| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BOWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.10.2010, 19:15
| #1 |
| |  Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Vor einer Woche kam die Meldung "Windows wird in weniger als einer Minute herutergefahren" das erste mal, danach startete der PC neu. Kurz darauf bekam ich auch einen Virenfund bei AntiVir. Die Datei 'C:\Users\***\AppData\Local\Temp\0.8988801972047661.exe' enthielt einen Virus oder unerwünschtes Programm 'TR/Riner.YF' [trojan]. Durchgeführte Aktion(en):Die Datei wurde gelöscht. Und: Die Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5029cd0e-59147293' enthielt einen Virus oder unerwünschtes Programm 'JAVA/ClassLoader.BO' [virus]. Durchgeführte Aktion(en): Die Datei wurde gelöscht. Außer dem Neustart von Windows startet Firefox sehr langsam, und stürzt ständig ab( "Programm reagiert nicht" ). Nach einem Scan mit AntiVir machte ich noch einen mit Malwarebytes. LOG: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4690 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 25.09.2010 15:36:43 mbam-log-2010-09-25 (15-36-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 512760 Laufzeit: 1 Stunde(n), 56 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Program Files\Werkkzeug1\kkino1.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully. C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. Nach dem Löschen der Funde tritt das Problem weiterhin auf, alle weiteren Scans sind jedoch negativ. ich habe verschiedene Einträge bereits gelesen (z.B. der von User Eldrick, weil sein Problem scheinbar sehr ähnlich war.) seitdem habe ich einen weiterern Scan mit SUPERAntiSpiware gemacht, bei dem das hier gefunden wurde: Trojan.Agent/Gen-FakeAlert[Local] C:\PROGRAM FILES\MONTE CRISTO\CITY LIFE\DATA\_FILESYSTEMPACKER.EXE Trojan.Agent/CDesc[Generic] C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPAAC_WIN.DLL C:\PROGRAM FILES\SONY\PLAYSTATION STORE\NPCOMMERCE2LIB.DLL Die weiteren Scans waren jedoch wieder negativ, die Probleme treten weiterhin auf. Ich habe außerdem Java geupdated. Ich weiß wirklich nicht, was ich noch weiteres machen soll. |
|
04.10.2010, 21:29
| #2 |
| /// Malwareteam   |  Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Rootkit-Suche mit Gmer Was sind Rootkits? Wichtig: Bei jedem Rootkit-Scans soll/en:
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Nun das Logfile in Code-Tags posten. |
|
05.10.2010, 16:01
| #3 |
| | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO OTL:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 05.10.2010 14:30:28 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 25,93 Gb Free Space | 11,32% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 34,07 Gb Free Space | 14,89% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 1397,26 Gb Total Space | 1087,35 Gb Free Space | 77,82% Space Free | Partition Type: NTFS Computer Name: ***S-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.10.05 14:25:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2010.10.01 15:53:54 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2010.09.17 17:32:09 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe PRC - [2010.09.17 17:32:08 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.04.20 16:27:09 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:28:15 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe PRC - [2009.04.11 08:28:06 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.01.19 09:33:12 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe ========== Modules (SafeList) ========== MOD - [2010.10.05 14:25:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe MOD - [2009.04.11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex) SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.08.13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.08.13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.04.20 16:27:09 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.12.27 15:54:44 | 003,792,896 | ---- | M] (Moonware Studios) [Disabled | Stopped] -- D:\Programme2\webcam 7\wService.exe -- (w7Svc) SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2008.06.05 13:22:50 | 001,811,456 | ---- | M] (Buhl Data Service GmbH) [Disabled | Stopped] -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe -- (srvcPVR) SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2007.09.07 20:16:18 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2007.04.04 18:54:08 | 000,266,343 | ---- | M] (CyberLink) [Disabled | Stopped] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2007.02.07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.01.31 18:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2006.12.29 17:51:56 | 000,028,672 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [Disabled | Stopped] -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.09.11 21:38:19 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm) DRV - [2009.03.27 14:23:12 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.04.25 18:38:49 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2008.01.14 12:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam) DRV - [2007.08.31 15:24:26 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2007.07.18 21:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P) DRV - [2007.06.13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc) DRV - [2007.05.07 00:55:51 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.03.14 16:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 20:30:12 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007.02.16 02:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007.02.07 00:04:54 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.02.07 00:04:50 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.02.07 00:04:48 | 000,020,264 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh) DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.10.30 05:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2004.11.22 16:58:31 | 000,014,342 | ---- | M] (Intellon Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbethmp.sys -- (A_USBETHMP) DRV - [2004.05.17 11:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\plcndis5.sys -- (PLCNDIS5) DRV - [2002.10.31 13:04:06 | 000,434,368 | ---- | M] (Unknown) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V2210vid.sys -- (V2210VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://taz.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://meine-startseite.computerbild.de/hauptbahnhof/***s Startseite" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.04 17:32:45 | 000,000,000 | ---D | M] [2009.05.08 13:23:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2008.05.21 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2010.10.05 13:58:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions [2009.06.27 12:39:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.20 18:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2009.12.05 22:36:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009.12.17 20:55:11 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.09.08 17:03:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.08 16:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.05.18 17:58:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010.04.23 17:29:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.01.01 16:29:04 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.04 00:43:47 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.09.28 20:25:55 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2010.08.26 17:15:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\battlefieldheroespatcher@ea.com [2010.06.22 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\eafo3fflauncher@ea.com [2010.10.01 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\staged-xpis [2010.08.29 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\toolbar@ask.com [2010.05.26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\askcom.xml [2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\conduit.xml [2010.09.29 20:25:29 | 000,000,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-1.xml [2009.08.11 18:42:54 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-2.xml [2009.09.13 17:39:22 | 000,000,666 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-3.xml [2009.11.02 21:34:59 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-4.xml [2009.11.07 19:51:41 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-5.xml [2009.12.17 17:58:07 | 000,000,961 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-6.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin.xml [2009.05.21 15:46:36 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\live-search.xml [2010.01.04 00:43:35 | 000,003,915 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\sweetim.xml [2010.10.03 22:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.24 00:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.12 17:38:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.12 17:38:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.12 17:38:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.12 17:38:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.12 17:38:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Acer Tour Reminder] File not found O4 - HKCU..\Run: [PMCRemote] File not found O4 - HKCU..\Run: [Res32] C:\Users\***\AppData\Roaming\Adobe\Update\dlgdo.exe () O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\Windows\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.dvsd - C:\Windows\System32\Dvc.dll (Adaptec) Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg30.dll (Pegasus Imaging Corporation) Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MP43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: VIDC.VQC6 - C:\Windows\System32\V2210dec.dll ( ) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.10.05 14:25:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.04 18:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2010.10.04 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PCF-VLC [2010.10.04 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.10.04 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.10.04 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.10.04 17:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.10.04 17:30:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.28 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm-Sicherheit [2010.09.28 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2010.09.28 20:20:58 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2010.09.28 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs [2010.09.28 20:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010.09.28 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.09.28 20:14:20 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.09.28 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com [2010.09.28 15:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.09.28 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.09.27 22:30:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.09.27 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2010.09.26 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.09.25 19:08:49 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.09.25 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.09.25 13:33:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.25 13:33:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.25 13:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.25 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.21 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Schöningh [2010.09.17 18:26:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PLAKATE [2010.09.08 18:55:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Philipp Winterberg [2010.09.08 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\RarZilla Free Unrar [2010.09.08 16:58:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.06 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\LOGO [2010.07.10 19:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.01.20 17:14:50 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\V2210dec.dll [2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 90 Days ========== File not found -- C:\Users\***\splinter cell [2010.10.05 14:29:55 | 005,242,880 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.10.05 14:25:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2010.10.05 13:50:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1DB327C0-63D8-4FDD-85A5-CD223743BA19}.job [2010.10.05 13:47:42 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.10.05 13:45:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.05 13:45:22 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.05 13:45:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.05 13:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.05 13:44:57 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.10.05 01:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000001.regtrans-ms [2010.10.05 01:33:21 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TM.blf [2010.10.05 01:33:15 | 003,424,976 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.10.04 19:30:17 | 004,063,232 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010.10.04 19:30:17 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010.10.04 19:30:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010.10.04 17:36:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.04 17:32:32 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.04 17:19:41 | 000,002,613 | ---- | M] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.10.04 00:22:16 | 000,000,680 | RHS- | M] () -- C:\Users\***\ntuser.pol [2010.10.04 00:06:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2010.10.04 00:06:45 | 000,222,208 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.03 17:49:12 | 000,008,592 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2010.09.29 23:59:01 | 000,174,324 | ---- | M] () -- C:\Users\***\Desktop\cc_20100929_235655.reg [2010.09.28 20:31:16 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.09.28 20:24:13 | 000,000,835 | ---- | M] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk [2010.09.28 20:24:11 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2010.09.28 15:18:58 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.27 23:07:56 | 000,040,375 | ---- | M] () -- C:\Users\***\Desktop\bootkit_remover.rar [2010.09.27 22:01:21 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.26 22:48:48 | 000,000,768 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.09.25 18:58:25 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.25 18:58:25 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.25 15:40:13 | 000,142,712 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.25 15:38:52 | 000,444,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.25 13:33:52 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.25 01:01:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000002.regtrans-ms [2010.09.25 00:42:08 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.25 00:42:08 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.23 15:38:47 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.23 15:38:36 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.21 22:31:33 | 002,865,280 | ---- | M] () -- C:\Users\***\Desktop\YouTube - King of the Bongo.mp3 [2010.09.21 15:09:03 | 000,072,792 | ---- | M] () -- C:\Users\***\Desktop\BLFImSickOfIt.jpg [2010.09.20 21:26:46 | 000,110,691 | ---- | M] () -- C:\Users\***\Desktop\rickshaw2.jpg [2010.09.20 16:32:50 | 000,001,398 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.09.20 16:31:53 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.09.19 02:04:25 | 000,015,402 | ---- | M] () -- C:\Users\***\Desktop\Profil2.jpg [2010.09.19 01:57:16 | 000,015,869 | ---- | M] () -- C:\Users\***\Desktop\Profil.jpg [2010.09.18 23:31:36 | 000,169,827 | -H-- | M] () -- C:\Users\***\Desktop\mxfilerelatedcache.mxc2 [2010.09.15 18:21:56 | 001,174,016 | ---- | M] () -- C:\Users\***\Desktop\Aufwärmen.doc [2010.09.12 22:07:37 | 000,249,693 | ---- | M] () -- C:\Users\***\Desktop\LOGO (2).zip [2010.09.12 22:06:39 | 000,072,776 | ---- | M] () -- C:\Users\***\Desktop\SV LOGO3.jpg [2010.09.12 22:02:28 | 000,077,197 | ---- | M] () -- C:\Users\***\Desktop\SV LOGO2.jpg [2010.09.12 21:58:25 | 000,099,042 | ---- | M] () -- C:\Users\***\Desktop\SV LOGO´1.pdn [2010.09.12 21:58:08 | 000,072,449 | ---- | M] () -- C:\Users\***\Desktop\SV LOGO.jpg [2010.09.12 01:54:16 | 000,137,770 | ---- | M] () -- C:\Users\***\Desktop\SV logo.pdn [2010.09.12 01:49:51 | 000,043,339 | ---- | M] () -- C:\Users\***\Desktop\Logo.2.2.jpg [2010.09.12 01:49:42 | 000,049,155 | ---- | M] () -- C:\Users\***\Desktop\Logo.2.2.png [2010.09.12 01:47:56 | 000,049,011 | ---- | M] () -- C:\Users\***\Desktop\Logo.2.png [2010.09.11 17:52:33 | 000,054,474 | ---- | M] () -- C:\Users\***\Desktop\Logo.2.jpg [2010.09.11 17:51:53 | 000,043,456 | ---- | M] () -- C:\Users\***\Desktop\logo.2.1.jpg [2010.09.11 17:45:51 | 000,061,570 | ---- | M] () -- C:\Users\***\Desktop\logo.2.1.png [2010.09.09 19:33:14 | 000,006,144 | -H-- | M] () -- C:\Users\***\photothumb.db [2010.09.09 19:33:04 | 000,059,392 | -H-- | M] () -- C:\Users\***\Desktop\photothumb.db [2010.09.08 18:54:56 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk [2010.09.08 17:03:17 | 004,972,672 | ---- | M] () -- C:\Users\***\Desktop\Charlie Chaplin-Funny song- Modern Times.mp3 [2010.09.08 16:58:34 | 000,000,996 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.07 23:29:00 | 000,081,282 | ---- | M] () -- C:\Users\***\Desktop\die chance nutzen.png [2010.09.06 19:30:49 | 000,168,561 | ---- | M] () -- C:\Users\***\Desktop\Logo.zip [2010.08.24 20:10:57 | 000,038,400 | ---- | M] () -- C:\Users\***\Desktop\The Unanimous Declaration Of Independence.doc [2010.07.30 22:12:12 | 000,045,831 | ---- | M] () -- C:\Users\***\Documents\revolution.pdf [2010.07.10 23:03:29 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.07.10 19:46:05 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk ========== Files Created - No Company Name ========== [2010.10.04 19:29:53 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010.10.04 19:29:53 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010.10.04 19:29:52 | 004,063,232 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010.10.04 17:36:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.04 17:32:32 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.04 00:22:16 | 000,000,680 | RHS- | C] () -- C:\Users\***\ntuser.pol [2010.10.03 22:39:33 | 3220,692,992 | -HS- | C] () -- C:\hiberfil.sys [2010.09.29 23:57:16 | 000,174,324 | ---- | C] () -- C:\Users\***\Desktop\cc_20100929_235655.reg [2010.09.28 20:24:13 | 000,000,835 | ---- | C] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk [2010.09.28 20:21:04 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml [2010.09.28 20:16:49 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.09.28 15:18:58 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.27 23:07:53 | 000,040,375 | ---- | C] () -- C:\Users\***\Desktop\bootkit_remover.rar [2010.09.27 22:00:36 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.27 20:16:02 | 000,002,613 | ---- | C] () -- C:\Users\***\Desktop\HiJackThis.lnk [2010.09.26 22:48:48 | 000,000,768 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.09.25 13:33:52 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.25 00:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000002.regtrans-ms [2010.09.25 00:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000001.regtrans-ms [2010.09.25 00:43:18 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TM.blf [2010.09.21 22:26:27 | 002,865,280 | ---- | C] () -- C:\Users\***\Desktop\YouTube - King of the Bongo.mp3 [2010.09.20 21:26:45 | 000,110,691 | ---- | C] () -- C:\Users\***\Desktop\rickshaw2.jpg [2010.09.19 02:04:22 | 000,015,402 | ---- | C] () -- C:\Users\***\Desktop\Profil2.jpg [2010.09.19 01:57:14 | 000,015,869 | ---- | C] () -- C:\Users\***\Desktop\Profil.jpg [2010.09.15 17:59:42 | 001,174,016 | ---- | C] () -- C:\Users\***\Desktop\Aufwärmen.doc [2010.09.12 22:07:17 | 000,249,693 | ---- | C] () -- C:\Users\***\Desktop\LOGO (2).zip [2010.09.12 22:06:21 | 000,072,776 | ---- | C] () -- C:\Users\***\Desktop\SV LOGO3.jpg [2010.09.12 22:02:24 | 000,077,197 | ---- | C] () -- C:\Users\***\Desktop\SV LOGO2.jpg [2010.09.12 21:58:23 | 000,099,042 | ---- | C] () -- C:\Users\***\Desktop\SV LOGO´1.pdn [2010.09.12 21:58:03 | 000,072,449 | ---- | C] () -- C:\Users\***\Desktop\SV LOGO.jpg [2010.09.12 01:49:49 | 000,043,339 | ---- | C] () -- C:\Users\***\Desktop\Logo.2.2.jpg [2010.09.12 01:49:40 | 000,049,155 | ---- | C] () -- C:\Users\***\Desktop\Logo.2.2.png [2010.09.11 17:52:31 | 000,054,474 | ---- | C] () -- C:\Users\***\Desktop\Logo.2.jpg [2010.09.11 17:51:51 | 000,043,456 | ---- | C] () -- C:\Users\***\Desktop\logo.2.1.jpg [2010.09.11 17:45:49 | 000,061,570 | ---- | C] () -- C:\Users\***\Desktop\logo.2.1.png [2010.09.11 17:45:33 | 000,049,011 | ---- | C] () -- C:\Users\***\Desktop\Logo.2.png [2010.09.08 18:54:56 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk [2010.09.08 17:02:50 | 004,972,672 | ---- | C] () -- C:\Users\***\Desktop\Charlie Chaplin-Funny song- Modern Times.mp3 [2010.09.08 16:58:34 | 000,000,996 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.07 23:28:57 | 000,081,282 | ---- | C] () -- C:\Users\***\Desktop\die chance nutzen.png [2010.09.07 23:10:02 | 000,137,770 | ---- | C] () -- C:\Users\***\Desktop\SV logo.pdn [2010.09.06 18:54:26 | 000,168,561 | ---- | C] () -- C:\Users\***\Desktop\Logo.zip [2010.08.24 20:10:57 | 000,038,400 | ---- | C] () -- C:\Users\***\Desktop\The Unanimous Declaration Of Independence.doc [2010.07.30 22:12:09 | 000,045,831 | ---- | C] () -- C:\Users\***\Documents\revolution.pdf [2010.07.10 19:46:59 | 000,001,398 | ---- | C] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.10 19:46:21 | 000,000,881 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.10 19:46:05 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.06.19 11:58:58 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.06.19 11:58:45 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.06.04 20:54:11 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010.05.30 21:04:01 | 001,028,096 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter2.dll [2010.03.02 00:48:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.28 23:32:40 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2010.01.20 17:14:50 | 000,028,672 | ---- | C] () -- C:\Windows\vqsetup.dll [2009.10.18 17:43:29 | 000,008,570 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.09.11 19:08:48 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.11 19:08:47 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2009.09.03 22:02:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lexazdll32.dll [2009.08.31 13:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2009.08.18 17:24:43 | 000,000,551 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2009.08.07 23:46:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.19 20:13:39 | 000,000,099 | ---- | C] () -- C:\Windows\galaxy.ini [2009.05.12 15:51:31 | 000,000,660 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.13 01:02:06 | 000,012,437 | ---- | C] () -- C:\Users\***\AppData\Roaming\UserTile.png [2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.22 17:12:15 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.25 16:01:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.11.25 16:01:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.11.25 15:55:52 | 000,000,043 | ---- | C] () -- C:\Windows\Caligari.ini [2008.07.04 22:02:52 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2008.06.27 17:38:58 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.06.27 17:38:58 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.06.11 20:11:29 | 000,226,302 | ---- | C] () -- C:\Users\***\AppData\Local\Temppenciltemp.png [2008.06.01 22:07:41 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2008.05.29 20:36:11 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.05.29 20:36:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.05.26 18:51:01 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2008.05.26 18:51:01 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2008.05.26 18:50:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.05.26 18:47:43 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.05.25 21:22:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.22 21:28:50 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll [2008.05.08 19:56:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.19 17:06:46 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.04.18 22:25:27 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.04.18 19:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.04.18 19:03:27 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.04.15 21:50:36 | 000,222,208 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.15 21:05:18 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2008.04.15 21:05:17 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2008.04.15 21:05:17 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2008.04.15 21:05:17 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2008.04.15 21:05:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2008.04.15 19:42:07 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.04.15 19:42:07 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.04.15 19:22:52 | 000,008,592 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 09:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.07 01:57:19 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2009.09.12 23:21:57 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2008.05.22 21:32:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Anvil Studio [2010.05.30 21:05:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2009.01.22 16:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo Cover Studio 2009 [2008.08.21 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blender Foundation [2008.11.25 16:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2009.09.03 22:03:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dtv-lexikon [2010.09.08 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.30 20:54:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2008.04.17 23:05:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eSobi [2009.10.25 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FontCreator [2009.12.30 22:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.10.04 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2008.04.18 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ Toolbar [2008.06.23 19:16:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterTrust [2009.05.19 19:34:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Laconic Software [2009.10.03 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2008.05.13 21:29:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lionhead Studios [2009.03.23 22:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2009.02.11 23:25:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX Fotobuch [2010.01.21 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ManyCam [2008.05.21 21:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation [2010.10.04 17:38:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCF-VLC [2009.05.10 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PeerNetworking [2010.09.08 18:55:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Philipp Winterberg [2009.09.10 16:06:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Screaming Bee [2009.09.03 17:19:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Scribus [2008.05.26 18:58:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Smart Panel [2009.05.11 15:59:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2009.11.23 17:14:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE [2008.09.06 15:50:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SPORE Creature Creator [2008.05.21 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.02.21 18:58:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit [2008.11.25 16:06:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core [2010.01.28 23:33:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Webcammax [2010.10.05 01:33:23 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.10.05 13:50:16 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1DB327C0-63D8-4FDD-85A5-CD223743BA19}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007.05.07 01:07:48 | 000,003,380 | ---- | M] () -- C:\-20070507.log [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007.05.07 09:23:15 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2009.11.26 15:45:12 | 000,000,245 | ---- | M] () -- C:\debugInstaller.txt [2010.10.05 13:44:57 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2009.09.03 22:03:20 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006.11.29 17:35:22 | 000,000,512 | ---- | M] () -- C:\MDR.iss [2009.09.03 22:03:20 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010.10.05 13:44:53 | 3534,503,936 | -HS- | M] () -- C:\pagefile.sys [2008.04.15 19:39:09 | 000,000,471 | ---- | M] () -- C:\RHDSetup.log [2007.05.07 00:57:06 | 000,000,178 | ---- | M] () -- C:\setup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2010.01.18 16:20:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2007.04.09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2006.10.19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr [2006.10.19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr [2008.07.29 16:06:10 | 002,250,240 | ---- | M] (Laconic Software) -- C:\Windows\Free Fire Screensaver.scr [2009.07.10 14:10:44 | 000,307,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > [2010.10.04 17:14:14 | 000,274,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe\Update\dlgdo.exe < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.03.05 18:54:04 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\system32\user32.dll /md5 > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.01.19 09:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2008.04.17 14:52:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe [2008.04.17 14:52:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe [2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-03 20:52:00 ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0CE7F3C9 < End of report > EXTRAS:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.10.2010 14:30:28 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 25,93 Gb Free Space | 11,32% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 34,07 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1397,26 Gb Total Space | 1087,35 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Computer Name: HAUKES-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{282C987F-7F6F-4A7F-9794-46C188A34E2D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{36243253-E19F-4273-9768-2CEE152BCD3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44242F98-D4B0-42F4-838B-1AF1620C1B9E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{59D5121B-FF05-4D6A-9264-EA17017C50F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D5D3221-0FAF-4EAC-8D25-3D11E015CE77}" = rport=2869 | protocol=6 | dir=out | app=system |
"{826BEA83-0DE7-4F81-AC3C-6343B02EA7A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AF2B5EB-4A00-4B02-BA2A-C70599F59A18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF766753-76BD-4F57-937C-1E5D9858E356}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7171238-94E1-42F2-A53A-B0BE7847B26B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F27B4A21-6B78-4C5F-9E4A-3FE4169E1A23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B0A50E-00BF-4AD5-A9EA-7CB04089F089}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{08917A68-9F00-4FD6-BC6E-0811EE62BA55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{092D9FD4-9315-4860-8C15-35D27762E64E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BC4EAD2-5EDC-47F6-960B-7A6C03357683}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{1DDFAFDA-E343-4D84-BE4D-F055CE0F0819}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{2347661D-BCF9-431B-96F0-84D03336B41D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{29EB6D01-9FC4-4C73-A719-76098D328167}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2CAF8F7F-4018-449F-A320-06FCBECA7B92}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3738926D-03BB-40CB-8929-1B84147C4419}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{3E1A7721-81FD-4D6A-9799-5F4CF196492D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{48479F0D-A229-4B88-AE0F-A9F4CAA3866E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{48B8001C-9F90-4B59-A852-29235EEEE6D6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B4DBD99-71D3-41E7-A293-DBF5364CDD6C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4F6A9D0A-B2C6-4466-BDA3-A9E8A04CA573}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{513ED057-3824-4927-B104-F713836596E8}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{53946808-0485-4BC6-AF97-9978117E9E44}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{53DBA6AB-B590-462B-99E7-051089082179}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{57EF81D5-1F99-4371-B78D-B2199531A19B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5AF8FA0D-31B4-4BB3-BB06-7468299131E1}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{603E1AC3-1B95-432F-BFFC-923DE68CD193}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{613EC548-2ADC-4F36-AB4D-D92E1B7D62BC}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{668B9D30-8C28-4862-BCE1-8A68B4DE5FB4}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{695E9E79-C11B-49E8-9FD5-18A894522ECB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{69F69489-C87E-4521-8A5A-80841CC67EE8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6BA6BAE5-3888-4DCF-8B65-20605C873AE9}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{741E8BE9-4852-4E4F-8791-EFA7C8F8E713}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{7BA1B465-7412-4EBA-BF21-D7AF309A0289}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{82B856C5-BE0F-43F0-B96B-E77DDDD14844}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8C4C74ED-D6A7-4AF4-9CDE-7E72B903A9FD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8EE41AAF-5693-447D-A63C-B8584B9DDA1F}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{903A37DB-784F-464B-943C-203538F2C813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{95B812B6-B8EC-4E56-AB88-727F45A55771}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{9AD356BB-9631-4CDA-A902-E678C0D0F631}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{9F2DD910-5EF3-446A-A2F9-CE06248B10E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC16DC45-AB0E-4315-A498-D953A24414AE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{ACE08E08-E81A-44EA-9A1E-CC6F590CD48E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B1FA972A-E777-4071-AC67-E075667091B5}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B21EBDD6-A628-48A9-AEE6-78777FBB8614}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4006B54-CCDF-4253-9413-949274A89576}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B599EE23-7780-4793-A7B8-C86D398C1B33}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{BB355F37-060D-4046-BF6A-6772FD3DDECD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{CED2353B-7772-440B-8F35-7EEF30B1FDB3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D0A24811-3314-41B6-8922-730F79DDD02D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{D2FC5796-A451-4BC3-BE9E-6BA50D4E5EE3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{E582B88F-1D95-4D09-9841-58E0F617124B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EE67895E-F5B7-47CA-BD80-8D6113EF06E1}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{EF096C5B-BB54-4A51-8A4A-17879E1BD68A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{F2619CE5-966E-4273-B4DD-7EF841426F2F}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{F9FA0F5A-23C5-4CB4-9BCD-D087CB1931FF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{1169FD75-7D6C-4BFA-B19C-A019824C0865}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{249284C7-5BF8-491F-B682-E83A8B076AF6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2A94DF59-4ACB-45DE-824B-C9F8AD62E750}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2AA6FA3F-4E84-4CB1-A853-A65214C37331}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2FA6E06F-3880-4B10-BD1F-8B23D6193CFD}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"TCP Query User{44CDA926-47B8-49E9-9F1F-8F372FB6FF24}D:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=d:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe |
"TCP Query User{4F786191-C063-4B44-A303-15143E27E14B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{500F8F9A-1ABB-468B-AAD7-79BF1D1852CE}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=6 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"TCP Query User{5978676B-3C02-4922-AEF5-BFF83C03615B}K:\operator-3.5\operator\opera\opera.exe" = protocol=6 | dir=in | app=k:\operator-3.5\operator\opera\opera.exe |
"TCP Query User{702B988E-95FF-4C60-97D1-D781AB868D1B}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{BDC22EB9-FEFF-495A-B857-C4192F0F15F8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C786E74F-BE51-4145-B52F-15C571F1C577}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E38739B0-9A15-4A77-86FB-0E1366225B8C}C:\program files\aspyr media, inc\thaw\game\thaw.exe" = protocol=6 | dir=in | app=c:\program files\aspyr media, inc\thaw\game\thaw.exe |
"TCP Query User{F02084AE-59C1-45DA-8A75-0954479CE501}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{F21A8AD2-2A83-4055-85F1-3D1C045E7640}D:\programme2\fifa10.exe" = protocol=6 | dir=in | app=d:\programme2\fifa10.exe |
"UDP Query User{1789791A-FB2D-4F59-AE59-60D40B3E4392}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{46B59A63-9166-42CF-BA79-0745582A7DF3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{46D15242-D509-4B3F-A037-8D873834A0F6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{64B88066-0FB6-4922-A749-E19B339F0ABA}K:\operator-3.5\operator\opera\opera.exe" = protocol=17 | dir=in | app=k:\operator-3.5\operator\opera\opera.exe |
"UDP Query User{749D1C72-55DF-423A-87B8-C1AB468D9960}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=17 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"UDP Query User{7CC0A4BA-9FEF-48C2-A623-EA1A44BCC0E2}C:\program files\aspyr media, inc\thaw\game\thaw.exe" = protocol=17 | dir=in | app=c:\program files\aspyr media, inc\thaw\game\thaw.exe |
"UDP Query User{992FECE7-D97A-4E58-ABDC-9BD77A308209}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{994FF1F2-F725-400A-84F3-CD17C09B71B4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A24828E5-29C2-4731-89E2-4041471490E1}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{AAD11887-4E90-4D80-86F1-C5753D19A53E}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{BD4FB4BE-5D93-4A48-BA97-9B9FF4EDB892}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C29D7220-4699-4C7D-AC0E-844A7FF2C9E6}D:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=d:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe |
"UDP Query User{C84D02DA-5944-4120-96BD-811E8ED2DBB8}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"UDP Query User{DCB28C10-AEF2-4C74-A345-562B02352362}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F248228B-F5A0-4B9F-951D-8944973CB89D}D:\programme2\fifa10.exe" = protocol=17 | dir=in | app=d:\programme2\fifa10.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{090A0EB4-FC4E-4D24-0001-04C3FA6538B1}" = MyTube BigPack Internet Recorder 3 Free
"{0D8A8C0F-79BA-49EE-B9F5-4FB01E864C35}" = Tom Clancy's Splinter Cell 3 - Chaos Theory Demo
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{5628829F-3318-4DDA-988D-D301832F1611}" = Singles
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{628697C2-7F0E-40D2-8020-A147B3090F60}" = MorphVOX Pro
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78699791-0625-4667-9E70-626A1CCEC94D}" = 3D Canvas
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{83467AF1-C7D8-4138-0095-AB308887A9FB}" = NBA LIVE 2004
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A863F2EF-443D-429C-9DCD-9234BEB8142A}" = Scrapland
"{A919AABD-61FA-4E16-0000-26966C3D2481}" = GameJack 6
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B246C325-1C49-4572-8665-7691EFE1D06B}" = MGI VideoWave 4
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9DC3EE4-7A92-F473-510D-48A5EAD52845}" = ATI Catalyst Install Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D92F1880-822A-41CA-0090-451FBB89BF4C}" = FIFA Fussball-Weltmeisterschaft 2006 (TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}" = MyTube BigPack 3 CHIP-Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Alien Arena 2008_is1" = Alien Arena 2008 7.21
"All Out Race" = All Out Race
"Ashampoo ClipFisher_is1" = Ashampoo ClipFisher1.21
"Ashampoo Cover Studio 2009_is1" = Ashampoo Cover Studio 2009
"AsUninst.exe" = Anvil Studio
"ATI Uninstaller" = ATI Uninstaller
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"Blender" = Blender (remove only)
"CAM-IN SUITE III" = CAM-IN SUITE III
"CCleaner" = CCleaner
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"City Life" = City Life
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"doPDF 6 printer_is1" = doPDF 6.3 printer
"dslmon" = devolo Informer
"dtvlexikon2006_is1" = dtv-Lexikon 1.0
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Einsteiger-Sprachkurs Spanisch" = Einsteiger-Sprachkurs Spanisch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESCX3600 Referenzhandbuch" = ESCX3600 Referenzhandbuch
"ESCX3600 Softwarehandbuch" = ESCX3600 Softwarehandbuch
"Fiesta Online" = Fiesta Online 1.01.000
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FLV Player" = FLV Player 2.0, build 24
"FontCreator6_is1" = High-Logic FontCreator 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Fire Screensaver" = Free Fire Screensaver
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Freedom Force vs The 3rd Reich" = Freedom Force vs The 3rd Reich (remove only)
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Music Maker 2007 D" = MAGIX Music Maker 2007 (D)
"MAGIX Music Maker Basic Edition UK" = MAGIX Music Maker Basic Edition 12.1.0.3 (UK)
"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)
"MAGIX Music Maker Rock Edition D" = MAGIX Music Maker Rock Edition 4.0.0.13 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Plus D" = MAGIX Video deluxe 15 Plus 8.0.0.62 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miro" = Miro
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.0.1.229 (D)
"myGamersCam" = myGamersCam 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Stifttablett
"PhotoScape" = PhotoScape
"PSP Video 9" = PSP Video 9 2.25
"PunkBusterSvc" = PunkBuster Services
"RalliSport Challenge 1.0" = Microsoft RalliSport Challenge
"RarZilla Free Unrar" = RarZilla Free Unrar
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva (remove only)
"Schmaili_is1" = Schmaili 9.0
"Scribus 1.3.5" = Scribus 1.3.5.1
"SimPE_is1" = SimPE 0.58b (alpha)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"V2210" = DigitalCam Pro
"VitualDub" = VitualDub
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"VQ2210" = DigitalCam Pro
"Web_3.0.3813.0" = Microsoft Expression Web 3
"webcam 7" = webcam 7
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Zattoo" = Zattoo 3.1.1 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.0
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm-Sicherheit Toolbar" = ZoneAlarm-Sicherheit Toolbar
"Zoo Tycoon 2" = Zoo Tycoon 2
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.10.2010 17:26:23 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 04.10.2010 17:26:23 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 04.10.2010 17:26:23 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 04.10.2010 17:26:23 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 04.10.2010 17:26:23 | Computer Name = ***s-PC | Source = Application Hang | ID = 1002
Description = Programm iTunes.exe, Version 10.0.1.22 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 6d4 Anfangszeit: 01cb63fe5beadaea Zeitpunkt der Beendigung:
28
Error - 04.10.2010 17:58:50 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 04.10.2010 19:27:48 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.10.2010 19:27:48 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1554565
Error - 04.10.2010 19:27:48 | Computer Name = ***s-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1554565
Error - 05.10.2010 08:28:50 | Computer Name = ***s-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1308 Anfangszeit: 01cb6488710cd7e7 Zeitpunkt der Beendigung:
4
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
05.10.2010, 16:03
| #4 |
| | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BOCode:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-05 16:33:19
Windows 6.0.6002 Service Pack 2
Running: 84dv22nv.exe; Driver: C:\Users\***\AppData\Local\Temp\kxlyrpoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0xA113E570]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcCreatePort [0xA113EE46]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xA113DFC6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xA1137884]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xA1158FA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xA113EAD0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xA113EC2E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xA11385B4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xA115AA50]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xA115A346]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xA115B41A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xA115B658]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0xA115BB0A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xA113816C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xA115C4E0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xA115BDD4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xA113DB5E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xA115CF40]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xA11389BE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xA115CA68]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xA1159A6A]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x91B96620]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 13D 822C08A0 8 Bytes [70, E5, 13, A1, 46, EE, 13, ...] {JO 0xffffffffffffffe7; ADC ESP, [ECX-0x5eec11ba]}
.text ntkrnlpa.exe!KeSetEvent + 1C1 822C0924 4 Bytes [C6, DF, 13, A1]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822C093C 4 Bytes [84, 78, 13, A1]
.text ntkrnlpa.exe!KeSetEvent + 1E9 822C094C 4 Bytes [A8, 8F, 15, A1]
.text ntkrnlpa.exe!KeSetEvent + 205 822C0968 4 Bytes JMP 58BFA113
.text ...
.text C:\Windows\system32\drivers\ACEDRV07.sys section is writeable [0x92328000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0x9236C000]
.relo2 C:\Windows\system32\drivers\ACEDRV07.sys unknown last section [0x92388000, 0x8E, 0x42000040]
C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl entry point in "" section [0xA7D16000]
.clc C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl unknown last section [0xA7D17000, 0x1000, 0x00000000]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\explorer.exe[4036] ntdll.dll!NtCreateThread 77C444F4 5 Bytes CALL 00870000
.text C:\Windows\explorer.exe[4036] ntdll.dll!NtProtectVirtualMemory 77C44D34 5 Bytes CALL 00850000
.text C:\Windows\explorer.exe[4036] ntdll.dll!NtCreateUserProcess 77C45804 5 Bytes CALL 00890000
.text C:\Windows\explorer.exe[4036] kernel32.dll!ExitProcess 779A41D8 5 Bytes CALL 008C0000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat 0x07 0xE7 0xEA 0xAE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
---- EOF - GMER 1.0.15 ----
|
|
05.10.2010, 17:08
| #5 |
| /// Malwareteam | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Schritt 1 Programme deinstallieren Da einige Programme und Anti-Spy-Programme uns u. U. bei der Bereinigung behindern (z. B. durch ständig laufende Hintergrundwächter), unnötig oder schädlich sind oder einfach nicht mehr gebraucht werden, bitte ich darum, die folgenden Programme über Systemsteuerung => Software komplett zu deinstallieren. Vorallem Ask muss weg. Die anderen Toolbars solltest Du Dir gut überlegen ob Du die wirklich brauchst. Wenn nicht dann weg damit: Code:
ATTFilter Ask.com
Ask Toolbar
Google Toolbar for Internet Explorer
DVDVideoSoft Toolbar
Yahoo! Toolbar
ICQToolbar
ZoneAlarm-Sicherheit Toolbar
Schritt 2 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010.08.29 23:17:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\toolbar@ask.com
[2010.05.26 15:18:50 | 000,002,333 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\askcom.xml
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKCU..\Run: [Acer Tour Reminder] File not found
O4 - HKCU..\Run: [PMCRemote] File not found
O4 - HKCU..\Run: [Res32] C:\Users\***\AppData\Roaming\Adobe\Update\dlgdo.exe ()
[2010.10.04 17:14:14 | 000,274,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe\Update\dlgdo.exe
:Commands
[purity]
[emptytemp]
Schritt 3 ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
|
|
05.10.2010, 20:01
| #6 |
| | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO 1 Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
Folder C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\toolbar@ask.com\ not found.
C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour Reminder deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Res32 deleted successfully.
File C:\UsersHauke\AppData\Roaming\Adobe\Update\dlgdo.exe not found.
C:\Users\Hauke\AppData\Roaming\Adobe\Update\dlgdo.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hauke
->Temp folder emptied: 8564388 bytes
->Temporary Internet Files folder emptied: 39473295 bytes
->Java cache emptied: 2676559 bytes
->FireFox cache emptied: 49301563 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 11068 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2082554 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 97,00 mb
OTL by OldTimer - Version 3.2.14.1 log created on 10052010_204945
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
06.10.2010, 12:20
| #7 |
| | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO 2 Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=47ff51b0a9257f459176dac5eabe05ca
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-05 08:06:59
# local_time=2010-10-05 10:06:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 356308 61205719 92706 0
# compatibility_mode=5892 16776573 100 100 20666 123838283 0 0
# compatibility_mode=8192 67108863 100 0 325 325 0 0
# compatibility_mode=9217 16777214 75 59 607304 8582785 0 0
# scanned=201085
# found=0
# cleaned=0
# scan_time=3664
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=47ff51b0a9257f459176dac5eabe05ca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-05 11:57:10
# local_time=2010-10-06 01:57:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775165 100 100 360021 61209432 96419 0
# compatibility_mode=5892 16776573 100 100 24379 123841996 0 0
# compatibility_mode=8192 67108863 100 0 4038 4038 0 0
# compatibility_mode=9217 16777214 75 59 611017 8586498 0 0
# scanned=453017
# found=0
# cleaned=0
# scan_time=13761
|
|
06.10.2010, 16:36
| #8 |
| /// Malwareteam | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Schritt 1 Temp File Cleaner Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Schritt 2 Erneuter Systemscan mit OTL
|
|
06.10.2010, 17:31
| #9 |
| | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Hier die beiden Logfiles. Danke soweit schonmal  Code:
ATTFilter OTL logfile created on: 06.10.2010 18:21:30 - Run 2 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Hauke\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 20,06 Gb Free Space | 8,76% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 33,77 Gb Free Space | 14,76% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 1397,26 Gb Total Space | 1087,31 Gb Free Space | 77,82% Space Free | Partition Type: NTFS Computer Name: HAUKES-PC Current User Name: Hauke Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Hauke\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LiveUpdate Notice Ex) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (w7Svc) -- D:\Programme2\webcam 7\wService.exe (Moonware Studios) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (vsdatant7) -- C:\Windows\System32\drivers\vsdatant.win7.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (EagleNT) -- C:\Windows\System32\drivers\EagleNT.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LITEON) DRV - (Ltn_stkrc) -- C:\Windows\System32\drivers\Ltn_stkrc.sys (LITEON) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (A_USBETHMP) -- C:\Windows\System32\drivers\usbethmp.sys (Intellon Corporation) DRV - (PLCNDIS5) -- C:\Windows\system32\plcndis5.sys (Intellon, Inc.) DRV - (V2210VID) -- C:\Windows\System32\drivers\V2210vid.sys (Unknown) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://taz.de/" FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}:2.7.1.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://meine-startseite.computerbild.de/hauptbahnhof/Haukes Startseite" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.04 17:32:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.16\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.04 17:32:45 | 000,000,000 | ---D | M] [2009.05.08 13:23:20 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions [2008.05.21 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2010.10.06 15:30:39 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions [2010.10.06 15:30:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.11.20 18:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2009.12.05 22:36:28 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.09.08 17:03:46 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.08 16:58:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.05.18 17:58:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010.04.23 17:29:46 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2010.01.01 16:29:04 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.01.04 00:43:47 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.09.28 20:25:55 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Toolbar) -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2010.08.26 17:15:35 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\battlefieldheroespatcher@ea.com [2010.06.22 18:27:31 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\eafo3fflauncher@ea.com [2010.10.06 15:30:19 | 000,000,000 | ---D | M] -- C:\Users\Hauke\AppData\Roaming\mozilla\Firefox\Profiles\ze1nkspb.default\extensions\staged-xpis [2010.08.27 23:04:54 | 000,000,943 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\conduit.xml [2010.09.29 20:25:29 | 000,000,950 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-1.xml [2009.08.11 18:42:54 | 000,000,961 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-2.xml [2009.09.13 17:39:22 | 000,000,666 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-3.xml [2009.11.02 21:34:59 | 000,000,961 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-4.xml [2009.11.07 19:51:41 | 000,000,961 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-5.xml [2009.12.17 17:58:07 | 000,000,961 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin-6.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\icqplugin.xml [2009.05.21 15:46:36 | 000,001,632 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\live-search.xml [2010.01.04 00:43:35 | 000,003,915 | ---- | M] () -- C:\Users\Hauke\AppData\Roaming\Mozilla\FireFox\Profiles\ze1nkspb.default\searchplugins\sweetim.xml [2010.10.03 22:18:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.01.24 00:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.12 17:38:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.12 17:38:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.12 17:38:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.12 17:38:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.12 17:38:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Free YouTube Download - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Value error. File not found O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Hauke\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.06 17:54:37 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Hauke\Desktop\TFC.exe [2010.10.05 21:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.10.05 20:49:45 | 000,000,000 | ---D | C] -- C:\_OTL [2010.10.05 14:25:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe [2010.10.04 18:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ATS [2010.10.04 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\PCF-VLC [2010.10.04 17:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010.10.04 17:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010.10.04 17:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2010.10.04 17:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2010.09.29 17:02:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010.09.28 20:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2010.09.28 20:20:58 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2010.09.28 20:20:41 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll [2010.09.28 20:19:41 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2010.09.28 20:18:49 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2010.09.28 20:18:49 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2010.09.28 20:18:09 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll [2010.09.28 20:17:54 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll [2010.09.28 20:17:51 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll [2010.09.28 20:17:39 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll [2010.09.28 20:17:38 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll [2010.09.28 20:17:31 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll [2010.09.28 20:16:49 | 000,457,304 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys [2010.09.28 20:16:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs [2010.09.28 20:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs [2010.09.28 20:14:25 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.09.28 20:14:20 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.09.28 20:14:10 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll [2010.09.28 20:14:09 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll [2010.09.28 15:19:00 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\SUPERAntiSpyware.com [2010.09.28 15:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010.09.28 15:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010.09.27 22:30:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.09.27 20:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis [2010.09.26 22:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.09.25 19:08:49 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.09.25 13:33:57 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Malwarebytes [2010.09.25 13:33:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.25 13:33:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.25 13:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.25 13:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.21 19:35:48 | 000,000,000 | ---D | C] -- C:\Users\Hauke\Documents\Schöningh [2010.09.17 18:26:49 | 000,000,000 | ---D | C] -- C:\Users\Hauke\Desktop\PLAKATE [2010.09.15 17:10:36 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL [2010.09.08 18:55:04 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\Philipp Winterberg [2010.09.08 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\RarZilla Free Unrar [2010.09.08 16:58:45 | 000,000,000 | ---D | C] -- C:\Users\Hauke\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.09.06 19:37:25 | 000,000,000 | ---D | C] -- C:\Users\Hauke\Desktop\LOGO [2010.01.20 17:14:50 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\V2210dec.dll [2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== File not found -- C:\Users\Hauke\splinter cell [2010.10.06 18:20:41 | 005,242,880 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT [2010.10.06 18:01:22 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2010.10.06 17:58:56 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.06 17:58:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.06 17:58:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.06 17:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.06 17:58:37 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.10.06 17:57:53 | 000,524,288 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000001.regtrans-ms [2010.10.06 17:57:53 | 000,065,536 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TM.blf [2010.10.06 17:57:51 | 004,025,612 | -H-- | M] () -- C:\Users\Hauke\AppData\Local\IconCache.db [2010.10.06 17:54:38 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hauke\Desktop\TFC.exe [2010.10.06 16:45:05 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1DB327C0-63D8-4FDD-85A5-CD223743BA19}.job [2010.10.06 13:19:13 | 000,224,256 | ---- | M] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.05 20:57:05 | 002,672,312 | ---- | M] () -- C:\Users\Hauke\Desktop\esetsmartinstaller_enu.exe [2010.10.05 16:34:55 | 781,024,650 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.05 15:23:50 | 000,293,376 | ---- | M] () -- C:\Users\Hauke\Desktop\84dv22nv.exe [2010.10.05 15:17:21 | 000,000,000 | ---- | M] () -- C:\Users\Hauke\defogger_reenable [2010.10.05 15:16:12 | 000,050,477 | ---- | M] () -- C:\Users\Hauke\Desktop\Defogger.exe [2010.10.05 14:25:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Hauke\Desktop\OTL.exe [2010.10.04 19:30:17 | 004,063,232 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010.10.04 19:30:17 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010.10.04 19:30:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010.10.04 17:36:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.04 17:32:32 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.04 17:19:41 | 000,002,613 | ---- | M] () -- C:\Users\Hauke\Desktop\HiJackThis.lnk [2010.10.04 00:22:16 | 000,000,680 | RHS- | M] () -- C:\Users\Hauke\ntuser.pol [2010.10.04 00:06:46 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2010.10.03 17:49:12 | 000,008,592 | ---- | M] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat [2010.09.29 23:59:01 | 000,174,324 | ---- | M] () -- C:\Users\Hauke\Desktop\cc_20100929_235655.reg [2010.09.28 20:31:16 | 000,420,800 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.09.28 20:24:13 | 000,000,835 | ---- | M] () -- C:\Users\Hauke\Desktop\ZoneAlarm Security.lnk [2010.09.28 20:24:11 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2010.09.28 15:18:58 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.27 23:07:56 | 000,040,375 | ---- | M] () -- C:\Users\Hauke\Desktop\bootkit_remover.rar [2010.09.27 22:01:21 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.26 22:48:48 | 000,000,768 | ---- | M] () -- C:\Users\Hauke\Desktop\CCleaner.lnk [2010.09.25 18:58:25 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.25 18:58:25 | 000,052,741 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.25 15:40:13 | 000,142,712 | ---- | M] () -- C:\Users\Hauke\AppData\Local\GDIPFONTCACHEV1.DAT [2010.09.25 15:38:52 | 000,444,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.09.25 13:33:52 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.25 01:01:30 | 000,524,288 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000002.regtrans-ms [2010.09.25 00:42:08 | 000,524,288 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.09.25 00:42:08 | 000,065,536 | -HS- | M] () -- C:\Users\Hauke\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.09.23 15:38:47 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.09.23 15:38:36 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010.09.21 22:31:33 | 002,865,280 | ---- | M] () -- C:\Users\Hauke\Desktop\YouTube - King of the Bongo.mp3 [2010.09.21 15:09:03 | 000,072,792 | ---- | M] () -- C:\Users\Hauke\Desktop\BLFImSickOfIt.jpg [2010.09.20 21:26:46 | 000,110,691 | ---- | M] () -- C:\Users\Hauke\Desktop\rickshaw2.jpg [2010.09.20 16:32:50 | 000,001,398 | ---- | M] () -- C:\Users\Hauke\Desktop\DivX Movies.lnk [2010.09.20 16:31:53 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.09.19 02:04:25 | 000,015,402 | ---- | M] () -- C:\Users\Hauke\Desktop\Profil2.jpg [2010.09.19 01:57:16 | 000,015,869 | ---- | M] () -- C:\Users\Hauke\Desktop\Profil.jpg [2010.09.18 23:31:36 | 000,169,827 | -H-- | M] () -- C:\Users\Hauke\Desktop\mxfilerelatedcache.mxc2 [2010.09.15 18:21:56 | 001,174,016 | ---- | M] () -- C:\Users\Hauke\Desktop\Aufwärmen.doc [2010.09.12 22:07:37 | 000,249,693 | ---- | M] () -- C:\Users\Hauke\Desktop\LOGO (2).zip [2010.09.12 22:06:39 | 000,072,776 | ---- | M] () -- C:\Users\Hauke\Desktop\SV LOGO3.jpg [2010.09.12 22:02:28 | 000,077,197 | ---- | M] () -- C:\Users\Hauke\Desktop\SV LOGO2.jpg [2010.09.12 21:58:25 | 000,099,042 | ---- | M] () -- C:\Users\Hauke\Desktop\SV LOGO´1.pdn [2010.09.12 21:58:08 | 000,072,449 | ---- | M] () -- C:\Users\Hauke\Desktop\SV LOGO.jpg [2010.09.12 01:54:16 | 000,137,770 | ---- | M] () -- C:\Users\Hauke\Desktop\SV logo.pdn [2010.09.12 01:49:51 | 000,043,339 | ---- | M] () -- C:\Users\Hauke\Desktop\Logo.2.2.jpg [2010.09.12 01:49:42 | 000,049,155 | ---- | M] () -- C:\Users\Hauke\Desktop\Logo.2.2.png [2010.09.12 01:47:56 | 000,049,011 | ---- | M] () -- C:\Users\Hauke\Desktop\Logo.2.png [2010.09.11 17:52:33 | 000,054,474 | ---- | M] () -- C:\Users\Hauke\Desktop\Logo.2.jpg [2010.09.11 17:51:53 | 000,043,456 | ---- | M] () -- C:\Users\Hauke\Desktop\logo.2.1.jpg [2010.09.11 17:45:51 | 000,061,570 | ---- | M] () -- C:\Users\Hauke\Desktop\logo.2.1.png [2010.09.09 19:33:14 | 000,006,144 | -H-- | M] () -- C:\Users\Hauke\photothumb.db [2010.09.09 19:33:04 | 000,059,392 | -H-- | M] () -- C:\Users\Hauke\Desktop\photothumb.db [2010.09.08 18:54:56 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk [2010.09.08 17:03:17 | 004,972,672 | ---- | M] () -- C:\Users\Hauke\Desktop\Charlie Chaplin-Funny song- Modern Times.mp3 [2010.09.08 16:58:34 | 000,000,996 | ---- | M] () -- C:\Users\Hauke\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts [2010.09.07 23:29:00 | 000,081,282 | ---- | M] () -- C:\Users\Hauke\Desktop\die chance nutzen.png [2010.09.06 19:30:49 | 000,168,561 | ---- | M] () -- C:\Users\Hauke\Desktop\Logo.zip ========== Files Created - No Company Name ========== [2010.10.05 20:56:57 | 002,672,312 | ---- | C] () -- C:\Users\Hauke\Desktop\esetsmartinstaller_enu.exe [2010.10.05 16:34:55 | 781,024,650 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.10.05 15:23:47 | 000,293,376 | ---- | C] () -- C:\Users\Hauke\Desktop\84dv22nv.exe [2010.10.05 15:17:21 | 000,000,000 | ---- | C] () -- C:\Users\Hauke\defogger_reenable [2010.10.05 15:16:10 | 000,050,477 | ---- | C] () -- C:\Users\Hauke\Desktop\Defogger.exe [2010.10.04 19:29:53 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010.10.04 19:29:53 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010.10.04 19:29:52 | 004,063,232 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010.10.04 17:36:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.10.04 17:32:32 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.10.04 00:22:16 | 000,000,680 | RHS- | C] () -- C:\Users\Hauke\ntuser.pol [2010.10.03 22:39:33 | 3220,692,992 | -HS- | C] () -- C:\hiberfil.sys [2010.09.29 23:57:16 | 000,174,324 | ---- | C] () -- C:\Users\Hauke\Desktop\cc_20100929_235655.reg [2010.09.28 20:24:13 | 000,000,835 | ---- | C] () -- C:\Users\Hauke\Desktop\ZoneAlarm Security.lnk [2010.09.28 20:21:04 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml [2010.09.28 20:16:49 | 000,420,800 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.09.28 15:18:58 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2010.09.27 23:07:53 | 000,040,375 | ---- | C] () -- C:\Users\Hauke\Desktop\bootkit_remover.rar [2010.09.27 22:00:36 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.09.27 20:16:02 | 000,002,613 | ---- | C] () -- C:\Users\Hauke\Desktop\HiJackThis.lnk [2010.09.26 22:48:48 | 000,000,768 | ---- | C] () -- C:\Users\Hauke\Desktop\CCleaner.lnk [2010.09.25 13:33:52 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.25 00:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000002.regtrans-ms [2010.09.25 00:43:18 | 000,524,288 | -HS- | C] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TMContainer00000000000000000001.regtrans-ms [2010.09.25 00:43:18 | 000,065,536 | -HS- | C] () -- C:\Users\Hauke\NTUSER.DAT{152eacd7-c82d-11df-8fc1-001c25273050}.TM.blf [2010.09.21 22:26:27 | 002,865,280 | ---- | C] () -- C:\Users\Hauke\Desktop\YouTube - King of the Bongo.mp3 [2010.09.20 21:26:45 | 000,110,691 | ---- | C] () -- C:\Users\Hauke\Desktop\rickshaw2.jpg [2010.09.19 02:04:22 | 000,015,402 | ---- | C] () -- C:\Users\Hauke\Desktop\Profil2.jpg [2010.09.19 01:57:14 | 000,015,869 | ---- | C] () -- C:\Users\Hauke\Desktop\Profil.jpg [2010.09.15 17:59:42 | 001,174,016 | ---- | C] () -- C:\Users\Hauke\Desktop\Aufwärmen.doc [2010.09.12 22:07:17 | 000,249,693 | ---- | C] () -- C:\Users\Hauke\Desktop\LOGO (2).zip [2010.09.12 22:06:21 | 000,072,776 | ---- | C] () -- C:\Users\Hauke\Desktop\SV LOGO3.jpg [2010.09.12 22:02:24 | 000,077,197 | ---- | C] () -- C:\Users\Hauke\Desktop\SV LOGO2.jpg [2010.09.12 21:58:23 | 000,099,042 | ---- | C] () -- C:\Users\Hauke\Desktop\SV LOGO´1.pdn [2010.09.12 21:58:03 | 000,072,449 | ---- | C] () -- C:\Users\Hauke\Desktop\SV LOGO.jpg [2010.09.12 01:49:49 | 000,043,339 | ---- | C] () -- C:\Users\Hauke\Desktop\Logo.2.2.jpg [2010.09.12 01:49:40 | 000,049,155 | ---- | C] () -- C:\Users\Hauke\Desktop\Logo.2.2.png [2010.09.11 17:52:31 | 000,054,474 | ---- | C] () -- C:\Users\Hauke\Desktop\Logo.2.jpg [2010.09.11 17:51:51 | 000,043,456 | ---- | C] () -- C:\Users\Hauke\Desktop\logo.2.1.jpg [2010.09.11 17:45:49 | 000,061,570 | ---- | C] () -- C:\Users\Hauke\Desktop\logo.2.1.png [2010.09.11 17:45:33 | 000,049,011 | ---- | C] () -- C:\Users\Hauke\Desktop\Logo.2.png [2010.09.08 18:54:56 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\RarZilla Free Unrar.lnk [2010.09.08 17:02:50 | 004,972,672 | ---- | C] () -- C:\Users\Hauke\Desktop\Charlie Chaplin-Funny song- Modern Times.mp3 [2010.09.08 16:58:34 | 000,000,996 | ---- | C] () -- C:\Users\Hauke\Desktop\DVDVideoSoft Free Studio.lnk [2010.09.07 23:28:57 | 000,081,282 | ---- | C] () -- C:\Users\Hauke\Desktop\die chance nutzen.png [2010.09.07 23:10:02 | 000,137,770 | ---- | C] () -- C:\Users\Hauke\Desktop\SV logo.pdn [2010.09.06 18:54:26 | 000,168,561 | ---- | C] () -- C:\Users\Hauke\Desktop\Logo.zip [2010.06.19 11:58:58 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.06.19 11:58:45 | 000,052,741 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.06.04 20:54:11 | 000,017,408 | ---- | C] () -- C:\Users\Hauke\AppData\Local\WebpageIcons.db [2010.05.30 21:04:01 | 001,028,096 | ---- | C] () -- C:\Windows\System32\HDX4MediaConverter2.dll [2010.03.02 00:48:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.28 23:32:40 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2010.01.20 17:14:50 | 000,028,672 | ---- | C] () -- C:\Windows\vqsetup.dll [2009.10.18 17:43:29 | 000,008,570 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2009.09.11 19:08:48 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.09.11 19:08:47 | 000,139,152 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\PnkBstrK.sys [2009.09.03 22:02:45 | 000,045,056 | ---- | C] () -- C:\Windows\System32\lexazdll32.dll [2009.08.31 13:03:42 | 000,262,144 | ---- | C] () -- C:\Windows\System32\EMRegSys.dll [2009.08.18 17:24:43 | 000,000,551 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\AutoGK.ini [2009.08.07 23:46:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.19 20:13:39 | 000,000,099 | ---- | C] () -- C:\Windows\galaxy.ini [2009.05.12 15:51:31 | 000,000,660 | ---- | C] () -- C:\Windows\ODBC.INI [2009.04.13 01:02:06 | 000,012,437 | ---- | C] () -- C:\Users\Hauke\AppData\Roaming\UserTile.png [2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.01.22 17:12:15 | 000,000,093 | ---- | C] () -- C:\Users\Hauke\AppData\Local\fusioncache.dat [2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2008.11.25 16:01:16 | 000,299,008 | ---- | C] () -- C:\Windows\System32\midas.dll [2008.11.25 16:01:16 | 000,120,320 | ---- | C] () -- C:\Windows\System32\UnzDll.dll [2008.11.25 15:55:52 | 000,000,043 | ---- | C] () -- C:\Windows\Caligari.ini [2008.07.04 22:02:52 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini [2008.06.27 17:38:58 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2008.06.27 17:38:58 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2008.06.11 20:11:29 | 000,226,302 | ---- | C] () -- C:\Users\Hauke\AppData\Local\Temppenciltemp.png [2008.06.01 22:07:41 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2008.05.29 20:36:11 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll [2008.05.29 20:36:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2008.05.26 18:51:01 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll [2008.05.26 18:51:01 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini [2008.05.26 18:50:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.05.26 18:47:43 | 000,000,027 | ---- | C] () -- C:\Windows\CDE CX3600FGD.ini [2008.05.25 21:22:42 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.05.22 21:28:50 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll [2008.05.08 19:56:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2008.04.19 17:06:46 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2008.04.18 22:25:27 | 000,442,368 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2008.04.18 19:08:50 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll [2008.04.18 19:03:27 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini [2008.04.15 21:50:36 | 000,224,256 | ---- | C] () -- C:\Users\Hauke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.15 21:05:18 | 000,138,752 | ---- | C] () -- C:\Windows\System32\MASE32.DLL [2008.04.15 21:05:17 | 000,196,096 | ---- | C] () -- C:\Windows\System32\MACD32.DLL [2008.04.15 21:05:17 | 000,136,192 | ---- | C] () -- C:\Windows\System32\MAMC32.DLL [2008.04.15 21:05:17 | 000,057,856 | ---- | C] () -- C:\Windows\System32\MASD32.DLL [2008.04.15 21:05:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\MA32.DLL [2008.04.15 19:42:07 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.04.15 19:42:07 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.04.15 19:22:52 | 000,008,592 | ---- | C] () -- C:\Users\Hauke\AppData\Local\d3d9caps.dat [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 09:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.12.07 01:57:19 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.02.05 21:46:00 | 000,004,608 | ---- | C] () -- C:\Windows\fgexec.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:0CE7F3C9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 06.10.2010 18:21:30 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Hauke\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 20,06 Gb Free Space | 8,76% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 33,77 Gb Free Space | 14,76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1397,26 Gb Total Space | 1087,31 Gb Free Space | 77,82% Space Free | Partition Type: NTFS
Computer Name: HAUKES-PC
Current User Name: Hauke
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{282C987F-7F6F-4A7F-9794-46C188A34E2D}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{36243253-E19F-4273-9768-2CEE152BCD3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44242F98-D4B0-42F4-838B-1AF1620C1B9E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{59D5121B-FF05-4D6A-9264-EA17017C50F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6D5D3221-0FAF-4EAC-8D25-3D11E015CE77}" = rport=2869 | protocol=6 | dir=out | app=system |
"{826BEA83-0DE7-4F81-AC3C-6343B02EA7A8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AF2B5EB-4A00-4B02-BA2A-C70599F59A18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BF766753-76BD-4F57-937C-1E5D9858E356}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C7171238-94E1-42F2-A53A-B0BE7847B26B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F27B4A21-6B78-4C5F-9E4A-3FE4169E1A23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B0A50E-00BF-4AD5-A9EA-7CB04089F089}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{08917A68-9F00-4FD6-BC6E-0811EE62BA55}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{092D9FD4-9315-4860-8C15-35D27762E64E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0BC4EAD2-5EDC-47F6-960B-7A6C03357683}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{1DDFAFDA-E343-4D84-BE4D-F055CE0F0819}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{2347661D-BCF9-431B-96F0-84D03336B41D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{29EB6D01-9FC4-4C73-A719-76098D328167}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2CAF8F7F-4018-449F-A320-06FCBECA7B92}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3738926D-03BB-40CB-8929-1B84147C4419}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{3E1A7721-81FD-4D6A-9799-5F4CF196492D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{48479F0D-A229-4B88-AE0F-A9F4CAA3866E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{48B8001C-9F90-4B59-A852-29235EEEE6D6}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B4DBD99-71D3-41E7-A293-DBF5364CDD6C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{4F6A9D0A-B2C6-4466-BDA3-A9E8A04CA573}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{513ED057-3824-4927-B104-F713836596E8}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe |
"{53946808-0485-4BC6-AF97-9978117E9E44}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{53DBA6AB-B590-462B-99E7-051089082179}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{57EF81D5-1F99-4371-B78D-B2199531A19B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{5AF8FA0D-31B4-4BB3-BB06-7468299131E1}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{603E1AC3-1B95-432F-BFFC-923DE68CD193}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{613EC548-2ADC-4F36-AB4D-D92E1B7D62BC}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{668B9D30-8C28-4862-BCE1-8A68B4DE5FB4}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{695E9E79-C11B-49E8-9FD5-18A894522ECB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{69F69489-C87E-4521-8A5A-80841CC67EE8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6BA6BAE5-3888-4DCF-8B65-20605C873AE9}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{741E8BE9-4852-4E4F-8791-EFA7C8F8E713}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{7BA1B465-7412-4EBA-BF21-D7AF309A0289}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{82B856C5-BE0F-43F0-B96B-E77DDDD14844}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8C4C74ED-D6A7-4AF4-9CDE-7E72B903A9FD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8EE41AAF-5693-447D-A63C-B8584B9DDA1F}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for psp\mediamanager.exe |
"{903A37DB-784F-464B-943C-203538F2C813}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{95B812B6-B8EC-4E56-AB88-727F45A55771}" = protocol=17 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{9AD356BB-9631-4CDA-A902-E678C0D0F631}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{9F2DD910-5EF3-446A-A2F9-CE06248B10E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC16DC45-AB0E-4315-A498-D953A24414AE}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{ACE08E08-E81A-44EA-9A1E-CC6F590CD48E}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{B1FA972A-E777-4071-AC67-E075667091B5}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe |
"{B21EBDD6-A628-48A9-AEE6-78777FBB8614}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4006B54-CCDF-4253-9413-949274A89576}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B599EE23-7780-4793-A7B8-C86D398C1B33}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{BB355F37-060D-4046-BF6A-6772FD3DDECD}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{CED2353B-7772-440B-8F35-7EEF30B1FDB3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D0A24811-3314-41B6-8922-730F79DDD02D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"{D2FC5796-A451-4BC3-BE9E-6BA50D4E5EE3}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\pmsregisterfile.exe |
"{E582B88F-1D95-4D09-9841-58E0F617124B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{EE67895E-F5B7-47CA-BD80-8D6113EF06E1}" = protocol=6 | dir=in | app=d:\programme2\icq6.5\icq.exe |
"{EF096C5B-BB54-4A51-8A4A-17879E1BD68A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{F2619CE5-966E-4273-B4DD-7EF841426F2F}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{F9FA0F5A-23C5-4CB4-9BCD-D087CB1931FF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{1169FD75-7D6C-4BFA-B19C-A019824C0865}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{249284C7-5BF8-491F-B682-E83A8B076AF6}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{2A94DF59-4ACB-45DE-824B-C9F8AD62E750}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2AA6FA3F-4E84-4CB1-A853-A65214C37331}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{2FA6E06F-3880-4B10-BD1F-8B23D6193CFD}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"TCP Query User{44CDA926-47B8-49E9-9F1F-8F372FB6FF24}D:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=d:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe |
"TCP Query User{4F786191-C063-4B44-A303-15143E27E14B}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"TCP Query User{500F8F9A-1ABB-468B-AAD7-79BF1D1852CE}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=6 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"TCP Query User{5978676B-3C02-4922-AEF5-BFF83C03615B}K:\operator-3.5\operator\opera\opera.exe" = protocol=6 | dir=in | app=k:\operator-3.5\operator\opera\opera.exe |
"TCP Query User{702B988E-95FF-4C60-97D1-D781AB868D1B}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{BDC22EB9-FEFF-495A-B857-C4192F0F15F8}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{C786E74F-BE51-4145-B52F-15C571F1C577}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{E38739B0-9A15-4A77-86FB-0E1366225B8C}C:\program files\aspyr media, inc\thaw\game\thaw.exe" = protocol=6 | dir=in | app=c:\program files\aspyr media, inc\thaw\game\thaw.exe |
"TCP Query User{F02084AE-59C1-45DA-8A75-0954479CE501}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{F21A8AD2-2A83-4055-85F1-3D1C045E7640}D:\programme2\fifa10.exe" = protocol=6 | dir=in | app=d:\programme2\fifa10.exe |
"UDP Query User{1789791A-FB2D-4F59-AE59-60D40B3E4392}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{46B59A63-9166-42CF-BA79-0745582A7DF3}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{46D15242-D509-4B3F-A037-8D873834A0F6}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{64B88066-0FB6-4922-A749-E19B339F0ABA}K:\operator-3.5\operator\opera\opera.exe" = protocol=17 | dir=in | app=k:\operator-3.5\operator\opera\opera.exe |
"UDP Query User{749D1C72-55DF-423A-87B8-C1AB468D9960}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe" = protocol=17 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus_dedicatedserver.exe |
"UDP Query User{7CC0A4BA-9FEF-48C2-A623-EA1A44BCC0E2}C:\program files\aspyr media, inc\thaw\game\thaw.exe" = protocol=17 | dir=in | app=c:\program files\aspyr media, inc\thaw\game\thaw.exe |
"UDP Query User{992FECE7-D97A-4E58-ABDC-9BD77A308209}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{994FF1F2-F725-400A-84F3-CD17C09B71B4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A24828E5-29C2-4731-89E2-4041471490E1}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{AAD11887-4E90-4D80-86F1-C5753D19A53E}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{BD4FB4BE-5D93-4A48-BA97-9B9FF4EDB892}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C29D7220-4699-4C7D-AC0E-844A7FF2C9E6}D:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=d:\users\hauke\documents\stronghold crusader\stronghold crusader\stronghold crusader.exe |
"UDP Query User{C84D02DA-5944-4120-96BD-811E8ED2DBB8}D:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=d:\programme2\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe |
"UDP Query User{DCB28C10-AEF2-4C74-A345-562B02352362}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{F248228B-F5A0-4B9F-951D-8944973CB89D}D:\programme2\fifa10.exe" = protocol=17 | dir=in | app=d:\programme2\fifa10.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{090A0EB4-FC4E-4D24-0001-04C3FA6538B1}" = MyTube BigPack Internet Recorder 3 Free
"{0D8A8C0F-79BA-49EE-B9F5-4FB01E864C35}" = Tom Clancy's Splinter Cell 3 - Chaos Theory Demo
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{11C88EEC-23FC-4181-B6E4-22247E2ABD28}" = Microsoft Expression Web 3
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 (Beta)
"{20140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 (Beta)
"{20140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 (Beta)
"{20140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 (Beta)
"{20140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 (Beta)
"{20140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 (Beta)
"{20140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 (Beta)
"{20140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 (Beta)
"{20140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 (Beta)
"{20140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 (Beta)
"{20140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 (Beta)
"{20140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21C6344A-918B-4D35-ADB6-7614F97B78EA}" = Sony Media Manager for PSP 3.0
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{31CF6C0E-51F0-41D2-B088-A6A143C4303C}" = SweetIM Toolbar for Internet Explorer 3.6
"{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C3EF687-803F-4825-B815-04AE32DDEB41}" = YAVIDO
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{5628829F-3318-4DDA-988D-D301832F1611}" = Singles
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{628697C2-7F0E-40D2-8020-A147B3090F60}" = MorphVOX Pro
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78699791-0625-4667-9E70-626A1CCEC94D}" = 3D Canvas
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7CDA2B02-E0A4-4EB5-8533-050D535BA43A}" = Media Converter for Philips
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{83467AF1-C7D8-4138-0095-AB308887A9FB}" = NBA LIVE 2004
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A6AD979-8170-49ED-8529-14174317B281}" = SA60xx Device Manager
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A174402A-2EE6-4B86-A930-7BC85A9933BD}" = Tom Clancy's Splinter Cell
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A863F2EF-443D-429C-9DCD-9234BEB8142A}" = Scrapland
"{A919AABD-61FA-4E16-0000-26966C3D2481}" = GameJack 6
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B246C325-1C49-4572-8665-7691EFE1D06B}" = MGI VideoWave 4
"{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}" = PlayStation(R)Network Downloader
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C06A7DAC-1708-417C-B694-28C84DFE2DF9}" = The Movies(TM) Stunts & Spezialeffekte
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Süß & Schrecklich Ergänzungs-Pack
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9DC3EE4-7A92-F473-510D-48A5EAD52845}" = ATI Catalyst Install Manager
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D92F1880-822A-41CA-0090-451FBB89BF4C}" = FIFA Fussball-Weltmeisterschaft 2006 (TM)
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF6F459C-8B89-4F88-B63F-A2E136BB6B79}" = SweetIM for Messenger 2.8
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E37AC1FF-03EE-4AE3-0001-E55B0BCCABE0}" = MyTube BigPack 3 CHIP-Edition
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2004
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Alien Arena 2008_is1" = Alien Arena 2008 7.21
"All Out Race" = All Out Race
"Ashampoo ClipFisher_is1" = Ashampoo ClipFisher1.21
"Ashampoo Cover Studio 2009_is1" = Ashampoo Cover Studio 2009
"AsUninst.exe" = Anvil Studio
"ATI Uninstaller" = ATI Uninstaller
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Beneton Movie GIF_is1" = Beneton Movie GIF 1.1.2
"Blender" = Blender (remove only)
"CAM-IN SUITE III" = CAM-IN SUITE III
"CCleaner" = CCleaner
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"City Life" = City Life
"DivX Setup.divx.com" = DivX-Setup
"dlanconf" = devolo dLAN-Konfigurationsassistent
"doPDF 6 printer_is1" = doPDF 6.3 printer
"dslmon" = devolo Informer
"dtvlexikon2006_is1" = dtv-Lexikon 1.0
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Einsteiger-Sprachkurs Spanisch" = Einsteiger-Sprachkurs Spanisch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESCX3600 Referenzhandbuch" = ESCX3600 Referenzhandbuch
"ESCX3600 Softwarehandbuch" = ESCX3600 Softwarehandbuch
"ESET Online Scanner" = ESET Online Scanner v3
"Fiesta Online" = Fiesta Online 1.01.000
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"FLV Player" = FLV Player 2.0, build 24
"FontCreator6_is1" = High-Logic FontCreator 6.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Fire Screensaver" = Free Fire Screensaver
"Free Studio_is1" = Free Studio version 4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Freedom Force vs The 3rd Reich" = Freedom Force vs The 3rd Reich (remove only)
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM) Stunts & Spezialeffekte
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Music Maker 2007 D" = MAGIX Music Maker 2007 (D)
"MAGIX Music Maker Basic Edition UK" = MAGIX Music Maker Basic Edition 12.1.0.3 (UK)
"MAGIX Music Maker for MySpace D" = MAGIX Music Maker for MySpace 15.0.1.8 (D)
"MAGIX Music Maker Rock Edition D" = MAGIX Music Maker Rock Edition 4.0.0.13 (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"MAGIX Video deluxe 15 Plus D" = MAGIX Video deluxe 15 Plus 8.0.0.62 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Miro" = Miro
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.0.1.229 (D)
"myGamersCam" = myGamersCam 1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pen Tablet Driver" = Stifttablett
"PhotoScape" = PhotoScape
"PSP Video 9" = PSP Video 9 2.25
"PunkBusterSvc" = PunkBuster Services
"RalliSport Challenge 1.0" = Microsoft RalliSport Challenge
"RarZilla Free Unrar" = RarZilla Free Unrar
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva (remove only)
"Schmaili_is1" = Schmaili 9.0
"Scribus 1.3.5" = Scribus 1.3.5.1
"SimPE_is1" = SimPE 0.58b (alpha)
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TmNationsForever_is1" = TmNationsForever
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Tunatic" = Tunatic
"Uninstall_is1" = Uninstall 1.0.0.1
"V2210" = DigitalCam Pro
"VitualDub" = VitualDub
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"VQ2210" = DigitalCam Pro
"Web_3.0.3813.0" = Microsoft Expression Web 3
"webcam 7" = webcam 7
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Zattoo" = Zattoo 3.1.1 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZDFmediathek_is1" = ZDFmediathek Version 1.4.0
"ZoneAlarm" = ZoneAlarm
"Zoo Tycoon 2" = Zoo Tycoon 2
"Zulu" = Zulu DJ Software
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2010 10:55:23 | Computer Name = Haukes-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.8326.0, Zeitstempel
0x4c1c23b8, fehlerhaftes Modul wininet.dll, Version 7.0.6002.18278, Zeitstempel
0x4c2a15c0, Ausnahmecode 0xc0000005, Fehleroffset 0x00091838, Prozess-ID 0x11e8,
Anwendungsstartzeit 01cb649d4f2429f9.
Error - 05.10.2010 10:55:53 | Computer Name = Haukes-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung WINWORD.EXE, Version 11.0.8326.0, Zeitstempel
0x4c1c23b8, fehlerhaftes Modul wininet.dll, Version 7.0.6002.18278, Zeitstempel
0x4c2a15c0, Ausnahmecode 0xc0000005, Fehleroffset 0x00091838, Prozess-ID 0x108c,
Anwendungsstartzeit 01cb649d6081a8d9.
Error - 06.10.2010 02:39:30 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 06.10.2010 02:39:30 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18211899
Error - 06.10.2010 02:39:30 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18211899
Error - 06.10.2010 07:29:36 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.10.2010 07:29:36 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.10.2010 07:29:36 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.10.2010 07:29:36 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 06.10.2010 07:29:36 | Computer Name = Haukes-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
06.10.2010, 17:36
| #10 |
| /// Malwareteam | Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Logfile ist sauber  Hier noch die letzten paar Schritte zur Säuberung Deines Rechners. Schritt 1 Systemwiederherstellungpunkte leeren Windows +E Taste drücken --> Rechtsklick über Laufwerk C --> Eigenschaften --> Bereinigen --> weitere Optionen --> Systemwiederherstellung und Schattenkopien bereinigen. Schritt 2 Tool CleanUp Starte bitte die OTL.exe. Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen. Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren. Schritt 3 Automatische Updates Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten. Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl und klicke auf OK. Stelle sicher das die automatischen Updates aktiviert sind. Schritt 4 Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
Schritt 5 Tipps für sicheres Surfen Das sind meine Vorschläge. Verwende einen alternativen Browser statt den IE. Ich empfehle Mozilla Firefox. Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
Don'ts
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann. |
|
06.10.2010, 22:17
| #11 |
| |  Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO Vielen Dank für die Hilfe!!! Bis jetzt gab es auch noch keine Meldung mehr, und mein PC läuft so weit wieder einwandfrei! Hoffe mal, dass das das letzte mal war, dass ich hier Hilfe brauchte, werde euch aber auf jeden fall weiterempfehlen. Werde jetzt erstmal alle Aktualisierungen machen. Tschüss! |
|
| Themen zu Meldung: Windows wird in weniger als einer Minute..., AntiVir-Fund: JAVA/ClassLoader.BO |
| anti-malware, appdata, browser, datei, dateien, erste mal, explorer, firefox, generic, helper, icq, java, java/classloader.bo, langsam, local\temp, löschen, microsoft, monte, neustart, problem, probleme, programm, programm reagiert nicht, reagiert nicht, scan, sehr langsam, software, temp, trojan, trojan.bho, virus, windows |
Textbox.
.
.
Button.
Linear-Darstellung
