Internet Explorer öffnet sich automatisch

grunickel · 23.08.2010, 11:35

Hallo

Seit dem ich Mozilla Firefox nutze, um ins Internet zu kommen, öffnet sich der IE in unregelmäßigen Abständen mit unterschiedlichen Seiten. Es ist eigentlich nie die selbe.

Ich habe mal versucht nach eurer Anleitung das Logfile einzufügen.
Falls ihr mir irgendwas erklären müsst... Ich habe so gut wie keine Ahnung.
Habe auch schon in den anderen Beiträgen geschaut, aber irgendwie blicke ich da nicht durch.

Ich danke euch schonmal für eure Hilfe.
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:05, on 23.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Users\tuwar04\AppData\Roaming\SystemProc\lsass.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Windows\system32\conime.exe
C:\Program Files\ICQ7.2\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\tuwar04\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHP7KIAF\HiJackThis[1].exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://w*w.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {07F32725-86DD-405A-B16B-3D044C640BA3} - C:\Windows\system32\dnshc32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0744.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [RTHDBPL] C:\Users\tuwar04\AppData\Roaming\SystemProc\lsass.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O13 - Gopher Prefix: 
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - h**p://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278975623625
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - h**p://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,,C:\Windows\system32\dmvdsitf32.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Update Service (gupdate1c98cd0178f5b46) (gupdate1c98cd0178f5b46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Olivetti Monitor Service (olMntrService) - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
 
--
End of file - 11788 bytes

--- --- ---

cosinus · 23.08.2010, 18:57

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

grunickel · 24.08.2010, 11:24

Ok, also erst einen Vollscan mit Malwarebytes und diesen Log posten und dann gleich im Anschluß den Systemscan mit OTL. Und die Logfile dann auch gleich posten?

Richtig?

Also hier schon mal die Logdatei von Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4469

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

24.08.2010 15:29:00
mbam-log-2010-08-24 (15-29-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|K:\|)
Durchsuchte Objekte: 435676
Laufzeit: 1 Stunde(n), 33 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 4
Infizierte Dateien: 17

Infizierte Speicherprozesse:
C:\Users\tuwar04\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07f32725-86dd-405a-b16b-3d044c640ba3} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07f32725-86dd-405a-b16b-3d044c640ba3} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07f32725-86dd-405a-b16b-3d044c640ba3} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Tracur) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\369159447 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\dnshc32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dtsh32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\tuwar04\Documents\Usenet.nl\alt.binaries.highspeed\Tuneup Utilities 2009 Incl Key and patch.exe (Trojan.VirTool.Gen) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Roaming\Winntn Services\Winntn Services.exe (Trojan.VirTool.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Free Registry Cleaner For Vista\backuphkcu.REG (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\Program Files\Free Registry Cleaner For Vista\RegCleanerForVista.exe (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\Program Files\Free Registry Cleaner For Vista\unins000.dat (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\Program Files\Free Registry Cleaner For Vista\unins000.exe (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner For Vista\Uninstall Free Registry Cleaner for Vista.lnk (Rogue.FreeRegistryCleanerForVista) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\XX--XX--XX.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\tuwar04\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully.

Bei mir stand nur Scan oder Quick Scan. Nichts von Run Scan.
Ich habe auf Quick Scan gedrückt.
Werde aber auch noch mal auf Scan drücken und das dann im nächsten Fenster posten.
Hier nun das Logfile vom Systemscan mit OTL (Quick Scan).

OTL.TxtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.08.2010 15:50:18 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\tuwar04\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 460,36 Gb Total Space | 321,89 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
Drive D: | 19,67 Gb Total Space | 14,57 Gb Free Space | 74,03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 97,66 Gb Total Space | 54,71 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive K: | 353,81 Gb Total Space | 39,24 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
 
Computer Name: BABY
Current User Name: tuwar04
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tuwar04\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Olivetti\ANY_WAY\olMntrService.exe (Olivetti)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\tuwar04\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (olMntrService) -- C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe (Olivetti)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (oUltraf) -- C:\Users\tuwar04\AppData\Local\Temp\oUltraf.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (DCamUSBNW800) CIF USB Camera (2110) -- C:\Windows\System32\drivers\pcam800.sys (Divio Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 27 F3 07 DD 86 5A 40 B1 6B 3D 04 4C 64 0B A3  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.16 12:07:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 13:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008.11.09 21:53:42 | 000,000,000 | ---D | M]
 
[2010.07.16 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Extensions
[2010.07.16 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.24 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions
[2010.07.22 23:36:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.23 11:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.20 18:18:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\tuwar04\AppData\Roaming\Mozilla\FireFox\Profiles\fbnt7ck7.default\searchplugins\icqplugin.xml
[2010.07.14 21:58:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278975623625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.192.111.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\adialhk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\Windows\system32\dmvdsitf32.dll) - C:\Windows\System32\dmvdsitf32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: K:\=Bilder\111.jpg
O24 - Desktop BackupWallPaper: K:\=Bilder\111.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{80093824-3a32-11de-8a26-0019dbc085cb}\Shell - "" = AutoRun
O33 - MountPoints2\{80093824-3a32-11de-8a26-0019dbc085cb}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.24 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\Malwarebytes
[2010.08.24 13:28:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.24 13:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.24 13:28:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.24 13:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.23 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\Documents\ICQ
[2010.08.23 11:01:38 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.23 11:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.08.23 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\ICQ
[2010.08.23 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\AOL
[2010.08.23 11:00:50 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.08.16 11:32:32 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2010.08.16 11:32:28 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.16 11:32:28 | 000,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.16 11:32:06 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2009
[2010.08.16 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.08.16 11:31:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.08.11 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\Documents\Usenet.nl
[2010.08.11 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\Usenet.nl
[2010.08.11 19:51:52 | 000,000,000 | ---D | C] -- C:\Programme\Usenet.nl
[2010.07.29 07:07:29 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\Nero_AG
[2010.07.16 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\WinRAR
[2010.07.16 18:30:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010.07.14 21:58:53 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\Mozilla
[2010.07.04 20:14:35 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PCSuite
[2010.07.04 20:14:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Nokia
[2010.07.04 20:13:47 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.04 20:13:09 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution
[2010.07.04 19:40:18 | 000,043,136 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\System32\drivers\ser2pl.sys
[2010.07.01 12:16:27 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.06.30 17:16:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.06.30 17:16:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.06.30 17:16:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.06.26 16:48:59 | 000,000,000 | ---D | C] -- C:\SiLabs
[2010.06.26 01:06:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.06.03 12:04:10 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\TeamSpeak 3 Client
[2008.05.22 18:38:15 | 030,016,682 | ---- | C] (Steganos GmbH) -- C:\Programme\sss2008int.exe
[3 C:\Users\tuwar04\Documents\*.tmp files -> C:\Users\tuwar04\Documents\*.tmp -> ]
[2 C:\Users\tuwar04\*.tmp files -> C:\Users\tuwar04\*.tmp -> ]
[1 C:\Users\tuwar04\Desktop\*.tmp files -> C:\Users\tuwar04\Desktop\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.24 15:51:27 | 003,932,160 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT
[2010.08.24 15:51:15 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6D01FAC9-01D4-4585-A534-629445323B78}.job
[2010.08.24 15:41:24 | 001,459,868 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.24 15:41:24 | 000,633,048 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.24 15:41:24 | 000,599,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.24 15:41:24 | 000,129,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.24 15:41:24 | 000,106,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.24 15:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.24 15:35:38 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.24 15:35:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.24 15:34:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:34:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:34:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 15:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 15:34:36 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 15:33:41 | 010,655,264 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.08.24 15:33:41 | 001,482,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.08.24 15:33:41 | 000,086,420 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.08.24 15:33:41 | 000,008,244 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.08.24 15:33:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.24 15:33:14 | 000,524,288 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT{ce38caa1-5c6d-11de-8245-0019dbc085cb}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 15:33:14 | 000,065,536 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT{ce38caa1-5c6d-11de-8245-0019dbc085cb}.TM.blf
[2010.08.24 15:33:12 | 006,291,456 | -H-- | M] () -- C:\Users\tuwar04\AppData\Local\IconCache.db
[2010.08.24 13:28:35 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.23 10:53:04 | 000,442,368 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010.08.20 19:23:09 | 000,001,696 | ---- | M] () -- C:\Users\tuwar04\Desktop\Usenet.nl.lnk
[2010.08.16 11:32:32 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2010.08.16 11:32:26 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2010.08.16 11:32:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.16 11:32:14 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2010.08.12 16:10:13 | 000,226,816 | ---- | M] () -- C:\Users\tuwar04\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.11 03:25:48 | 000,276,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.29 18:55:00 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.29 18:54:59 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.29 07:04:00 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.07.29 07:03:18 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.07.29 07:02:30 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.07.29 07:01:09 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.07.29 07:00:46 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.07.18 12:05:57 | 000,000,138 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971O.manifest
[2010.07.18 12:05:47 | 000,004,055 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971P.manifest
[2010.07.18 12:05:47 | 000,000,051 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971C.manifest
[2010.07.18 12:05:47 | 000,000,011 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971S.manifest
[2010.07.18 12:00:41 | 000,004,055 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971P.manifest
[2010.07.18 11:59:19 | 000,000,817 | ---- | M] () -- C:\ProgramData\607292016
[2010.07.18 11:57:09 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.07.18 10:19:16 | 000,000,649 | -HS- | M] () -- C:\ProgramData\1952635424
[2010.07.18 10:19:02 | 000,000,138 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971O.manifest
[2010.07.18 10:19:02 | 000,000,051 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971C.manifest
[2010.07.18 10:19:02 | 000,000,011 | -HS- | M] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971S.manifest
[2010.07.16 21:14:59 | 000,000,018 | ---- | M] () -- C:\Users\tuwar04\AppData\Roaming\74b28d77
[2010.07.16 18:30:02 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010.07.14 03:01:31 | 000,000,269 | ---- | M] () -- C:\Windows\win.ini
[2010.07.08 14:03:49 | 000,027,136 | ---- | M] () -- C:\Users\tuwar04\Desktop\Ferien 2o1o.doc
[2010.07.05 20:28:36 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.05 20:06:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.07.05 20:06:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.04 20:14:35 | 000,001,925 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.01 12:11:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.07.01 12:11:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.06.30 16:46:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.17 16:41:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[3 C:\Users\tuwar04\Documents\*.tmp files -> C:\Users\tuwar04\Documents\*.tmp -> ]
[2 C:\Users\tuwar04\*.tmp files -> C:\Users\tuwar04\*.tmp -> ]
[1 C:\Users\tuwar04\Desktop\*.tmp files -> C:\Users\tuwar04\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.24 13:28:35 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 11:34:35 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.16 11:32:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.16 11:32:14 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2010.08.11 19:51:53 | 000,001,696 | ---- | C] () -- C:\Users\tuwar04\Desktop\Usenet.nl.lnk
[2010.07.29 07:04:00 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.07.29 07:03:18 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.07.29 07:02:30 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.07.29 07:01:09 | 000,002,376 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.07.29 07:00:46 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.07.18 12:05:47 | 000,004,055 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971P.manifest
[2010.07.18 12:05:47 | 000,000,138 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971O.manifest
[2010.07.18 12:05:47 | 000,000,051 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971C.manifest
[2010.07.18 12:05:47 | 000,000,011 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971S.manifest
[2010.07.18 11:57:09 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.07.16 21:14:59 | 000,000,018 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\74b28d77
[2010.07.16 18:31:12 | 000,000,649 | -HS- | C] () -- C:\ProgramData\1952635424
[2010.07.16 18:31:11 | 000,000,817 | ---- | C] () -- C:\ProgramData\607292016
[2010.07.16 18:30:02 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010.07.16 18:29:39 | 000,004,055 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971P.manifest
[2010.07.16 18:29:39 | 000,000,138 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971O.manifest
[2010.07.16 18:29:39 | 000,000,051 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971C.manifest
[2010.07.16 18:29:39 | 000,000,011 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971S.manifest
[2010.07.05 20:28:36 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.05 20:06:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.07.05 20:06:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.05 20:06:07 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.07.01 12:11:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010.07.01 12:11:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.06.30 16:46:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.06.25 13:58:33 | 000,027,136 | ---- | C] () -- C:\Users\tuwar04\Desktop\Ferien 2o1o.doc
[2010.06.17 16:41:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
[2010.05.03 15:54:43 | 000,000,680 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\d3d9caps.dat
[2010.04.17 05:16:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.07 18:44:47 | 000,000,032 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\xobni_installer_updater.log
[2009.10.08 21:41:51 | 000,005,158 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\froggy_scorebox
[2009.10.08 21:41:51 | 000,000,677 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\pl_accounts.pl_acc
[2009.10.08 21:41:51 | 000,000,556 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Troll.options
[2009.01.30 18:37:54 | 000,031,007 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\UserTile.png
[2008.10.28 19:54:21 | 000,000,246 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\mb3settings.xml
[2008.10.28 19:53:24 | 000,131,200 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Tahoma_12.dds
[2008.10.28 19:53:24 | 000,004,096 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Tahoma_12.crd
[2008.09.22 19:24:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.09.18 15:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2008.09.18 15:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.09.16 17:36:45 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.09.16 16:53:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.05.29 23:56:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.29 20:22:25 | 053,882,532 | ---- | C] () -- C:\Programme\x32_SIMPLE_WAY_R3.34c.rar
[2008.04.29 23:42:46 | 000,226,816 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.29 22:45:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.04.29 22:45:13 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.04.29 22:45:13 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.04.29 20:56:16 | 000,000,254 | ---- | C] () -- C:\Windows\vtmb.ini
[2008.04.29 19:15:57 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.04.29 19:15:57 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.04.28 17:33:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.04.26 19:29:27 | 000,000,172 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\default.pls
[2008.04.26 14:54:07 | 000,000,000 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.04.25 22:05:24 | 000,000,734 | ---- | C] () -- C:\Windows\Sof2.INI
[2008.04.25 20:38:16 | 000,000,097 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.04.25 20:04:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 18:00:51 | 000,000,095 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\fusioncache.dat
[2007.06.19 15:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.06.19 14:58:50 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.04.29 16:23:28 | 000,036,864 | ---- | C] () -- C:\Windows\jpgl.dll
[2002.04.29 16:23:28 | 000,032,768 | ---- | C] () -- C:\Windows\div_iyuv.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== LOP Check ==========
 
[2009.08.14 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Acreon
[2008.10.28 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Alawar
[2009.03.06 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Ashampoo
[2008.05.13 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\cerasus.media
[2008.04.28 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Gearbox Software
[2008.07.01 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\gtk-2.0
[2010.08.23 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\ICQ
[2008.04.25 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\InterTrust
[2008.04.25 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Leadertech
[2008.06.19 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\NCH Swift Sound
[2010.07.22 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Nokia
[2010.07.21 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\PC Suite
[2009.01.30 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\PeerNetworking
[2009.02.13 13:02:25 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Skinux
[2008.05.22 18:42:07 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Steganos
[2009.09.11 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\T-Online
[2010.02.23 01:00:13 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\TS3Client
[2008.05.07 02:34:21 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\TuneUp Software
[2010.08.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Usenet.nl
[2010.08.24 15:28:59 | 000,000,000 | RHSD | M] -- C:\Users\tuwar04\AppData\Roaming\Winntn Services
[2008.10.28 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Zak&Jack
[2010.08.24 15:35:38 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.08.24 15:33:29 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.24 15:51:15 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6D01FAC9-01D4-4585-A534-629445323B78}.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Extras.TxtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.08.2010 15:50:18 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\tuwar04\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 460,36 Gb Total Space | 321,89 Gb Free Space | 69,92% Space Free | Partition Type: NTFS
Drive D: | 19,67 Gb Total Space | 14,57 Gb Free Space | 74,03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 97,66 Gb Total Space | 54,71 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive K: | 353,81 Gb Total Space | 39,24 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
 
Computer Name: BABY
Current User Name: tuwar04
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65DCA89B-B694-4FC0-88C8-574CC98DE166}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{6BC9D625-17A2-4B70-A114-264E3F1C3BC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8F495B15-C7E3-4565-B92F-0915172A0236}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EBB31401-68E1-48D0-9D2B-84947B69F2F4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{ED816650-DA97-4EA7-BBDF-765527D4D464}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141DAEC-9284-4E65-9AAF-B9E8AEB218F8}" = protocol=17 | dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{03BA914F-B656-41EB-B858-D6ACC8AE56F4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{067869B8-C41A-4C00-BF54-D7A3C4B49C81}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{0A2D1DC6-B539-4B67-B626-8458DAE21FC6}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{0DC765F5-D48D-4A5F-BD9C-1F379810E286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21DB4DB5-793E-4040-8532-25AC21038D27}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{2E90B57B-4A39-45A2-B8A4-DD0DC65F9865}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{2FFC0687-7C2C-45BB-B541-0D4568C7B837}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{347221FB-7C07-4A98-AD43-FFA45E15778A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{412F04D3-8DFE-45C0-915B-AA8BD1248026}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"{4335FB27-C8C0-4E16-8BFE-EABC8F217A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{455B88AC-4A32-4690-9799-0C3A28F14DA3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{49F3F911-2FD1-4177-8F43-2AACC3F2A851}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4D50254D-C4AC-459F-AA64-97665CFC0587}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4D96F492-62AF-41F7-981E-B559DA28476F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{4ECF6DAA-8583-4E2C-8A54-C21BF0D75E68}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"{50417147-0572-409A-9748-35ED2A491E17}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{556C8D23-E185-4B2B-A365-9EF4D80B41BC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{5D1F0E54-5D1C-4A82-BEB2-1EC692C49B01}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{600F7351-D72C-414D-A1B4-F4D4C97A4CB8}" = protocol=6 | dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{61B8B8AA-05BC-4C1A-B113-E39D3280CEE1}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{641C5E2A-3A7E-4F53-93C1-0F3AFB94AAF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{6602A268-4907-4A0D-A5AA-EE100B957D02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{707A8D11-67C3-4B0D-98DF-E9B1C0B35A90}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{709F5AF7-1045-4696-83A3-097D3223D06C}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{73576A81-882C-462A-95A9-08211993E7F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe | 
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{7ED8A7E3-0BD9-44EF-AA45-ED5E9654A2CE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"{83854A9E-91C3-4635-84AD-55049DE6DBCF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{862E5302-7B07-4BB4-BB5F-34F8354FF382}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89DA1886-6963-4C5A-84BB-6DC5CFBF939C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{8CFA5A52-D4C1-476C-AD18-8EB252B7C17B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{90FD4598-8F48-4E29-A8DE-511FADB44B63}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe | 
"{925E59E8-5DFA-455C-9334-9DFD4BF7B1BC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{95146918-0250-4B38-B71E-6589FBCBF487}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{97025C50-1891-415D-A6CE-AD5A45D84413}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{99156238-C1A1-4739-A14F-82AD25AA8142}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{A4582EB3-132A-48DD-8B4F-0C36C0E62426}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{A9948078-2BE8-4CF8-8176-86936BB44C9E}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{ABA2E76B-2A9A-4ADD-A5D2-272F6FF9D5C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe | 
"{B564D4E4-9157-4904-8642-D5356F867378}" = protocol=17 | dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{B9A593AF-03D6-4D63-A9D0-9937A8452097}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{BC50E6E5-B279-4225-B04C-67953D2123EF}" = protocol=6 | dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe | 
"{CB5670FF-2825-44DD-A705-B0D9553B47E9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CFD2124C-8E74-4B03-A370-14FFA9D9ACB6}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{D4C6C1B7-AF7F-4557-83E2-3A7C18D3D327}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D69E3BE1-3054-401A-BD8E-00BC774B987A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{E2ED6014-354C-47A2-A14D-1AB1505E0B64}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{E58A3E8E-C077-4F47-ABE4-7FA4F89EF9E9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{EFA26AA8-78D3-4784-8F76-121926009FC9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FA65314A-28D0-4E94-B96C-8F074FE7646D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"{FCE5631F-3DB1-48EB-9A99-6EF7A8B9D6FE}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"TCP Query User{3935B4BF-575C-4EA7-8B3C-6FC4BBE8ACFD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7CB5A57D-7042-4511-AE4E-96E93820988F}H:\setupwizard\stinstall.exe" = protocol=6 | dir=in | app=h:\setupwizard\stinstall.exe | 
"TCP Query User{8E82596A-7F08-4A23-A200-1FE58E958659}C:\spiele\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\launcher.exe | 
"TCP Query User{BD038237-F5C0-41FB-A4F1-58E0E8AD4273}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{2F8EF276-E5C9-4201-86AE-74E8615C1351}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3C71ED62-C604-4AF2-BAA7-0290BB1B4021}H:\setupwizard\stinstall.exe" = protocol=17 | dir=in | app=h:\setupwizard\stinstall.exe | 
"UDP Query User{4E83F864-F2E0-49FB-BC93-25E3FA6BCD81}C:\spiele\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\launcher.exe | 
"UDP Query User{5FD1B7F0-C9DC-4FBE-B910-1BCAEBAF04AD}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel(R) Viiv(TM) Software
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B601690-9508-4AD0-A006-F3AF9CF2B74A}" = SIMPLE_WAY
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1DA8594C-2F14-4491-B155-2BF3A999622D}" = Fire Department 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69E0C313-68AD-4FE0-A85A-3595BB81D6C5}" = Olivetti Toolbox
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5554F9E-702A-49A7-BD52-680AA21E0032}" = Fire Department
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Beetle Ju 2" = Beetle Ju 2
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CIF USB Camera (2110)" = CIF USB Camera (2110)
"Color Eggs II (VOLLVERSION)" = Color Eggs II (VOLLVERSION)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diamond Drop (VOLLVERSION)" = Diamond Drop (VOLLVERSION)
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"Feenzauber" = Feenzauber
"Foxy Jumper 2 (VOLLVERSION)" = Foxy Jumper 2 (VOLLVERSION)
"Free Registry Cleaner for Vista_is1" = Free Registry Cleaner for Vista 1.0
"Fresko (VOLLVERSION)" = Fresko (VOLLVERSION)
"Geheimnis von Montezuma (VOLLVERSION)" = Geheimnis von Montezuma (VOLLVERSION)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Great Mahjong" = Great Mahjong
"Haushaltsbuch2" = Haushaltsbuch2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"Karthago 2" = Karthago 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Moorhuhn - Juwel der Finsternis" = Moorhuhn - Juwel der Finsternis
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mysteryville" = Mysteryville
"Netzmanager" = Netzmanager
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Puzzle Prinz" = Puzzle Prinz
"QuickTime" = QuickTime
"Slim USB2 Scanner" = Slim USB2 Scanner
"Snowy Lunch Rush" = Snowy: Lunch Rush
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Wunderland" = Wunderland
"X10Hardware" = X10 Hardware(TM)
"XobniMain" = Xobni
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.05.2010 14:41:03 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047dd2,  Prozess-ID 0x1740, Anwendungsstartzeit
 01caeedd74f836cb.
 
Error - 09.05.2010 16:52:27 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x580, Anwendungsstartzeit 01caefb985a0efc9.
 
Error - 20.05.2010 07:58:17 | Computer Name = baby | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1280  Anfangszeit: 01caf80bc0a9d785  Zeitpunkt
 der Beendigung: 0
 
Error - 24.05.2010 09:05:27 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x99c, Anwendungsstartzeit
 01cafb3dd8b38ecf.
 
Error - 24.05.2010 13:48:42 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x1490, 
Anwendungsstartzeit 01cafb4e85d3d41f.
 
Error - 25.05.2010 12:53:46 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0004efe3,  Prozess-ID 0x524, Anwendungsstartzeit
 01cafc2ac6320529.
 
Error - 03.06.2010 04:52:09 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x13e0, Anwendungsstartzeit 01cb02fa0b797379.
 
Error - 03.06.2010 06:02:04 | Computer Name = baby | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TeamSpeak
 3 Client\update.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2010 08:04:43 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0xbe0, Anwendungsstartzeit
 01cb03d865be59c0.
 
Error - 07.06.2010 13:52:20 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x13f4, Anwendungsstartzeit 01cb066a29f2d654.
 
[ IntelDH Events ]
Error - 26.04.2008 08:48:14 | Computer Name = baby | Source = CCU_Engine | ID = 17
Description = A CCU interface function returned an error: CCUEngine::StartCCU failed
 to launch a page 
 
Error - 26.04.2008 10:58:30 | Computer Name = baby | Source = AlertService | ID = 17
Description = A CCU interface function returned an error: DataManager::GetData failed
 to retrieve the data 
 
Error - 05.05.2008 09:22:54 | Computer Name = baby | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Shell_NotifyIcon
 failed when trying to hide icon
 
[ System Events ]
Error - 23.08.2010 12:10:21 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:10:51 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:12:07 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:27:18 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:32:20 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:33:02 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:26 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:29 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:36 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:39 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
[ TuneUp Events ]
Error - 24.08.2010 07:28:33 | Computer Name = baby | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-24 13:28:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','4388',0)
 
Error - 24.08.2010 07:28:43 | Computer Name = baby | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-24 13:28:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3244',0)
 
 
< End of report >

--- --- ---

grunickel · 24.08.2010, 15:14

So und das ist das Logfile vom Systemscan von OTL, wenn ich auf Scan drücke.

OTL.TxtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.08.2010 15:59:41 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\tuwar04\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 460,36 Gb Total Space | 321,86 Gb Free Space | 69,91% Space Free | Partition Type: NTFS
Drive D: | 19,67 Gb Total Space | 14,57 Gb Free Space | 74,03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 97,66 Gb Total Space | 54,71 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive K: | 353,81 Gb Total Space | 39,24 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
 
Computer Name: BABY
Current User Name: tuwar04
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tuwar04\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Xobni\XobniService.exe (Xobni Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Olivetti\ANY_WAY\olMntrService.exe (Olivetti)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\tuwar04\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
MOD - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (XobniService) -- C:\Program Files\Xobni\XobniService.exe (Xobni Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (olMntrService) -- C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe (Olivetti)
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (oUltraf) -- C:\Users\tuwar04\AppData\Local\Temp\oUltraf.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (DCamUSBNW800) CIF USB Camera (2110) -- C:\Windows\System32\drivers\pcam800.sys (Divio Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 27 F3 07 DD 86 5A 40 B1 6B 3D 04 4C 64 0B A3  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.16 12:07:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 13:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2008.11.09 21:53:42 | 000,000,000 | ---D | M]
 
[2010.07.16 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Extensions
[2010.07.16 18:22:58 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.24 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions
[2010.07.22 23:36:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.23 11:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.20 18:18:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\tuwar04\AppData\Roaming\mozilla\Firefox\Profiles\fbnt7ck7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\tuwar04\AppData\Roaming\Mozilla\FireFox\Profiles\fbnt7ck7.default\searchplugins\icqplugin.xml
[2010.07.14 21:58:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278975623625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.192.111.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\google\google~2\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\adialhk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\kloehk.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll) - c:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\Windows\system32\dmvdsitf32.dll) - C:\Windows\System32\dmvdsitf32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: K:\=Bilder\111.jpg
O24 - Desktop BackupWallPaper: K:\=Bilder\111.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{80093824-3a32-11de-8a26-0019dbc085cb}\Shell - "" = AutoRun
O33 - MountPoints2\{80093824-3a32-11de-8a26-0019dbc085cb}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.24 13:28:45 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\Malwarebytes
[2010.08.24 13:28:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.24 13:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.24 13:28:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.24 13:28:30 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.23 20:31:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\Documents\ICQ
[2010.08.23 11:01:38 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.08.23 11:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.08.23 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\ICQ
[2010.08.23 11:00:57 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\AOL
[2010.08.23 11:00:50 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.08.16 11:32:32 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2010.08.16 11:32:28 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.08.16 11:32:28 | 000,017,224 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.08.16 11:32:06 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2009
[2010.08.16 11:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2010.08.16 11:31:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.08.11 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\Documents\Usenet.nl
[2010.08.11 19:52:05 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Roaming\Usenet.nl
[2010.08.11 19:51:52 | 000,000,000 | ---D | C] -- C:\Programme\Usenet.nl
[2010.08.11 00:23:56 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 00:23:56 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 00:23:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 00:23:56 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 00:23:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 00:23:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 00:23:55 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:23:55 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 00:23:55 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 00:23:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 00:23:55 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 00:23:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 00:23:55 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 00:23:55 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 00:23:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 00:23:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 00:23:52 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 00:23:51 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 00:23:44 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 00:23:43 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.29 07:07:29 | 000,000,000 | ---D | C] -- C:\Users\tuwar04\AppData\Local\Nero_AG
[2010.07.28 20:45:07 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.07.28 20:44:20 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.07.28 20:43:33 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.07.28 20:42:46 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.07.28 20:42:00 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2008.05.22 18:38:15 | 030,016,682 | ---- | C] (Steganos GmbH) -- C:\Programme\sss2008int.exe
[3 C:\Users\tuwar04\Documents\*.tmp files -> C:\Users\tuwar04\Documents\*.tmp -> ]
[2 C:\Users\tuwar04\*.tmp files -> C:\Users\tuwar04\*.tmp -> ]
[1 C:\Users\tuwar04\Desktop\*.tmp files -> C:\Users\tuwar04\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.24 16:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.24 15:51:27 | 003,932,160 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT
[2010.08.24 15:51:15 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6D01FAC9-01D4-4585-A534-629445323B78}.job
[2010.08.24 15:41:24 | 001,459,868 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.24 15:41:24 | 000,633,048 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.24 15:41:24 | 000,599,450 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.24 15:41:24 | 000,129,386 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.24 15:41:24 | 000,106,686 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.24 15:36:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.24 15:35:36 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.24 15:34:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:34:42 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.24 15:34:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.24 15:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.24 15:34:36 | 2145,533,952 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.24 15:33:41 | 010,655,264 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.08.24 15:33:41 | 001,482,784 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.08.24 15:33:41 | 000,086,420 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.08.24 15:33:41 | 000,008,244 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.08.24 15:33:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.24 15:33:14 | 000,524,288 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT{ce38caa1-5c6d-11de-8245-0019dbc085cb}.TMContainer00000000000000000001.regtrans-ms
[2010.08.24 15:33:14 | 000,065,536 | -HS- | M] () -- C:\Users\tuwar04\NTUSER.DAT{ce38caa1-5c6d-11de-8245-0019dbc085cb}.TM.blf
[2010.08.24 15:33:12 | 006,291,456 | -H-- | M] () -- C:\Users\tuwar04\AppData\Local\IconCache.db
[2010.08.24 13:28:35 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.23 10:53:04 | 000,442,368 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2010.08.20 19:23:09 | 000,001,696 | ---- | M] () -- C:\Users\tuwar04\Desktop\Usenet.nl.lnk
[2010.08.16 11:32:32 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
[2010.08.16 11:32:26 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefragService.exe
[2010.08.16 11:32:14 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.16 11:32:14 | 000,001,627 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2010.08.12 16:10:13 | 000,226,816 | ---- | M] () -- C:\Users\tuwar04\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.11 03:25:48 | 000,276,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.29 18:55:00 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.29 18:54:59 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.29 07:04:00 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.07.29 07:03:18 | 000,002,218 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.07.29 07:02:30 | 000,002,146 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.07.29 07:01:09 | 000,002,376 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.07.29 07:00:46 | 000,002,144 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[3 C:\Users\tuwar04\Documents\*.tmp files -> C:\Users\tuwar04\Documents\*.tmp -> ]
[2 C:\Users\tuwar04\*.tmp files -> C:\Users\tuwar04\*.tmp -> ]
[1 C:\Users\tuwar04\Desktop\*.tmp files -> C:\Users\tuwar04\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.24 13:28:35 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.16 11:34:35 | 000,000,522 | ---- | C] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.16 11:32:14 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.08.16 11:32:14 | 000,001,627 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2010.08.11 19:51:53 | 000,001,696 | ---- | C] () -- C:\Users\tuwar04\Desktop\Usenet.nl.lnk
[2010.07.29 07:04:00 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.07.29 07:03:18 | 000,002,218 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.07.29 07:02:30 | 000,002,146 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.07.29 07:01:09 | 000,002,376 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.07.29 07:00:46 | 000,002,144 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.07.18 12:05:47 | 000,004,055 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971P.manifest
[2010.07.18 12:05:47 | 000,000,138 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971O.manifest
[2010.07.18 12:05:47 | 000,000,051 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971C.manifest
[2010.07.18 12:05:47 | 000,000,011 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\24328a70971S.manifest
[2010.07.16 21:14:59 | 000,000,018 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\74b28d77
[2010.07.16 18:31:12 | 000,000,649 | -HS- | C] () -- C:\ProgramData\1952635424
[2010.07.16 18:31:11 | 000,000,817 | ---- | C] () -- C:\ProgramData\607292016
[2010.07.16 18:30:02 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010.07.16 18:29:39 | 000,004,055 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971P.manifest
[2010.07.16 18:29:39 | 000,000,138 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971O.manifest
[2010.07.16 18:29:39 | 000,000,051 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971C.manifest
[2010.07.16 18:29:39 | 000,000,011 | -HS- | C] () -- C:\Users\tuwar04\AppData\Roaming\020000005f98ec57971S.manifest
[2010.05.03 15:54:43 | 000,000,680 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\d3d9caps.dat
[2010.04.17 05:16:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.07 18:44:47 | 000,000,032 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\xobni_installer_updater.log
[2009.10.08 21:41:51 | 000,005,158 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\froggy_scorebox
[2009.10.08 21:41:51 | 000,000,677 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\pl_accounts.pl_acc
[2009.10.08 21:41:51 | 000,000,556 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Troll.options
[2009.01.30 18:37:54 | 000,031,007 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\UserTile.png
[2008.10.28 19:54:21 | 000,000,246 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\mb3settings.xml
[2008.10.28 19:53:24 | 000,131,200 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Tahoma_12.dds
[2008.10.28 19:53:24 | 000,004,096 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\Tahoma_12.crd
[2008.09.22 19:24:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2008.09.18 15:08:45 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2008.09.18 15:08:45 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.09.16 17:36:45 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.09.16 16:53:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.05.29 23:56:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.05.29 20:22:25 | 053,882,532 | ---- | C] () -- C:\Programme\x32_SIMPLE_WAY_R3.34c.rar
[2008.04.29 23:42:46 | 000,226,816 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.29 22:45:13 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008.04.29 22:45:13 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008.04.29 22:45:13 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008.04.29 20:56:16 | 000,000,254 | ---- | C] () -- C:\Windows\vtmb.ini
[2008.04.29 19:15:57 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008.04.29 19:15:57 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.04.28 17:33:55 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.04.26 19:29:27 | 000,000,172 | ---- | C] () -- C:\Users\tuwar04\AppData\Roaming\default.pls
[2008.04.26 14:54:07 | 000,000,000 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.04.25 22:05:24 | 000,000,734 | ---- | C] () -- C:\Windows\Sof2.INI
[2008.04.25 20:38:16 | 000,000,097 | ---- | C] () -- C:\Windows\lexstat.ini
[2008.04.25 20:04:32 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.04.25 18:00:51 | 000,000,095 | ---- | C] () -- C:\Users\tuwar04\AppData\Local\fusioncache.dat
[2007.06.19 15:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.06.19 14:58:50 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.04.29 16:23:28 | 000,036,864 | ---- | C] () -- C:\Windows\jpgl.dll
[2002.04.29 16:23:28 | 000,032,768 | ---- | C] () -- C:\Windows\div_iyuv.dll
[1997.11.17 17:13:16 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
 
========== LOP Check ==========
 
[2009.08.14 12:51:10 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Acreon
[2008.10.28 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Alawar
[2009.03.06 21:26:40 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Ashampoo
[2008.05.13 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\cerasus.media
[2008.04.28 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Gearbox Software
[2008.07.01 17:49:28 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\gtk-2.0
[2010.08.23 20:32:50 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\ICQ
[2008.04.25 20:19:32 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\InterTrust
[2008.04.25 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Leadertech
[2008.06.19 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\NCH Swift Sound
[2010.07.22 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Nokia
[2010.07.21 16:30:48 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\PC Suite
[2009.01.30 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\PeerNetworking
[2009.02.13 13:02:25 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Skinux
[2008.05.22 18:42:07 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Steganos
[2009.09.11 11:51:49 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\T-Online
[2010.02.23 01:00:13 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\TS3Client
[2008.05.07 02:34:21 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\TuneUp Software
[2010.08.23 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Usenet.nl
[2010.08.24 15:28:59 | 000,000,000 | RHSD | M] -- C:\Users\tuwar04\AppData\Roaming\Winntn Services
[2008.10.28 19:19:27 | 000,000,000 | ---D | M] -- C:\Users\tuwar04\AppData\Roaming\Zak&Jack
[2010.08.24 16:00:00 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.08.24 15:33:29 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.24 15:51:15 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6D01FAC9-01D4-4585-A534-629445323B78}.job
 
========== Purity Check ==========
 
 
< End of report >

--- --- ---

Extras.TxtOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 24.08.2010 15:59:41 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\tuwar04\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 460,36 Gb Total Space | 321,86 Gb Free Space | 69,91% Space Free | Partition Type: NTFS
Drive D: | 19,67 Gb Total Space | 14,57 Gb Free Space | 74,03% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 97,66 Gb Total Space | 54,71 Gb Free Space | 56,02% Space Free | Partition Type: NTFS
Drive K: | 353,81 Gb Total Space | 39,24 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
 
Computer Name: BABY
Current User Name: tuwar04
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{65DCA89B-B694-4FC0-88C8-574CC98DE166}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | 
"{6BC9D625-17A2-4B70-A114-264E3F1C3BC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{8F495B15-C7E3-4565-B92F-0915172A0236}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EBB31401-68E1-48D0-9D2B-84947B69F2F4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | 
"{ED816650-DA97-4EA7-BBDF-765527D4D464}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141DAEC-9284-4E65-9AAF-B9E8AEB218F8}" = protocol=17 | dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{03BA914F-B656-41EB-B858-D6ACC8AE56F4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{067869B8-C41A-4C00-BF54-D7A3C4B49C81}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{0A2D1DC6-B539-4B67-B626-8458DAE21FC6}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{0DC765F5-D48D-4A5F-BD9C-1F379810E286}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{21DB4DB5-793E-4040-8532-25AC21038D27}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{2E90B57B-4A39-45A2-B8A4-DD0DC65F9865}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{2FFC0687-7C2C-45BB-B541-0D4568C7B837}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{347221FB-7C07-4A98-AD43-FFA45E15778A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{412F04D3-8DFE-45C0-915B-AA8BD1248026}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"{4335FB27-C8C0-4E16-8BFE-EABC8F217A90}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{455B88AC-4A32-4690-9799-0C3A28F14DA3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{49F3F911-2FD1-4177-8F43-2AACC3F2A851}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4D50254D-C4AC-459F-AA64-97665CFC0587}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4D96F492-62AF-41F7-981E-B559DA28476F}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{4ECF6DAA-8583-4E2C-8A54-C21BF0D75E68}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.0.9767-to-3.1.1.9806-dede-downloader.exe | 
"{50417147-0572-409A-9748-35ED2A491E17}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{556C8D23-E185-4B2B-A365-9EF4D80B41BC}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{5D1F0E54-5D1C-4A82-BEB2-1EC692C49B01}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | 
"{600F7351-D72C-414D-A1B4-F4D4C97A4CB8}" = protocol=6 | dir=in | app=c:\program files\home cinema\tv enhance\tveservice.exe | 
"{61B8B8AA-05BC-4C1A-B113-E39D3280CEE1}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{641C5E2A-3A7E-4F53-93C1-0F3AFB94AAF7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{6602A268-4907-4A0D-A5AA-EE100B957D02}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{707A8D11-67C3-4B0D-98DF-E9B1C0B35A90}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{709F5AF7-1045-4696-83A3-097D3223D06C}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{73576A81-882C-462A-95A9-08211993E7F8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe | 
"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{7ED8A7E3-0BD9-44EF-AA45-ED5E9654A2CE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"{83854A9E-91C3-4635-84AD-55049DE6DBCF}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{862E5302-7B07-4BB4-BB5F-34F8354FF382}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89DA1886-6963-4C5A-84BB-6DC5CFBF939C}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{8CFA5A52-D4C1-476C-AD18-8EB252B7C17B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9806-to-3.1.1.9835-dede-downloader.exe | 
"{90FD4598-8F48-4E29-A8DE-511FADB44B63}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe | 
"{925E59E8-5DFA-455C-9334-9DFD4BF7B1BC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{95146918-0250-4B38-B71E-6589FBCBF487}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{97025C50-1891-415D-A6CE-AD5A45D84413}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"{99156238-C1A1-4739-A14F-82AD25AA8142}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{A4582EB3-132A-48DD-8B4F-0C36C0E62426}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{A9948078-2BE8-4CF8-8176-86936BB44C9E}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{ABA2E76B-2A9A-4ADD-A5D2-272F6FF9D5C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe | 
"{B564D4E4-9157-4904-8642-D5356F867378}" = protocol=17 | dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{B9A593AF-03D6-4D63-A9D0-9937A8452097}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{BC50E6E5-B279-4225-B04C-67953D2123EF}" = protocol=6 | dir=in | app=c:\program files\home cinema\tv enhance\tvenhance.exe | 
"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe | 
"{CB5670FF-2825-44DD-A705-B0D9553B47E9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CFD2124C-8E74-4B03-A370-14FFA9D9ACB6}" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{D4C6C1B7-AF7F-4557-83E2-3A7C18D3D327}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{D69E3BE1-3054-401A-BD8E-00BC774B987A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9901-to-3.1.3.9947-dede-downloader.exe | 
"{E2ED6014-354C-47A2-A14D-1AB1505E0B64}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | 
"{E58A3E8E-C077-4F47-ABE4-7FA4F89EF9E9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | 
"{EFA26AA8-78D3-4784-8F76-121926009FC9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{FA65314A-28D0-4E94-B96C-8F074FE7646D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.1.9835-to-3.1.2.9901-dede-downloader.exe | 
"{FCE5631F-3DB1-48EB-9A99-6EF7A8B9D6FE}" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"TCP Query User{3935B4BF-575C-4EA7-8B3C-6FC4BBE8ACFD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7CB5A57D-7042-4511-AE4E-96E93820988F}H:\setupwizard\stinstall.exe" = protocol=6 | dir=in | app=h:\setupwizard\stinstall.exe | 
"TCP Query User{8E82596A-7F08-4A23-A200-1FE58E958659}C:\spiele\wow\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\spiele\wow\world of warcraft\launcher.exe | 
"TCP Query User{BD038237-F5C0-41FB-A4F1-58E0E8AD4273}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{2F8EF276-E5C9-4201-86AE-74E8615C1351}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3C71ED62-C604-4AF2-BAA7-0290BB1B4021}H:\setupwizard\stinstall.exe" = protocol=17 | dir=in | app=h:\setupwizard\stinstall.exe | 
"UDP Query User{4E83F864-F2E0-49FB-BC93-25E3FA6BCD81}C:\spiele\wow\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\spiele\wow\world of warcraft\launcher.exe | 
"UDP Query User{5FD1B7F0-C9DC-4FBE-B910-1BCAEBAF04AD}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{048DB452-C8B0-4A8D-89AF-84A6B149E1EE}" = Meine Software
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel(R) Viiv(TM) Software
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B601690-9508-4AD0-A006-F3AF9CF2B74A}" = SIMPLE_WAY
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1DA8594C-2F14-4491-B155-2BF3A999622D}" = Fire Department 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{69E0C313-68AD-4FE0-A85A-3595BB81D6C5}" = Olivetti Toolbox
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FBC9407-713D-4B8A-98D2-57210DA56049}" = MSN Toolbar
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{8FE54D21-8254-4CCF-AEE0-066496AE43F4}" = Delta Force - Black Hawk Down
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A979B2D8-E3EE-4523-A26C-4AF0A6809280}" = Sniper Elite
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5554F9E-702A-49A7-BD52-680AA21E0032}" = Fire Department
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7F98125-4955-41E3-8A71-4CE11CE9C198}" = KODAK Gallery Upload-Software
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}" = Commandos 2: Men of Courage
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Beetle Ju 2" = Beetle Ju 2
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem  (03/05/2008 3.7)
"CIF USB Camera (2110)" = CIF USB Camera (2110)
"Color Eggs II (VOLLVERSION)" = Color Eggs II (VOLLVERSION)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diamond Drop (VOLLVERSION)" = Diamond Drop (VOLLVERSION)
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem  (03/13/2008 6.86.0.1)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem  (06/09/2010 7.01.0.7)
"Feenzauber" = Feenzauber
"Foxy Jumper 2 (VOLLVERSION)" = Foxy Jumper 2 (VOLLVERSION)
"Free Registry Cleaner for Vista_is1" = Free Registry Cleaner for Vista 1.0
"Fresko (VOLLVERSION)" = Fresko (VOLLVERSION)
"Geheimnis von Montezuma (VOLLVERSION)" = Geheimnis von Montezuma (VOLLVERSION)
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Great Mahjong" = Great Mahjong
"Haushaltsbuch2" = Haushaltsbuch2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"Karthago 2" = Karthago 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Moorhuhn - Juwel der Finsternis" = Moorhuhn - Juwel der Finsternis
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mysteryville" = Mysteryville
"Netzmanager" = Netzmanager
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Puzzle Prinz" = Puzzle Prinz
"QuickTime" = QuickTime
"Slim USB2 Scanner" = Slim USB2 Scanner
"Snowy Lunch Rush" = Snowy: Lunch Rush
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Wunderland" = Wunderland
"X10Hardware" = X10 Hardware(TM)
"XobniMain" = Xobni
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"World of Warcraft" = World of Warcraft
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.05.2010 14:41:03 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047dd2,  Prozess-ID 0x1740, Anwendungsstartzeit
 01caeedd74f836cb.
 
Error - 09.05.2010 16:52:27 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x580, Anwendungsstartzeit 01caefb985a0efc9.
 
Error - 20.05.2010 07:58:17 | Computer Name = baby | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18904 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1280  Anfangszeit: 01caf80bc0a9d785  Zeitpunkt
 der Beendigung: 0
 
Error - 24.05.2010 09:05:27 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x99c, Anwendungsstartzeit
 01cafb3dd8b38ecf.
 
Error - 24.05.2010 13:48:42 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0x1490, 
Anwendungsstartzeit 01cafb4e85d3d41f.
 
Error - 25.05.2010 12:53:46 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x0004efe3,  Prozess-ID 0x524, Anwendungsstartzeit
 01cafc2ac6320529.
 
Error - 03.06.2010 04:52:09 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x13e0, Anwendungsstartzeit 01cb02fa0b797379.
 
Error - 03.06.2010 06:02:04 | Computer Name = baby | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\TeamSpeak
 3 Client\update.exe".  Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2010 08:04:43 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18904, Zeitstempel
 0x4b835fec, fehlerhaftes Modul mshtml.dll, Version 8.0.6001.18904, Zeitstempel 
0x4b837769, Ausnahmecode 0xc0000005, Fehleroffset 0x00331b8a,  Prozess-ID 0xbe0, Anwendungsstartzeit
 01cb03d865be59c0.
 
Error - 07.06.2010 13:52:20 | Computer Name = baby | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.200.2, Zeitstempel 0x4bc398b3,
 fehlerhaftes Modul java.dll, Version 6.0.200.2, Zeitstempel 0x4bc3c8dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00005875,  Prozess-ID 0x13f4, Anwendungsstartzeit 01cb066a29f2d654.
 
[ IntelDH Events ]
Error - 26.04.2008 08:48:14 | Computer Name = baby | Source = CCU_Engine | ID = 17
Description = A CCU interface function returned an error: CCUEngine::StartCCU failed
 to launch a page 
 
Error - 26.04.2008 10:58:30 | Computer Name = baby | Source = AlertService | ID = 17
Description = A CCU interface function returned an error: DataManager::GetData failed
 to retrieve the data 
 
Error - 05.05.2008 09:22:54 | Computer Name = baby | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Shell_NotifyIcon
 failed when trying to hide icon
 
[ System Events ]
Error - 23.08.2010 12:10:21 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:10:51 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:12:07 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:27:18 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:32:20 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:33:02 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:26 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:29 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:36 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
Error - 23.08.2010 12:55:39 | Computer Name = baby | Source = DCOM | ID = 10016
Description = 
 
[ TuneUp Events ]
Error - 24.08.2010 07:28:33 | Computer Name = baby | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-24 13:28:33', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbamgui.exe','4388',0)
 
Error - 24.08.2010 07:28:43 | Computer Name = baby | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-24 13:28:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3244',0)
 
 
< End of report >

--- --- ---

cosinus · 24.08.2010, 18:13

Zitat:

C:\Users\tuwar04\Documents\Usenet.nl\alt.binaries.highspeed\Tuneup Utilities 2009 Incl Key and patch.exe (Trojan.VirTool.Gen) -> Quarantined and deleted successfully.

1. Kann ich Dir von TuneUp nur abraten 2. gibt's hier keinen Berenigungssupport für Keygen-/Crackuser!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!

grunickel · 25.08.2010, 15:04

Hallo
das ist ja ziemlich doof

So einen Neustart wollte ich eigentlich verhindern. Da brauch ich zuviel Zeit, die ich nicht habe. Gibt es keine andere Möglichkeit?

Und was bedeutet "somit gibt es im Trojaner-Board keinen weiteren Support mehr" ?

Warum würdest du mir von Tuneup abraten? Es ist ne Originalversion mit Lizenz. Gesucht habe ich, weil ich eigentlich den Laptop von meinem Mann auch damit ausrüsten wollte, dann aber umentschieden habe. Er hat jetzt Tuneup2010. Auch original.

Ach ja ... Dieses "Tuneup Utilities 2009 Incl Key and patch.exe (Trojan.VirTool.Gen)" ist aber nicht der Grund dafür, dass sich der IE immer automatisch öffnet.
Das automatische öffnen hatte ich vorher schon.

Gibt es wirklich keine andere Möglichkeit?
Zumal ich ja meine Festplatte in 4 Partitionen habe. Alleine Bilder, Musik und Videos sind 320 GB. Wie kann ich die denn alle auf CD/DVD sichern?

Auch was die Programme angeht, Na ja gut...die würde ich noch mal wieder zusammen bekommen, glaub ich. Aber eben die Bilder usw.

Was mach ich denn jetzt?
Ich danke dir schon mal für deine Hilfe und deine netten Erklärungen.

cosinus · 25.08.2010, 15:11

Zitat:

Gibt es keine andere Möglichkeit?

Natürlich, ist aber im TB unerwünscht, da es keinen Bereinigungssupport für Keygen/Crackuser gibt!

Zitat:

Warum würdest du mir von Tuneup abraten?

Weil das Teil der absolute Schrott ist und viele Systeme "kaputtoptimiert" hat => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

Zitat:

Es ist ne Originalversion mit Lizenz.

Dann ist der Keygen erst recht völlig deppert oder soll das jetzt ne Ausrede sein?

Zitat:

Gesucht habe ich, weil ich eigentlich den Laptop von meinem Mann auch damit ausrüsten wollte, dann aber umentschieden habe. Er hat jetzt Tuneup2010. Auch original.

Man braucht idR für jeden einzelnen PC eine separate Lizenz! Du kannst nicht auch nur 1x Win7 kaufen und das dann auf beliebig viele PCs gleichzeitig laufen lassen!

Zitat:

Ach ja ... Dieses "Tuneup Utilities 2009 Incl Key and patch.exe (Trojan.VirTool.Gen)" ist aber nicht der Grund dafür, dass sich der IE immer automatisch öffnet.

Nee iss klar

Keygens und Cracks sind ja auch garantiert zu 100% schädlingsfrei

Zitat:

Zumal ich ja meine Festplatte in 4 Partitionen habe. Alleine Bilder, Musik und Videos sind 320 GB. Wie kann ich die denn alle auf CD/DVD sichern?

Nimm ne externe Platte.

grunickel · 25.08.2010, 15:41

Also vorweg... Ich habe zu wenig Ahnung von Computern, als das ich mir jetzt noch Ausreden einfallen lassen würde.

Also ...ich hatte Tuneup 2009 mit Lizenz auf meinem Rechner und wollte es auch auf dem Laptop von meinem Mann haben.
Hat auch anfangs geklappt, bis der Lappi sagte, dass ich mir ne Originallizenz besorgen müsste.
Also wollte ich ihm ne andere Lizenz besorgen.
Das war der Grund warum ich bei Usenet gesucht habe.
Aber es hat ja nicht geklappt, weil ich die doofen Dateien nicht geöffnet bekommen habe oder ich war zu deppert. Na ja, auf jeden Fall habe ich den Usenet-ordner wieder leer gemacht und ihm Tuneup 2010 gekauft.

Mir ist auch klar, dass ich für jeden einzelnen PC ne Lizenz brauche, habe ich aber nicht dran gedacht.

Und das Keygens und Cracks nicht schädlingsfrei sind weiß ich auch. Ich wollte damit ja auch nur sagen, dass der IE sich erstmals automatisch geöffnet hat, nachdem ich Mozilla nutze.

Usenet habe ich nur die letzten 14 Tage genutz.
Mozilla nutze ich schon fast 2 Monate und solange öffnet sich auch schon der IE.
Also habe ich angenimmen, dass es noch einen anderen Grund geben könnte.

Du mußt auch nicht böse mit mir werden. Ich weiß selbst, dass ich nen Fehler gemacht habe.

LG Wencke

cosinus · 25.08.2010, 15:44

Das Gerede bringt aber nichts mehr, iss Dir schon klar oder?
Berenigt wird das System nicht mehr. Setz es neu auf. Wenn dann wieder Infektionen kommen sollten, dann kann man bereinigen, oder auch andere Rechner.

grunickel · 25.08.2010, 16:03

Ja is mir klar.

Das mit dem neu aufsetzen kann aber ein bißchen dauern.
Muss mir erstmal ne externe Feestplatte ausleihen und dann noch die Zeit finden.

Soll ich danach nochmal wieder was posten?

LG Wencke

grunickel · 25.08.2010, 16:38

Ach eine Frage hab ich noch.
Meine Festplatte ist ja in 4 Partitionen eingeteilt.

C - ist für das Betriebssystem und alle Programme
D - ist Recover (Ich glaube da ist alles drauf, um den Rechner neu zu machen)
(wurde mal so angelgt, falls er mal abstürzt oder neu aufgesetzt werden
muss)
J - ist schriftkram
K - sind halt Bilder und so

Reicht es nicht aus, nur C - neu zu machen?
Und wenn nicht, kannst du mir dann bitte erklären, warum das so ist?

Danke :-)

cosinus · 25.08.2010, 18:21

Ja, es reicht aus, C: zu formatieren.

grunickel · 26.08.2010, 12:32

Ok, ich danke dir für deine Antwort.

LG Wencke

25.08.2010, 15:44	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet Explorer öffnet sich automatisch Das Gerede bringt aber nichts mehr, iss Dir schon klar oder? Berenigt wird das System nicht mehr. Setz es neu auf. Wenn dann wieder Infektionen kommen sollten, dann kann man bereinigen, oder auch andere Rechner. __________________ Logfiles bitte immer in CODE-Tags posten

25.08.2010, 18:21	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Internet Explorer öffnet sich automatisch Ja, es reicht aus, C: zu formatieren. __________________ Logfiles bitte immer in CODE-Tags posten

Internet Explorer öffnet sich automatisch

Log-Analyse und Auswertung: Internet Explorer öffnet sich automatisch