C:\program files\phonostar\ps_olect.exe" = protocol=17 | dir=in | app=c:\program files\phonostar\ps_olect.exe | 
"UDP Query User{1DC841FD-5298-4627-85D6-25B75BCB8030}C:\users\public\downloads\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\users\public\downloads\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{3581CAAA-A63F-45AF-A34B-99836B520376}C:\program files\softnyx\rakionis\bin\rakion.bin" = protocol=17 | dir=in | app=c:\program files\softnyx\rakionis\bin\rakion.bin | 
"UDP Query User{4519A56A-782D-4002-A08D-8DD99E364863}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{4A34FA7D-227E-46D4-9F8C-0A2CE84D5639}C:\program files\intervideo\winrip\winrip.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\winrip\winrip.exe | 
"UDP Query User{4A704E6D-DC21-4103-A716-69DA071946F0}C:\users\public\downloads\left4dead\left4dead.exe" = protocol=17 | dir=in | app=c:\users\public\downloads\left4dead\left4dead.exe | 
"UDP Query User{4ECB667D-7B1E-467D-ACA0-58BCFE65E23D}C:\demos\ubisoft\demo\die siedler 7 demo\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\demos\ubisoft\demo\die siedler 7 demo\data\base\_dbg\bin\release\settlers7r.exe | 
"UDP Query User{591C8B8B-6B7C-4225-A7E4-802911E183C9}L:\parabellum beta\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=l:\parabellum beta\binaries\parabellumthegame.exe | 
"UDP Query User{6A7A922D-9055-43E0-859C-456CBFA8E91C}C:\***\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\***\warcraft iii\war3.exe | 
"UDP Query User{84865B7F-067E-4EE6-B17F-D16473BF17C0}C:\program files\techland\chrome specforce\specforce.exe" = protocol=17 | dir=in | app=c:\program files\techland\chrome specforce\specforce.exe | 
"UDP Query User{9866D3D1-7718-48B4-92F2-BC916A170A6F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{9FAFF13B-391C-47C7-A386-EA1F17D2AD63}C:\online-games\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\online-games\metin2\metin2.bin | 
"UDP Query User{A3EBFFE9-A86C-43A0-808D-44A7A1306CF7}C:\users\public\downloads\programme\yuleech-runesofmagic2_0_1_1821-de.exe" = protocol=17 | dir=in | app=c:\users\public\downloads\programme\yuleech-runesofmagic2_0_1_1821-de.exe | 
"UDP Query User{A63AD27B-CF94-418E-BF35-6E79C464307E}C:\users\timo\parabellum beta\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=c:\users\timo\parabellum beta\binaries\parabellumthegame.exe | 
"UDP Query User{F28D8DFF-A18E-4490-B32F-3DB66862E341}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | 
"UDP Query User{F2E3ECAE-46A1-435D-A997-0AEC34986BD3}C:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\vyjqjkff\yuleech-bbo_de_setup_0_21_exe[1].exe" = protocol=17 | dir=in | app=c:\users\***\appdata\local\microsoft\windows\temporary internet files\content.ie5\vyjqjkff\yuleech-bbo_de_setup_0_21_exe[1].exe | 
"UDP Query User{FE5C3A01-7B1C-48D2-BAC6-3601277D5FE8}C:\program files\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdmwi.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01A8838A-9469-425F-A5FB-FC14D4CF93B9}" = Rappelz
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06A75F9F-BB8B-4548-93F8-621A183536D2}" = Redmark Vereinsverwaltung easy
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0ADF1B89-17EA-489C-86DF-6E33DA8520A6}_is1" = flatster
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1104E2E0-9378-455d-9E0E-6235A4E52DB0}_is1" = ArchLord
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1650594B-3979-48DB-B8F2-4634CAA872A3}_is1" = Bounty Bay Online
"{172EE9D0-AB46-4056-897A-7040C4D6DE4A}" = Nokia PC Suite 5.0
"{18B0210F-7B11-45C4-9F9D-5366D7160AB0}" = WER WIRD MILLIONÄR - JUNIOR
"{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
"{1C97A5CA-A130-4988-9FAA-273632ED4CBF}" = Vereinsverwaltung easy 7.0
"{1E7FDC95-FD1D-4552-8AE0-FEBD8BE44514}" = TeamDrive
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{24E7B19B-EA09-483F-8735-97DD371E861B}" = SA32xx Media Converter
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26771121-732D-481F-BDDB-F965E7983BE8}" = TMPGEnc DVD Author 3 with DivX Authoring
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42FDC670-AF90-45F6-9B39-6930DF79502C}" = TeamDrive
"{451B332F-E2A7-4F69-B1ED-99C99BDB9C2F}" = NetGear PS121v2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{5233A5FC-F083-4317-96F8-58FBB4020B3A}" = Chrome SpecForce
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CDC26F7-D6BF-442A-B599-0075A48310F7}" = SA32xx Device Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{80AC6A5B-DD0D-408E-A442-F8C057EFA44A}" = Rawether
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99A37AC7-E724-4621-B167-500B5A52B69C}" = LastChaosGER
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 2.0
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE6F8DC5-8639-4E7F-A0FE-EEB0522FCAAC}" = ArcSoft Camera Suite
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C4BB8237-3778-4DA8-9843-2410618F6748}" = MindManager X5 Viewer
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D57ACD92-6A27-43BB-B3AE-894930940D41}" = SA32xx Media Converter
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E337B156-DF81-48D8-8977-B1574EE87BCF}" = USB2.0 Capture Device
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E9E09EAA-0FF8-42A1-ACAB-67F2A691E50F}" = Guild 2 Patch
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Magical Snap FREE_is1" = Ashampoo Magical Snap FREE
"AstrumNival Allods" = Allods Online 1.0.04.22
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CCleaner" = CCleaner
"Cradle of Rome" = Cradle of Rome (remove only)
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem  (01/26/2008 2.6.0.0)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Free Download Manager_is1" = Free Download Manager 3.0
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{5233A5FC-F083-4317-96F8-58FBB4020B3A}" = Chrome SpecForce
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NAVIGON Fresh" = NAVIGON Fresh 2.0.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"phonostarRadioPlayer_is1" = phonostar-Player Version 2.01.2
"Poker Superstars II" = Poker Superstars II (remove only)
"PrintParade Studio" = PrintParade Studio
"Rakion International_is1" = Rakion International
"RealPopup_is1" = RealPopup
"Recovery Toolbox for RAR_is1" = Recovery Toolbox for RAR 1.1
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Android USB Modem" = SAMSUNG Android USB Modem Software
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"TBSB04045.TBSB04045Toolbar" = Amazon Toolbar
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TIPP10_is1" = TIPP10 Version 2.0.1
"Tomlein.Synkron_is1" = Synkron 1.6.1
"Unlocker" = Unlocker 1.8.9
"Virtual Villagers" = Virtual Villagers (remove only)
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2010 16:50:27 | Computer Name = Buero | Source = EventSystem | ID = 4609
Description = 
 
Error - 07.08.2010 08:18:12 | Computer Name = Buero | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.08.2010 10:19:09 | Computer Name = Buero | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.08.2010 11:12:18 | Computer Name = Buero | Source = EventSystem | ID = 4621
Description = 
 
Error - 07.08.2010 11:12:20 | Computer Name = Buero | Source = EventSystem | ID = 4609
Description = 
 
Error - 07.08.2010 11:15:45 | Computer Name = Buero | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 07.08.2010 11:23:26 | Computer Name = Buero | Source = WerSvc | ID = 5007
Description = 
 
Error - 07.08.2010 11:23:28 | Computer Name = Buero | Source = VSS | ID = 8194
Description = 
 
Error - 08.08.2010 06:09:58 | Computer Name = Buero | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 08.08.2010 07:06:59 | Computer Name = Buero | Source = WerSvc | ID = 5007
Description = 
 
[ Media Center Events ]
Error - 17.04.2008 09:13:18 | Computer Name = Buero | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
 gescheitert.
 
[ OSession Events ]
Error - 31.01.2010 08:32:44 | Computer Name = Buero | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1538
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.08.2010 16:40:09 | Computer Name = Buero | Source = Print | ID = 6161
Description = Das Dokument Testseite im Besitz von *** konnte nicht auf dem Drucker
 Netzwerkdrucker gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken,
 oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 1.008. Größe der Spooldatei
 in Bytes: 327680. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments:
 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\BUERO. Vom Druckprozessor
 zurückgegebener Win32-Fehlercode: 2250. Diese Netzwerkverbindung ist nicht vorhanden.

 
Error - 06.08.2010 16:42:20 | Computer Name = Buero | Source = Print | ID = 6161
Description = Das Dokument Testseite im Besitz von *** konnte nicht auf dem Drucker
 Netzwerkdrucker gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken,
 oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 1.008. Größe der Spooldatei
 in Bytes: 327680. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments:
 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\BUERO. Vom Druckprozessor
 zurückgegebener Win32-Fehlercode: 2250. Diese Netzwerkverbindung ist nicht vorhanden.

 
Error - 06.08.2010 16:44:23 | Computer Name = Buero | Source = Print | ID = 6161
Description = Das Dokument Testseite im Besitz von *** konnte nicht auf dem Drucker
 Netzwerkdrucker gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken,
 oder starten Sie den Druckspooler erneut.   Datentyp: NT EMF 1.008. Größe der Spooldatei
 in Bytes: 327680. Anzahl der gedruckten Bytes: 0. Gesamtanzahl der Seiten des Dokuments:
 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\BUERO. Vom Druckprozessor
 zurückgegebener Win32-Fehlercode: 2250. Diese Netzwerkverbindung ist nicht vorhanden.

 
Error - 07.08.2010 11:27:43 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "NETGEAR Network USB Composite Device" (USB\Vid_04b8&Pid_082e\LG8030609201110280_NGNU)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 07.08.2010 11:27:43 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "USB-Massenspeichergerät" (USB\Vid_04b8&Pid_082e&MI_02\3&3a33b5a3&0&0002)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 07.08.2010 11:27:43 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "EPSON Stylus Storage USB Device" (USBSTOR\Disk&Ven_EPSON&Prod_Stylus_Storage&Rev_1.00\4&4950abc&0&LG8030609201110280&0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 07.08.2010 11:33:00 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "NETGEAR Network USB Composite Device" (USB\Vid_04b8&Pid_082e\LG8030609201110280_NGNU)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 07.08.2010 11:33:00 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "USB-Massenspeichergerät" (USB\Vid_04b8&Pid_082e&MI_02\3&3a33b5a3&0&0002)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 07.08.2010 11:33:00 | Computer Name = Buero | Source = PlugPlayManager | ID = 12
Description = Das Gerät "EPSON Stylus Storage USB Device" (USBSTOR\Disk&Ven_EPSON&Prod_Stylus_Storage&Rev_1.00\4&4950abc&0&LG8030609201110280&0)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 08.08.2010 06:07:58 | Computer Name = Buero | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

old-man · 08.08.2010, 12:33

Schritt 2
hier die checkup.txt

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java 2 Runtime Environment, SE v1.4.2
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3 - Deutsch
Mozilla Firefox (3.6.8)
Mozilla Thunderbird (3.0.4) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MSASCui.exe
OnlineDiagnostic TestManager TestHandler.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Larusso · 08.08.2010, 13:28

Warum kein SP1 und SP2 installiert ?

Starte bitte Thunderbird --> Extras --> Einstellungen ---> Erweitert.
Wechsle in den Reiter Update und gehe sicher das Thunderbird nach Updates sucht und installiere diese auch.

old-man · 08.08.2010, 13:59

2007 Microsoft Office Suite Service Pack 1 (SP1)

Installationsdatum: ‎18.‎12.‎2007 12:47

Installationsstatus: Erfolgreich

Windows Vista Service Pack 1 (KB936330)

Installationsdatum: ‎19.‎03.‎2008 12:03

Installationsstatus: Erfolgreich

Sicherheitsupdate für SQL Server 2005 Service Pack 2 (KB948109)

Installationsdatum: ‎09.‎07.‎2008 10:37

Installationsstatus: Erfolgreich

Sicherheitsupdate für SQL Server 2005 Service Pack 2 (KB960089)

Installationsdatum: ‎13.‎02.‎2009 15:05

Installationsstatus: Erfolgreich

2007 Microsoft® Office Suite Service Pack 2 (SP2)

Installationsdatum: ‎06.‎05.‎2009 20:13

Installationsstatus: Erfolgreich

Updatetyp: Wichtig

usw, usw.

Bis heute jedes automatisch MicroSaft-Update autom. install.

Ich weis nicht warum das nicht angezeigt wird.

Thunderbird wird von mir nicht genutzt, könnte ich auch deinstall.

Larusso · 08.08.2010, 14:04

Deine Entscheidung. Installiere mal Sp2

old-man · 08.08.2010, 19:09

Sp2 ist jetzt auch installiert.

06.08.2010, 15:48	#6
Larusso /// Selecta Jahrusso	pc sauber nach flacor.dat? Irgendwelche Probleme ? __________________ --> pc sauber nach flacor.dat?

08.08.2010, 14:04	#14
Larusso /// Selecta Jahrusso	pc sauber nach flacor.dat? Deine Entscheidung. Installiere mal Sp2 __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

pc sauber nach flacor.dat?

Log-Analyse und Auswertung: pc sauber nach flacor.dat?