Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   SuperAntiSpyware Log Auswertung (https://www.trojaner-board.de/105686-superantispyware-log-auswertung.html)

laggy 02.12.2011 13:10
SuperAntiSpyware Log Auswertung
 
Hallo Zusammen,

nachdem gestern zunächst bei jeder Google-Anfrage erst eine Werbungsweiterleitung aufkaum und dann auf einmal kein Programm mehr zu öffnen war, weder Dokumente noch Internetexplorer, bekam ich die Medlung, dass W32.Blaster.Worm auf dem Rechner sei. Ich wusste mir nicht mehr zu helfen und habe eine Systemwiederherstellung durchgeführt. Danach hat alles wieder funktioniert und ich habe mich auf dümpelhafte Fehlersuche gemacht. Als ich eine software runterladen gegen diesen Wurm runterladen wollte, habe ich gemerkt, dass immer 0 bytes angezeigt werden, wenn ich das über firefox gemacht habe. Über Google bin ich dann auf dieses Forum gestoßen, bzw. auf diese Anleitung:

(http://www.trojaner-board.de/51871-a...tispyware.html)

Ich habe zunächst versucht, alles selbst zu machen, um niemanden auf die nerven zu gehen und habe einfach alle Malware gelöscht. das war natürlich keine gute Idee und beim nächsten Hochfahren hatte ich Probleme mit der Proxy-Verbindung. --> wieder systemwiederherstellung.

Jetzt funktioniert der PC, Proxy Verbindung auch und weder die Virusmeldung, noch die GoogleWerbeverbindung taucht auf.... aber ich habe dennoch das Gefühl, mein PC is nur noch Matsche...

Daher habe ich wiederholt einen Scan mit der SUPERAntiSpyware gemacht und komme nach wie vor auf betroffene files.

Also daher meine Bitte: Könnte sich das Log file jmd anschauen? i werd langsam narrisch^^. Danke im Vorraus!



SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/02/2011 at 11:56 AM

Application Version : 5.0.1136

Core Rules Database Version : 8008
Trace Rules Database Version: 5820

Scan type : Quick Scan
Total Scan Time : 00:04:54

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 931
Memory threats detected : 4
Registry items scanned : 30146
Registry threats detected : 5
File items scanned : 7121
File threats detected : 32

Trojan.Agent/Gen-Kryptic
[377.exe] C:\PROGRAM FILES\LP\D4A7\377.EXE
C:\PROGRAM FILES\LP\D4A7\377.EXE
[377.exe] C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\MICROSOFT\D4A7\377.EXE
C:\USERS\JULIUS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\VZXVZ873\3[1].EXE
C:\Windows\Prefetch\377.EXE-4433C8B0.pf

Trojan.Agent/Gen-Faldesc[RE]
[zli1lidy80] C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\ZLI1LIDY80.EXE
C:\USERS\JULIUS\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\YUZZQQFF\4[1].EXE

Malware.Trace
HKU\S-1-5-21-1832448290-674521332-4177493181-1003\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

Trojan.Agent/Gen-Kazy
[Load] C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\70969\AB8D4.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\70969\AB8D4.EXE
C:\USERS\JULIUS\APPDATA\ROAMING\69029\LVVM.EXE
C:\Windows\Prefetch\AB8D4.EXE-B010DD83.pf
C:\Windows\Prefetch\LVVM.EXE-1AAD7BA4.pf

Adware.Tracking Cookie
C:\USERS\JULIUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\julius@googleads.g.doubleclick[1].txt [ Cookie:julius@googleads.g.doubleclick.net/ ]
C:\USERS\JULIUS\AppData\Roaming\Microsoft\Windows\Cookies\Low\julius@doubleclick[2].txt [ Cookie:julius@doubleclick.net/ ]
.avgtechnologies.112.2o7.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
mellfind.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
ie-stat.bmmetrix.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
findsimle.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
perfind.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.click.searchnation.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.click.searchnation.net [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.rambler.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.tns-counter.ru [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]
www.bluecounter.de [ C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\COOKIES.SQLITE ]

kira 02.12.2011 15:37
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

laggy 02.12.2011 17:16
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8290

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

02.12.2011 16:13:20
mbam-log-2011-12-02 (16-13-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 325954
Laufzeit: 1 Stunde(n), 14 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 4
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
c:\Users\XXX\zli1lidy80.exe (Trojan.Agent) -> 1352 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\70969\AB8D4.exe (Spyware.Password) -> 4672 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\69029\lvvm.exe (Spyware.Password) -> 560 -> Unloaded process successfully.
c:\Users\XXX\AppData\Roaming\microsoft\D4A7\377.exe (Spyware.Password) -> 6092 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zli1lidy80 (Trojan.Agent) -> Value: zli1lidy80 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\377.exe (Spyware.Password) -> Value: 377.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\377.exe (Malware.Packer) -> Value: 377.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.CycBot) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Spyware.Password) -> Bad: (C:\Users\XXX\AppData\Roaming\69029\lvvm.exe) Good: () -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\XXX\zli1lidy80.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\70969\AB8D4.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\69029\lvvm.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Roaming\microsoft\D4A7\377.exe (Spyware.Password) -> Quarantined and deleted successfully.
c:\program files\LP\D4A7\377.exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\VZXVZ873\3[1].exe (Malware.Packer) -> Quarantined and deleted successfully.
c:\Users\XXX\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\YUZZQQFF\4[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

laggy 02.12.2011 17:42
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 02.12.2011 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 27,89% Memory free
6,20 Gb Paging File | 3,98 Gb Available in Paging File | 64,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 33,50 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 34,73 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF70C3-C62D-4158-ADA0-6F0335DE46E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12B207D1-236E-423D-94F7-705946EE7F86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system |
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system |
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{3FCE6839-979A-42FD-9618-27A2516C74F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system |
"{531E6D51-9DE4-4CA5-B2A3-538DEB312A71}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B774E06-4073-41BA-AA0E-3982068D1B1A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{6CAC3546-A40A-42CF-9217-3AB4F99AFB60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92B1D418-9E8D-4902-A5AC-E094916C6F2B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{9D3FE02A-7D3A-43FA-8947-8BCD458C6323}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A82D79BB-D95E-4F2E-9169-197F7396F84D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9227660-E05F-4A2A-8D67-22EE20D1D6E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE3435FC-5EE4-48D5-A08F-2896DD42D6D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC6E852C-3666-4FBB-BCE0-7930738C3838}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{D3779759-6B6E-4363-913A-F2FA03424034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D43EBB75-0A71-4703-910C-C05998056210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DB4E312E-B407-4527-B6A2-F7393882E202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFA56ACC-BFF5-4DF5-B60E-4279E640C8E8}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED3F00C9-6539-4AD2-B87C-EF14BFC3FC3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFDEC176-A813-44DC-819C-38A7F0D146EA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05352B55-391A-4826-92EF-D2A386463E6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{07A44DDF-6A54-4756-B022-749FA9883F83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{091A14EA-1AAB-4473-AF92-CF8294902241}" = protocol=6 | dir=out | app=system |
"{0E778505-83AE-4999-A680-F58170A30A1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D688BD2-D11E-4296-954D-95BBC5B2DC78}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6850E218-CEDE-4344-A4AE-6762F7EB9847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{717593C2-DCAE-4246-8C50-0D942E854603}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{85D276BF-2591-4719-AB5F-A1731E42E969}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{920535FC-9A79-49A6-A95A-9F4703D2A987}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{A21BCABE-B969-42F8-A062-6EE7899A2174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE8B2D36-4FEE-46D5-97C5-21FE1C96C899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DDC3290C-4F2D-447B-9D50-B0E1C7627278}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{F9B2C903-A0B0-4E05-99C8-38C07FB3B02F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE29EDD9-CE99-42A9-AAAD-2C6CDD551148}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{38318946-88E2-496F-8973-C95547256293}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{46EBDE7D-618F-4B4E-A1EF-B2B5070D04AA}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5ADCE03B-5C58-415A-9F2F-6090B06EE455}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{66475628-3192-42E0-8F88-6B146990289B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{693F26A0-1C03-44EB-AE80-36459F66D585}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{C27E4309-D602-4EAF-8059-88AF807D8798}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{EFE11417-254A-47E3-98D4-6F6B77A1862E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{0C731628-A770-4533-AB56-9E3D77FA5D75}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{51150E84-FBF0-492D-8673-003EDD2A0018}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{BE4F3B4D-37EB-4AC8-99AB-70D69625BAC1}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{BE8F80F4-A609-4E60-9177-B115E857E15F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{CC334E1E-B8C0-47D6-B508-A35C922AE95B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{DCA60FF0-22C3-4B1A-8140-B1248316B6F8}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{F8D1E36E-5EC3-4B1A-9992-384BE22AC4E6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"BitZipper_is1" = BitZipper 2010
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"Computer Updater" = Computer Updater
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC84 Referenzhandbuch" = ESC84 Referenzhandbuch
"ESC84 Softwarehandbuch" = ESC84 Softwarehandbuch
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"fsQCA" = fsQCA
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SpeedItup Free_is1" = SpeedItup Free 7.70
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 Beta 1 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2011 19:50:00 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 03:52:09 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 05:07:15 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 06:11:53 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 10:00:08 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 05:00:12 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 08:05:22 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 09:09:12 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 12:17:46 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.09.2011 04:01:17 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 07.12.2010 14:33:22 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5254
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2011 16:41:13 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1876
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2011 10:12:50 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1042
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 14.03.2011 16:31:45 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1888
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 11.06.2011 08:05:58 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2011 10:21:32 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3018
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:05:22 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3397
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:13:53 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.12.2011 15:28:52 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.12.2011 15:28:52 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.12.2011 06:07:22 | Computer Name = XXX-PC | Source = HTTP | ID = 15016
Description =
 
Error - 02.12.2011 06:07:47 | Computer Name = XXX-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 02.12.2011 06:07:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.12.2011 06:07:56 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 02.12.2011 06:13:25 | Computer Name = XXX-PC | Source = HTTP | ID = 15016
Description =
 
Error - 02.12.2011 06:13:42 | Computer Name = XXX-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 02.12.2011 06:14:03 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 02.12.2011 06:14:03 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

[/Code]

laggy 02.12.2011 17:44
OTL Logfile:
Code:
OTL logfile created on: 02.12.2011 16:20:35 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 27,89% Memory free
6,20 Gb Paging File | 3,98 Gb Available in Paging File | 64,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 33,50 Gb Free Space | 23,25% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 34,73 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\Computer Updater\ComputerUp-daterService.exe (SafeApp Software, LLC)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
PRC - C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Users\XXX\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU ()
MOD - C:\Users\XXX\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Programme\Adobe\Reader 10.0\Reader\Locale\de_DE\BRdlang32.DEU ()
MOD - C:\Programme\Adobe\Reader 10.0\Reader\sqlite.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Java\jre6\bin\jp2native.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe ()
MOD - C:\Programme\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (ComputerUpdater Service) -- C:\Programme\Computer Updater\ComputerUp-daterService.exe (SafeApp Software, LLC)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung Update Plus) -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe ()
SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15383&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57475
FF - prefs.js..network.proxy.type: 1
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 10:52:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.02 21:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
 
[2010.09.21 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2010.09.21 09:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.01 01:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions
[2011.09.04 19:08:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions\zotero@chnm.gmu.edu
[2011.02.15 17:33:57 | 000,002,396 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml
[2011.11.27 02:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 00:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\XXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 10:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.06 19:04:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 23:55:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 23:55:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 23:55:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 23:55:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 23:55:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk =  File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{939DB84B-EB4C-415C-920A-B2B2742AF600}: DhcpNameServer = 172.16.7.141 172.16.7.142
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.02 14:54:42 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.02 14:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 14:54:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.02 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.02 10:35:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.02 10:35:53 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 10:35:53 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.02 10:35:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.02 10:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.01 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2011.12.01 19:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.01 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.01 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.01 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\Desktop\franzi adventskalender
[2011.11.28 20:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.28 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\69029
[2011.11.28 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\70969
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.11.24 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.23 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GameXN
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\pdfforge
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.21 20:24:06 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.11.21 20:24:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011.11.21 20:23:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011.11.21 20:23:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.11.21 20:23:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.11.19 18:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011.11.16 16:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.16 16:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011.11.16 16:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011.11.15 01:59:26 | 000,000,000 | ---D | C] -- C:\Cities.XL.2012-KaOs
[2011.11.13 21:49:45 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.11.13 21:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.11.13 21:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.11.13 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011.11.13 00:44:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011.11.13 00:44:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011.11.13 00:44:55 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011.11.13 00:44:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011.11.13 00:44:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011.11.13 00:44:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011.11.13 00:44:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011.11.13 00:44:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011.11.13 00:44:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011.11.13 00:44:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.11.13 00:44:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011.11.13 00:44:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011.11.13 00:44:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011.11.13 00:44:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.11.13 00:44:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011.11.13 00:44:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.11.13 00:44:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.11.13 00:44:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.11.13 00:44:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.11.13 00:44:47 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011.11.13 00:44:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011.11.13 00:44:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.11.13 00:44:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.11.13 00:44:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011.11.13 00:44:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.11.13 00:44:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.11.13 00:44:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.11.13 00:44:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011.11.13 00:44:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.11.13 00:44:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.11.13 00:44:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.11.13 00:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.11.13 00:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.11.13 00:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.11.13 00:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.11.13 00:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.11.13 00:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.11.13 00:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.11.13 00:44:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.11.13 00:44:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.11.13 00:44:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.11.13 00:44:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.11.13 00:44:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.11.13 00:44:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.11.13 00:44:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.11.13 00:44:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.11.13 00:44:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.11.13 00:44:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.11.13 00:44:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.11.13 00:44:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.11.13 00:44:35 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.11.13 00:44:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.11.13 00:44:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.11.13 00:44:35 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.11.13 00:44:34 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.11.13 00:44:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.11.13 00:44:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.11.13 00:44:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.11.13 00:44:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.11.13 00:44:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.11.13 00:44:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.11.13 00:44:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.11.13 00:44:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.11.13 00:44:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.11.13 00:44:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.11.13 00:44:29 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.11.13 00:44:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.11.13 00:44:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.11.13 00:44:27 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.11.13 00:44:27 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.11.13 00:44:27 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.11.13 00:44:27 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.11.13 00:44:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.11.13 00:44:25 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.11.13 00:44:25 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.11.13 00:44:24 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.11.13 00:44:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.11.13 00:44:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.11.13 00:44:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.11.13 00:44:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.11.13 00:44:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.11.13 00:44:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.11.13 00:44:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.11.13 00:44:08 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.11.13 00:44:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.11.13 00:44:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.11.13 00:44:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.11.13 00:44:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.11.13 00:44:02 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.11.13 00:44:01 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.11.13 00:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011.11.12 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011.11.12 22:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2006.11.24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.02 16:13:49 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\jxmwma.sys
[2011.12.02 16:13:23 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 16:13:23 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.02 15:16:18 | 000,000,715 | ---- | M] () -- C:\Users\XXX\Desktop\Literaturverzeichnis ohne Titel.rtf
[2011.12.02 14:56:30 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.02 14:54:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 13:37:49 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.02 13:37:49 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.02 13:37:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.02 10:43:49 | 000,675,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.02 10:43:49 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.02 10:43:49 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.02 10:43:49 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.02 10:36:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:41 | 000,005,619 | ---- | M] () -- C:\Users\XXX\Desktop\XXX Lagodny_ proposed literature.pdf
[2011.11.30 00:33:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.11.28 20:48:04 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.11.28 20:36:50 | 000,092,299 | ---- | M] () -- C:\Users\XXX\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | M] () -- C:\Users\XXX\Desktop\mama weihnachten.jpg
[2011.11.28 19:59:42 | 003,464,124 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:04 | 000,028,310 | ---- | M] () -- C:\Users\XXX\Desktop\QuickTime.pdf
[2011.11.28 19:31:40 | 002,874,836 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0929.JPG
[2011.11.28 19:30:59 | 002,191,241 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0847.JPG
[2011.11.28 19:24:29 | 002,525,941 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0946.JPG
[2011.11.28 19:22:21 | 001,911,246 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0758.JPG
[2011.11.28 19:21:41 | 002,344,261 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0817.JPG
[2011.11.28 19:14:29 | 002,005,912 | ---- | M] () -- C:\Users\XXX\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | M] () -- C:\Users\XXX\Desktop\XXX_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | M] () -- C:\Users\XXX\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.24 16:56:53 | 000,098,304 | ---- | M] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 00:49:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.22 12:38:46 | 000,040,396 | ---- | M] () -- C:\Users\XXX\Desktop\Migration Graph Ireland.pdf
[2011.11.21 20:24:08 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.21 15:14:03 | 000,001,752 | -H-- | M] () -- C:\Users\XXX\Documents\Default.rdp
[2011.11.19 18:56:24 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.11.19 18:56:24 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.13 21:49:45 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.02 16:13:49 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\jxmwma.sys
[2011.12.02 14:54:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:40 | 000,005,619 | ---- | C] () -- C:\Users\XXX\Desktop\XXX Lagodny_ proposed literature.pdf
[2011.11.28 20:47:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.11.28 20:36:48 | 000,092,299 | ---- | C] () -- C:\Users\XXX\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | C] () -- C:\Users\XXX\Desktop\mama weihnachten.jpg
[2011.11.28 19:57:45 | 003,464,124 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:03 | 000,028,310 | ---- | C] () -- C:\Users\XXX\Desktop\QuickTime.pdf
[2011.11.28 19:28:56 | 002,874,836 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0929.JPG
[2011.11.28 19:28:35 | 002,191,241 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0847.JPG
[2011.11.28 19:23:01 | 002,525,941 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0946.JPG
[2011.11.28 19:20:53 | 001,911,246 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0758.JPG
[2011.11.28 19:19:57 | 002,344,261 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0817.JPG
[2011.11.28 19:13:14 | 002,005,912 | ---- | C] () -- C:\Users\XXX\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | C] () -- C:\Users\XXX\Desktop\XXX_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | C] () -- C:\Users\XXX\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.23 19:03:41 | 000,001,534 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (GameXN).lnk
[2011.11.22 12:38:45 | 000,040,396 | ---- | C] () -- C:\Users\XXX\Desktop\Migration Graph Ireland.pdf
[2011.11.21 20:24:08 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.16 16:40:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.16 16:23:08 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011.11.16 16:23:08 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011.11.11 14:17:58 | 299,253,828 | ---- | C] () -- C:\Users\XXX\Desktop\xwvsevs_1981_2000_v20060423.dta
[2011.10.02 13:27:47 | 000,000,235 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\fixpermissions.bat
[2011.08.31 12:07:47 | 000,017,408 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2011.04.29 15:24:37 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2011.04.29 15:24:12 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC84Euro.ini
[2011.02.14 20:39:25 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2011.01.14 18:30:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 14:25:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.01 18:30:04 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010.09.21 19:16:35 | 000,098,304 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.06.07 11:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.05.29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009.03.11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2008.07.09 06:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.08 14:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 14:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.07.08 14:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 14:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 14:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.07.08 14:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.07.08 12:54:14 | 000,675,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 12:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 12:54:14 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 12:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 12:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 16:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2008.01.21 02:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.02.26 07:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 08:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,397,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.01.03 10:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2002.04.26 01:00:00 | 000,000,111 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2001.11.14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

< End of report >
--- --- ---

[/code]

laggy 02.12.2011 17:48
Code:

2007 Microsoft Office system        Microsoft Corporation        08.07.2008        491MB        12.0.4518.1014
7-Zip 4.65                27.10.2010        3,13MB       
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        06.10.2008        13,5MB       
Adobe AIR        Adobe Systems Incorporated        02.10.2011        30,1MB        2.7.1.19610
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        29.09.2010                10.1.85.3
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        01.04.2011                10.2.153.1
Adobe Reader X (10.1.1) - Deutsch        Adobe Systems Incorporated        16.11.2011        119,0MB        10.1.1
Agere Systems HDA Modem        Agere Systems        08.07.2008               
Apple Application Support        Apple Inc.        02.06.2011        51,0MB        1.5.1
Apple Mobile Device Support        Apple Inc.        02.06.2011        21,8MB        3.4.0.25
Apple Software Update        Apple Inc.        02.06.2011        2,26MB        2.1.2.120
Atheros WLAN Client                06.10.2008        0,86MB        1.00.000
aTube Catcher        DsNET Corp        14.02.2011        35,5MB        2.2.543
Avira Free Antivirus        Avira        02.12.2011        153,1MB        12.0.0.861
BitTorrent        BitTorrent Inc.        02.10.2011        0,53MB        7.5.0
BitZipper 2010        Bitberry Software        03.10.2011        14,4MB       
Bonjour        Apple Inc.        02.06.2011        1,10MB        2.0.5.0
Business Contact Manager für Outlook 2007        Microsoft Corporation        08.07.2008        29,0MB        3.0.5828.0
CCleaner        Piriform        02.12.2011        4,20MB        3.13
CDBurnerXP        CDBurnerXP        05.02.2011        15,9MB        4.3.8.2474
Cisco Systems VPN Client 5.0.07.0290        Cisco Systems, Inc.        09.11.2010        11,6MB        5.0.6
Computer Updater        SafeApp Software, LLC        02.10.2011               
CyberLink DVD Suite        CyberLink Corp.        06.10.2008        9,64MB        5.0.2403
CyberLink Power2Go        CyberLink Corp.        06.10.2008        52,4MB        5.0.3825
DAEMON Tools Lite        DT Soft Ltd        13.11.2011        16,6MB        4.45.1.0236
DivX-Setup        DivX, LLC        13.01.2011        3,13MB        2.2.1.2
Easy Battery Manager                06.10.2008        7,89MB        3.2.1.7
Easy Display Manager        Samsung        08.07.2008        12,4MB        2.0.0.0
Easy Network Manager 3.0        Ihr Firmenname        08.07.2008        36,9MB        3.0.0.0
Easy SpeedUp Manager                06.10.2008        4,00MB        2.0.1.0
EPSON PhotoQuicker3.4                29.04.2011        1,57MB       
EPSON PRINT Image Framer Tool2.0                29.04.2011        2,21MB       
EPSON-Drucker-Software                29.04.2011               
ESC84 Referenzhandbuch                29.04.2011        7,17MB       
ESC84 Softwarehandbuch                29.04.2011        0,93MB       
File Type Assistant        Trusted Software        03.10.2011        1,98MB       
FM Screen Capture Codec (Remove Only)                09.10.2010               
fsQCA                01.02.2011        4,93MB        2.0
GameXN GO        EasyBits Media        23.11.2011        13,5MB       
imagine digital freedom - Samsung        Samsung Electronics Co., LTD        08.07.2008        7,50MB        1.0.2.0
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        08.07.2008        78,3MB        12.00.2000
Intel® Matrix Storage Manager        Intel Corporation        06.10.2008        0,79MB       
iTunes        Apple Inc.        02.06.2011        143,9MB        10.2.2.14
Java(TM) 6 Update 23        Oracle        06.02.2011        95,0MB        6.0.230
LabelPrint        CyberLink Corp.        06.10.2008        106,4MB        .2406
LibUSB-Win32-0.1.10.1        LibUSB-Win32        01.11.2010        1,32MB        0.1.10.1
LightScribe System Software  1.12.37.1        LightScribe        08.07.2008        20,9MB        1.12.37.1
Malwarebytes' Anti-Malware version 1.51.2.1300        Malwarebytes Corporation        02.12.2011        6,77MB        1.51.2.1300
McAfee Security Scan Plus        McAfee, Inc.        19.11.2011        9,34MB        2.0.181.2
Microsoft Office 2003 Web Components        Microsoft Corporation        08.07.2008        21,7MB        11.0.8003.0
Microsoft Office 2007 Primary Interop Assemblies        Microsoft Corporation        08.07.2008        7,23MB        12.0.4518.1014
Microsoft Office Enterprise 2007        Microsoft Corporation        24.11.2010        615MB        12.0.4518.1014
Microsoft Office Small Business Connectivity Components        Microsoft Corporation        08.07.2008        0,15MB        2.0.7024.0
Microsoft SQL Server 2005        Microsoft Corporation        08.07.2008        42,7MB       
Microsoft SQL Server Native Client        Microsoft Corporation        08.07.2008        2,59MB        9.00.2047.00
Microsoft SQL Server VSS Writer        Microsoft Corporation        08.07.2008        0,68MB        9.00.2047.00
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        08.07.2008        0,41MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        05.11.2010        0,59MB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        15.11.2011        0,57MB        9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        02.12.2011        11,1MB        10.0.40219
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme        Microsoft Corporation        28.09.2010        0,13MB        12.0.4518.1014
Minecraft Beta Version 1.7.3        Godslayers        26.07.2011        72,6MB        1.7.3
Mozilla Firefox 8.0 (x86 de)        Mozilla        11.11.2011        41,9MB        8.0
Mozilla Thunderbird (8.0)        Mozilla        11.11.2011        39,7MB        8.0 (de)
NVIDIA Drivers                06.10.2008               
OpenOffice.org 3.2        OpenOffice.org        27.09.2010        363MB        3.2.9502
PDFCreator        Frank Heindörfer, Philip Chinery        21.11.2011        44,4MB        1.2.3
pdfforge Toolbar v4.8        Spigot, Inc.        27.11.2011        8,36MB        4.8
PIF DESIGNER2.0                29.04.2011        0,92MB       
Play AVStation        Ihr Firmenname        08.07.2008        91,1MB        4.1.20.50
PlayCamera                22.10.2008        362MB        1.0.1.7
PowerDirector        CyberLink Corp.        06.10.2008        129,4MB        5.0.3927
PowerDVD        CyberLink Corp.        06.10.2008        114,4MB        7.0.3118.0
PowerProducer        CyberLink Corp.        06.10.2008        298MB        085120(3.7)_Vista_SSPC
QuickTime        Apple Inc.        02.06.2011        73,7MB        7.69.80.9
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        08.07.2008        11,4MB        6.0.1.5605
Samsung Magic Doctor        Samsung Electronics Co., LTD        06.10.2008        15,4MB        5.00
Samsung Recovery Solution III        Samsung        08.07.2008        36,5MB        3.0.0.5
Samsung Update Plus        Samsung Electronics Co., LTD        08.07.2008        5,64MB        1.3.0.11
ScanToWeb                29.04.2011        0,36MB       
Skype Click to Call        Skype Technologies S.A.        24.11.2011        6,97MB        5.6.8442
Skype™ 5.5        Skype Technologies S.A.        24.11.2011        17,0MB        5.5.124
SpeedItup Free 7.70        SMicroSmarts LLC        02.10.2011        9,63MB       
Stata 10        Stata Corp LP        05.11.2010        66,6MB        10.0
SUPERAntiSpyware        SUPERAntiSpyware.com        02.12.2011        73,1MB        5.0.1136
Synaptics Pointing Device Driver        Synaptics        08.07.2008        13,6MB        10.1.2.0
TeamSpeak 2 RC2        Dominating Bytes Design        11.02.2011                2.0.32.60
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)        Microsoft Corporation        08.07.2008        23,2MB        9.00.2047.00
User Guide                06.10.2008        150,6MB        1.0
Vimicro UVC Camera        Vimicro Corporation        08.07.2008        2,15MB        1.00.0000
VLC media player 1.1.4        VideoLAN        21.09.2010        76,2MB        1.1.4
WIDCOMM Bluetooth Software 6.0.1.6300        WIDCOMM, Inc.        08.07.2008        35,5MB        6.0.1.6300
Winamp        Nullsoft, Inc        24.06.2011        39,5MB        5.61
Windows Media Player Firefox Plugin        Microsoft Corp        03.02.2011        0,29MB        1.0.0.8
WinRAR 4.01 Beta 1 (32-Bit)        win.rar GmbH        23.05.2011        4,04MB        4.01.1

laggy 02.12.2011 17:49
Hui, jetzt bin ich ja mal gespannt^^. Danke für dein Hilfe btw.

kira 05.12.2011 16:16
1.
Hast Du absichtlich die IP127.0.0.1:57475 als Proxy eingestellt? Wenn ja, warum? Wenn nein:
wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus
im Internet Explorer:
Extras => Internetoptionen => Verbindungen => Lan-Einstellungen
Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen.
Zitat:
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
im Firefox:
Extras => Einstellungen => Erweitert => Netzwerk => Einstellungen.
Dort unter Verbindungs-Einstellungen => Kein Proxy anhaken.
Zitat:
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 57475
2.
Wenn Du nicht absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten (vermutlich durch Adobe Reader), deinstalliere:
Code:
McAfee Security Scan Plus
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.

3.
deinstalliere falls unter `Systemsteuerung -->Software -->Ändern/Entfernen...` existieren:
Code:
Adware -Toolbars:

pdfforge Toolbar
Bestandteile der Standardinstallation vieler Freeware-Programme und teilweise sogar von kostenpflichtigen Programmen. Daher:
Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Bei Installation bitte die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
in diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars deinstallieren

4.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ask.com?o=15383&l=dis
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2011.02.15 17:33:57 | 000,002,396 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml
[2011.10.02 23:55:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk =  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
[2011.11.28 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\69029
[2011.11.28 19:39:08 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\70969
[2011.11.27 02:55:09 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.11.28 20:47:16 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\At1.job

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{807B5468-0F57-4844-B9A6-E5E5E888F419}" = pdfforge Toolbar v4.8-

:Commands
[purity]
[emptytemp]

5.
TDSSKiller von Kaspersky
  • Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
  • Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
  • deaktiviere vorübergehend dein AntiVirus-Programm
  • Starte die TDSSKiller.exe durch Doppelklick.
  • Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
    Bestätige das ggfs. mit Y(es).
    Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
  • Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.
Hier findest Du eine ausführlichere Anleitung.

6.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

laggy 06.12.2011 11:40
Code:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
C:\Users\JULIUS\AppData\Roaming\Mozilla\Firefox\Profiles\7jesyrva.default\searchplugins\askcom.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Programme\pdfforge Toolbar\IE\4.8\pdfforgeToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings not found.
File C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 deleted successfully.
C:\Users\JULIUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{073714da-3684-11e0-a2ae-001377ab8d4a}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6cdf744a-37b3-11e0-a1d3-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb91b802-385a-11e0-9b53-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de1ed37a-3850-11e0-8a08-001377ab8d4a}\ not found.
File move failed. F:\.\Autorun.exe scheduled to be moved on reboot.
C:\Users\JULIUS\AppData\Roaming\69029 folder moved successfully.
C:\Users\JULIUS\AppData\Roaming\70969 folder moved successfully.
Folder C:\Program Files\pdfforge Toolbar\ not found.
C:\Windows\Tasks\At1.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\"{807B5468-0F57-4844-B9A6-E5E5E888F419}" | pdfforge Toolbar v4.8- /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Julius
->Temp folder emptied: 17023458 bytes
->Temporary Internet Files folder emptied: 1863638 bytes
->Java cache emptied: 1638286 bytes
->FireFox cache emptied: 418488414 bytes
->Flash cache emptied: 64010 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 675287 bytes
RecycleBin emptied: 3464134 bytes
 
Total Files Cleaned = 423,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12062011_103203

Files\Folders moved on Reboot...
File\Folder F:\.\Autorun.exe not found!
C:\Windows\temp\~DF8297.tmp moved successfully.

Registry entries deleted on Reboot...

laggy 06.12.2011 11:50
beim tdss killer scan werden keine threats gefunden, daher auch keinen bericht. habe aber die datei auf dem desktop und das antivirenprogramm is aus.... vllt mach ich ja doch irgendetwas falsch... naja ich mach mal weiter im procedere

laggy 06.12.2011 11:57
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 06.12.2011 10:51:43 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = c:\Users\Julius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,88% Memory free
6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 28,89 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 57,83 Gb Free Space | 40,16% Space Free | Partition Type: NTFS
Drive F: | 7,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FF70C3-C62D-4158-ADA0-6F0335DE46E4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{12B207D1-236E-423D-94F7-705946EE7F86}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{17C9712C-B0FF-4DE2-8825-DACFF07A2A6D}" = lport=445 | protocol=6 | dir=in | app=system |
"{1ACC8B81-4A32-4952-B23E-3B83139AA64F}" = lport=138 | protocol=17 | dir=in | app=system |
"{20000877-69F7-4346-B4CE-B9E1BB47C55E}" = rport=138 | protocol=17 | dir=out | app=system |
"{2677158A-5F0E-4049-969B-0CF2018C79DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{3FCE6839-979A-42FD-9618-27A2516C74F0}" = lport=445 | protocol=6 | dir=in | app=system |
"{3FD0B431-FA3C-48C4-97FD-5484C4111559}" = rport=137 | protocol=17 | dir=out | app=system |
"{531E6D51-9DE4-4CA5-B2A3-538DEB312A71}" = rport=5358 | protocol=6 | dir=out | app=system |
"{5A5CACB9-A9DC-4CA0-8C73-6ADEB81F3B58}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B774E06-4073-41BA-AA0E-3982068D1B1A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{6CAC3546-A40A-42CF-9217-3AB4F99AFB60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92B1D418-9E8D-4902-A5AC-E094916C6F2B}" = lport=5358 | protocol=6 | dir=in | app=system |
"{9D3FE02A-7D3A-43FA-8947-8BCD458C6323}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A82D79BB-D95E-4F2E-9169-197F7396F84D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B90197B0-98B8-4132-BB41-BF493DD0CD59}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9227660-E05F-4A2A-8D67-22EE20D1D6E6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE3435FC-5EE4-48D5-A08F-2896DD42D6D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C644570E-17B8-4601-A65F-E80EE9425ABE}" = lport=137 | protocol=17 | dir=in | app=system |
"{CC6E852C-3666-4FBB-BCE0-7930738C3838}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{D3779759-6B6E-4363-913A-F2FA03424034}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D43EBB75-0A71-4703-910C-C05998056210}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DB4E312E-B407-4527-B6A2-F7393882E202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFA56ACC-BFF5-4DF5-B60E-4279E640C8E8}" = rport=5357 | protocol=6 | dir=out | app=system |
"{E0F18376-F1E7-4603-81C9-6688EDF26ACA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E912E8C0-725B-4AAE-89C4-D664C62E8944}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{ED3F00C9-6539-4AD2-B87C-EF14BFC3FC3B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFDEC176-A813-44DC-819C-38A7F0D146EA}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{FC0AEC55-BED7-4381-B956-96A224A80686}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05352B55-391A-4826-92EF-D2A386463E6B}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{07A44DDF-6A54-4756-B022-749FA9883F83}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{091A14EA-1AAB-4473-AF92-CF8294902241}" = protocol=6 | dir=out | app=system |
"{0E778505-83AE-4999-A680-F58170A30A1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{291D306C-48AA-4223-B4A4-5D53D8E45FDD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{35A3779F-1D36-4A27-B8DA-0771AF95C0DF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3D688BD2-D11E-4296-954D-95BBC5B2DC78}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{6779FCAE-5815-46CF-89C3-D6A107FAA6AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6850E218-CEDE-4344-A4AE-6762F7EB9847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6C708175-E552-40D1-A8A6-13CFD9899760}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{717593C2-DCAE-4246-8C50-0D942E854603}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{85D276BF-2591-4719-AB5F-A1731E42E969}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{920535FC-9A79-49A6-A95A-9F4703D2A987}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{A21BCABE-B969-42F8-A062-6EE7899A2174}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE8B2D36-4FEE-46D5-97C5-21FE1C96C899}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DDC3290C-4F2D-447B-9D50-B0E1C7627278}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E75CBF35-506F-418D-825D-14AC26E40972}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{F9B2C903-A0B0-4E05-99C8-38C07FB3B02F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE29EDD9-CE99-42A9-AAAD-2C6CDD551148}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{FFE802C9-B147-4651-9BE1-5B48A6CDC045}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"TCP Query User{280B44FD-FB02-4836-A5E0-0E30F0FB6EA1}D:\call of duty 4\iw3mp-cracked-server.exe" = protocol=6 | dir=in | app=d:\call of duty 4\iw3mp-cracked-server.exe |
"TCP Query User{38318946-88E2-496F-8973-C95547256293}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{46EBDE7D-618F-4B4E-A1EF-B2B5070D04AA}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{5ADCE03B-5C58-415A-9F2F-6090B06EE455}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{66475628-3192-42E0-8F88-6B146990289B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{693F26A0-1C03-44EB-AE80-36459F66D585}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
"TCP Query User{A758E6D4-CAF6-4B23-96CC-B9872BF17179}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{B9AF3475-A310-4643-A2E0-0A3BC93B7C1A}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{C27E4309-D602-4EAF-8059-88AF807D8798}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{EFE11417-254A-47E3-98D4-6F6B77A1862E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{0C731628-A770-4533-AB56-9E3D77FA5D75}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{475F2227-B6A7-4A35-9827-5C90EF9742D3}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{51150E84-FBF0-492D-8673-003EDD2A0018}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{7C2688C8-53A0-4F7B-A55D-61BB7A28B331}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BE4F3B4D-37EB-4AC8-99AB-70D69625BAC1}D:\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\age of empires ii\age2_x1\age2_x1.exe |
"UDP Query User{BE8F80F4-A609-4E60-9177-B115E857E15F}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{CC334E1E-B8C0-47D6-B508-A35C922AE95B}C:\program files\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{DCA60FF0-22C3-4B1A-8140-B1248316B6F8}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{DCE9E9E0-1A64-4A5A-ACDC-92F8D4B44C28}D:\call of duty 4\iw3mp-cracked-server.exe" = protocol=17 | dir=in | app=d:\call of duty 4\iw3mp-cracked-server.exe |
"UDP Query User{F8D1E36E-5EC3-4B1A-9992-384BE22AC4E6}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6395D480-9F3B-4930-8204-B91C8882F967}" = Stata 10
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AF9D464-6627-4FB9-AEF9-15D6C972CA84}_is1" = Minecraft Beta Version 1.7.3
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CCleaner" = CCleaner
"Computer Updater" = Computer Updater
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC84 Referenzhandbuch" = ESC84 Referenzhandbuch
"ESC84 Softwarehandbuch" = ESC84 Softwarehandbuch
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"fsQCA" = fsQCA
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"SpeedItup Free_is1" = SpeedItup Free 7.70
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 Beta 1 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = GameXN GO
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.09.2011 19:50:00 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 03:52:09 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 05:07:15 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 06:11:53 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 13.09.2011 10:00:08 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 05:00:12 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 08:05:22 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 09:09:12 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.09.2011 12:17:46 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.09.2011 04:01:17 | Computer Name = Julius-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 07.12.2010 14:33:22 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5254
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 19.01.2011 16:41:13 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1876
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.01.2011 10:12:50 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1042
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 14.03.2011 16:31:45 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1888
 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error - 11.06.2011 08:05:58 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 473
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 19.06.2011 10:21:32 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3018
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:05:22 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3397
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 09:13:53 | Computer Name = Julius-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 493
 seconds with 480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.12.2011 12:01:33 | Computer Name = Julius-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 140.203.213.18 für die Netzwerkkarte mit der Netzwerkadresse
 00216380F4AA wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 06.12.2011 05:51:34 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description =
 
Error - 06.12.2011 05:52:28 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.12.2011 05:52:28 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 06.12.2011 05:52:37 | Computer Name = Julius-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 06.12.2011 06:32:03 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 06.12.2011 06:34:38 | Computer Name = Julius-PC | Source = HTTP | ID = 15016
Description =
 
Error - 06.12.2011 06:35:00 | Computer Name = Julius-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 06.12.2011 06:35:20 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 06.12.2011 06:35:20 | Computer Name = Julius-PC | Source = Service Control Manager | ID = 7026
Description =
 
 
< End of report >
--- --- ---

[/code]

laggy 06.12.2011 11:58
OTL Logfile:
Code:
OTL logfile created on: 06.12.2011 10:51:43 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = c:\Users\Julius\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 58,88% Memory free
6,21 Gb Paging File | 4,76 Gb Available in Paging File | 76,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 28,89 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 57,83 Gb Free Space | 40,16% Space Free | Partition Type: NTFS
Drive F: | 7,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: JULIUS-PC | User Name: Julius | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.02 16:17:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\Julius\Downloads\OTL.exe
PRC - [2011.11.23 19:03:38 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe
PRC - [2011.11.11 10:52:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.11.11 10:50:44 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.11.10 09:17:04 | 003,514,176 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.11.07 18:04:36 | 004,617,600 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.19 16:55:47 | 000,306,128 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.15 16:34:14 | 000,081,920 | ---- | M] (SafeApp Software, LLC) -- C:\Programme\Computer Updater\ComputerUp-daterService.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.20 21:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 21:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.05.23 05:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2008.05.23 04:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.05.22 08:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.05.13 00:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
PRC - [2008.04.25 12:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.04.17 06:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 02:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.12 04:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.01.21 02:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 02:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 02:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.07.04 22:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
PRC - [2006.10.27 06:23:04 | 000,347,432 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE
PRC - [2006.10.26 23:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006.04.14 01:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusbd-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.06 10:36:33 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.12.06 10:36:33 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.12.02 10:22:28 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.12.02 10:22:28 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.11.11 10:52:40 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.11 10:50:47 | 001,988,760 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll
MOD - [2011.11.11 10:50:46 | 000,161,944 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2011.11.11 10:50:46 | 000,021,656 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2011.05.10 15:37:12 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.03.21 15:30:20 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.12.09 19:29:16 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.12.09 19:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.04 13:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2008.05.13 00:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
MOD - [2007.08.14 04:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 04:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 04:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
MOD - [2006.10.26 04:56:46 | 000,757,008 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.11 23:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.15 16:34:14 | 000,081,920 | ---- | M] (SafeApp Software, LLC) [Auto | Running] -- C:\Programme\Computer Updater\ComputerUp-daterService.exe -- (ComputerUpdater Service)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.05.23 05:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008.05.23 04:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008.05.12 23:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2008.01.21 02:24:45 | 000,376,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2005.03.09 19:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.03 15:31:15 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.10.19 16:56:15 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.23 12:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008.06.08 22:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.20 19:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.04.05 05:56:26 | 000,242,560 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2008.01.21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007.09.13 06:17:58 | 000,755,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.05.23 08:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 07:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 07:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.03.09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.13 19:17:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 10:52:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.02 21:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.11.16 16:40:25 | 000,000,000 | ---D | M]
 
[2010.09.21 09:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions
[2010.09.21 09:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.05 23:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions
[2011.09.04 19:08:23 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\7jesyrva.default\extensions\zotero@chnm.gmu.edu
[2011.12.06 10:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 00:49:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\JULIUS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7JESYRVA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 10:52:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.02.06 19:04:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.02 23:55:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 23:55:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.02 23:55:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 23:55:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Julius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.7.141 172.16.7.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{939DB84B-EB4C-415C-920A-B2B2742AF600}: DhcpNameServer = 172.16.7.141 172.16.7.142
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julius\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.06 10:45:03 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Julius\Desktop\TDSSKiller.exe
[2011.12.06 10:32:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.05 23:17:12 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoft
[2011.12.05 23:16:57 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.05 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011.12.05 23:16:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.04 12:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.12.03 22:46:38 | 000,000,000 | ---D | C] -- C:\Users\Julius\Documents\FUSSBALL MANAGER 12
[2011.12.03 20:04:31 | 000,000,000 | ---D | C] -- C:\Users\Julius\Documents\GTA San Andreas User Files
[2011.12.03 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Local\PunkBuster
[2011.12.03 19:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.03 15:31:15 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.03 15:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2011.12.02 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.02 14:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.02 14:54:27 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.02 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.02 10:35:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.12.02 10:35:53 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.12.02 10:35:53 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.12.02 10:35:53 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2011.12.02 10:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.01 19:46:35 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Malwarebytes
[2011.12.01 19:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.01 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 18:55:36 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.01 18:54:54 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.01 18:54:09 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 18:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.12.01 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Julius\Desktop\franzi adventskalender
[2011.11.28 20:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011.11.24 00:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.11.23 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\GameXN
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\pdfforge
[2011.11.21 20:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.11.21 20:24:06 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX
[2011.11.21 20:24:05 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2011.11.21 20:23:54 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL
[2011.11.21 20:23:54 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL
[2011.11.21 20:23:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL
[2011.11.16 16:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011.11.15 01:59:26 | 000,000,000 | ---D | C] -- C:\Cities.XL.2012-KaOs
[2011.11.13 00:46:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2011.11.13 00:44:56 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2011.11.13 00:44:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2011.11.13 00:44:55 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2011.11.13 00:44:54 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2011.11.13 00:44:54 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2011.11.13 00:44:54 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2011.11.13 00:44:53 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2011.11.13 00:44:53 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2011.11.13 00:44:52 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2011.11.13 00:44:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2011.11.13 00:44:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2011.11.13 00:44:52 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2011.11.13 00:44:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2011.11.13 00:44:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2011.11.13 00:44:51 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2011.11.13 00:44:50 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2011.11.13 00:44:50 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2011.11.13 00:44:50 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2011.11.13 00:44:48 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2011.11.13 00:44:47 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2011.11.13 00:44:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2011.11.13 00:44:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2011.11.13 00:44:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2011.11.13 00:44:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2011.11.13 00:44:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2011.11.13 00:44:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2011.11.13 00:44:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2011.11.13 00:44:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2011.11.13 00:44:44 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2011.11.13 00:44:44 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2011.11.13 00:44:44 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2011.11.13 00:44:42 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2011.11.13 00:44:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2011.11.13 00:44:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2011.11.13 00:44:42 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2011.11.13 00:44:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2011.11.13 00:44:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.11.13 00:44:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.11.13 00:44:40 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2011.11.13 00:44:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2011.11.13 00:44:40 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2011.11.13 00:44:40 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2011.11.13 00:44:39 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2011.11.13 00:44:39 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2011.11.13 00:44:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2011.11.13 00:44:38 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2011.11.13 00:44:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2011.11.13 00:44:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2011.11.13 00:44:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2011.11.13 00:44:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2011.11.13 00:44:35 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2011.11.13 00:44:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2011.11.13 00:44:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2011.11.13 00:44:35 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2011.11.13 00:44:34 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2011.11.13 00:44:33 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2011.11.13 00:44:33 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2011.11.13 00:44:33 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2011.11.13 00:44:32 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2011.11.13 00:44:32 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2011.11.13 00:44:32 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2011.11.13 00:44:31 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2011.11.13 00:44:31 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2011.11.13 00:44:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2011.11.13 00:44:29 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2011.11.13 00:44:29 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2011.11.13 00:44:28 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2011.11.13 00:44:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2011.11.13 00:44:27 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2011.11.13 00:44:27 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2011.11.13 00:44:27 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2011.11.13 00:44:27 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2011.11.13 00:44:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011.11.13 00:44:25 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2011.11.13 00:44:25 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2011.11.13 00:44:24 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2011.11.13 00:44:23 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2011.11.13 00:44:23 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2011.11.13 00:44:22 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2011.11.13 00:44:22 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2011.11.13 00:44:22 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2011.11.13 00:44:08 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2011.11.13 00:44:08 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2011.11.13 00:44:08 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2011.11.13 00:44:07 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2011.11.13 00:44:06 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2011.11.13 00:44:05 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2011.11.13 00:44:04 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2011.11.13 00:44:02 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2011.11.13 00:44:01 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2011.11.13 00:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 2
[2011.11.12 22:42:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011.11.12 22:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2006.11.24 05:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.24 05:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.06 10:46:56 | 001,547,774 | ---- | M] () -- C:\Users\Julius\Desktop\tdsskiller.zip
[2011.12.06 10:44:58 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.06 10:40:52 | 000,675,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.06 10:40:52 | 000,633,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.06 10:40:52 | 000,146,368 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.06 10:40:52 | 000,118,772 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.06 10:34:48 | 000,312,532 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.06 10:34:42 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 10:34:42 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 10:34:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 10:33:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.05 23:16:49 | 000,001,191 | ---- | M] () -- C:\Users\Julius\Desktop\Free YouTube to MP3 Converter.lnk
[2011.12.03 19:33:21 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 15:32:07 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.03 15:31:15 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2011.12.02 15:16:18 | 000,000,715 | ---- | M] () -- C:\Users\Julius\Desktop\Literaturverzeichnis ohne Titel.rtf
[2011.12.02 14:54:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:41 | 000,005,619 | ---- | M] () -- C:\Users\Julius\Desktop\Julius Lagodny_ proposed literature.pdf
[2011.11.28 20:36:50 | 000,092,299 | ---- | M] () -- C:\Users\Julius\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | M] () -- C:\Users\Julius\Desktop\mama weihnachten.jpg
[2011.11.28 19:59:42 | 003,464,124 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:04 | 000,028,310 | ---- | M] () -- C:\Users\Julius\Desktop\QuickTime.pdf
[2011.11.28 19:31:40 | 002,874,836 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0929.JPG
[2011.11.28 19:30:59 | 002,191,241 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0847.JPG
[2011.11.28 19:24:29 | 002,525,941 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0946.JPG
[2011.11.28 19:22:21 | 001,911,246 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0758.JPG
[2011.11.28 19:21:41 | 002,344,261 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0817.JPG
[2011.11.28 19:14:29 | 002,005,912 | ---- | M] () -- C:\Users\Julius\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | M] () -- C:\Users\Julius\Desktop\Julius_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | M] () -- C:\Users\Julius\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.24 16:56:53 | 000,098,304 | ---- | M] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Julius\Desktop\TDSSKiller.exe
[2011.11.24 00:49:25 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.21 20:24:08 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.21 15:14:03 | 000,001,752 | -H-- | M] () -- C:\Users\Julius\Documents\Default.rdp
[2011.11.16 16:40:25 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.06 10:46:56 | 001,547,774 | ---- | C] () -- C:\Users\Julius\Desktop\tdsskiller.zip
[2011.12.05 23:16:49 | 000,001,191 | ---- | C] () -- C:\Users\Julius\Desktop\Free YouTube to MP3 Converter.lnk
[2011.12.03 19:33:21 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.12.03 15:32:07 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2011.12.02 14:54:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.02 10:36:10 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.02 10:20:13 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.30 12:00:40 | 000,005,619 | ---- | C] () -- C:\Users\Julius\Desktop\Julius Lagodny_ proposed literature.pdf
[2011.11.28 20:36:48 | 000,092,299 | ---- | C] () -- C:\Users\Julius\Desktop\(Fotoabzüge Fotoleinwand Fotokalender Fotobücher Fotoentwicklung).pdf
[2011.11.28 20:03:21 | 000,079,379 | ---- | C] () -- C:\Users\Julius\Desktop\mama weihnachten.jpg
[2011.11.28 19:57:45 | 003,464,124 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0758 Kopie.jpg
[2011.11.28 19:55:03 | 000,028,310 | ---- | C] () -- C:\Users\Julius\Desktop\QuickTime.pdf
[2011.11.28 19:28:56 | 002,874,836 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0929.JPG
[2011.11.28 19:28:35 | 002,191,241 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0847.JPG
[2011.11.28 19:23:01 | 002,525,941 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0946.JPG
[2011.11.28 19:20:53 | 001,911,246 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0758.JPG
[2011.11.28 19:19:57 | 002,344,261 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0817.JPG
[2011.11.28 19:13:14 | 002,005,912 | ---- | C] () -- C:\Users\Julius\Desktop\IMG_0809.JPG
[2011.11.28 16:05:54 | 000,401,621 | ---- | C] () -- C:\Users\Julius\Desktop\Julius_Lagodny_Studienbescheinigung WS11-12.pdf
[2011.11.25 14:29:51 | 000,000,162 | -H-- | C] () -- C:\Users\Julius\Desktop\~$teraturverzeichnis ohne Titel.rtf
[2011.11.23 19:03:41 | 000,001,534 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (GameXN).lnk
[2011.11.21 20:24:08 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.11.16 16:40:25 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.11.16 16:40:25 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.11.11 14:17:58 | 299,253,828 | ---- | C] () -- C:\Users\Julius\Desktop\xwvsevs_1981_2000_v20060423.dta
[2011.10.02 13:27:47 | 000,000,235 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\fixpermissions.bat
[2011.08.31 12:07:47 | 000,017,408 | ---- | C] () -- C:\Users\Julius\AppData\Local\WebpageIcons.db
[2011.04.29 15:24:37 | 000,000,182 | ---- | C] () -- C:\Windows\System32\EBPPORT4.DAT
[2011.04.29 15:24:12 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC84Euro.ini
[2011.02.14 20:39:25 | 000,000,680 | ---- | C] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2011.01.14 18:30:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 14:25:43 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.01 18:30:04 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010.09.21 19:16:35 | 000,098,304 | ---- | C] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.06.07 11:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.05.29 22:42:20 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2009.03.11 19:01:28 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2008.07.09 06:09:20 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.07.08 14:50:18 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.07.08 14:39:09 | 000,312,532 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.07.08 14:32:17 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe
[2008.07.08 14:31:32 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2008.07.08 14:31:32 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2008.07.08 14:18:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe
[2008.07.08 14:18:02 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe
[2008.07.08 12:54:14 | 000,675,400 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.08 12:54:14 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.08 12:54:14 | 000,146,368 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.08 12:54:14 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.08 12:45:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.02.09 16:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe
[2008.01.21 02:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2007.02.26 07:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat
[2007.02.15 07:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2006.11.29 08:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe
[2006.11.29 08:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 12:47:37 | 000,397,320 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:33:01 | 000,633,886 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 10:33:01 | 000,118,772 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006.11.02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 07:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.10.09 01:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.01.03 10:10:44 | 000,319,488 | ---- | C] () -- C:\Windows\System32\DLXAPI32.DLL
[2002.04.26 01:00:00 | 000,000,111 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2001.11.14 03:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.08.31 15:18:32 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\.minecraft
[2011.12.04 15:44:24 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\BitTorrent
[2011.12.03 19:37:42 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\BitZipper
[2011.02.06 17:09:56 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Canneverbe Limited
[2011.10.02 12:12:09 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\com.w3i.FlipToast
[2011.12.03 21:44:54 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DAEMON Tools Lite
[2011.12.05 23:17:15 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoft
[2011.12.05 23:34:22 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.06 09:51:59 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\go
[2011.01.13 19:17:16 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Local
[2010.09.28 09:09:11 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\OpenOffice.org
[2011.11.21 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\pdfforge
[2011.02.13 20:57:23 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Program Files
[2011.10.02 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Sports Interactive
[2010.11.05 13:36:44 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Stata10
[2010.09.21 09:32:35 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\Thunderbird
[2011.02.11 11:33:06 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\TS3Client
[2011.12.06 10:33:51 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

[/code]

laggy 06.12.2011 12:04
Also folgendes hat sich ergeben:

als ich die proxy-server sache umstellen wollte, war das schon gemacht. zumindest im internetexplorer, im firefox nicht. nach dem ersten scan und dem nächsten hochfahren, kam die melden, dass proxserver benutzt wird, was mich etwas verwundert hat. hat aber alles wieder funktioniert.

was wohl nicht ganz geklappt hat is die sache mit dem tdsskiller. obwohl ich mein antivirenprogramm ausgemacht habe -->avira antivir: echtzeit-scanner: inaktiv, und ich das ding als 7zip datei auf dem desktop habe, hat der scan mir nichts angezeigt. sonst hat alles wieder geklappt, wie dus vorhergesagt hast...

naja jetzt bin ich mal gespannt, was du dazu zu sagen hast ;)

kira 06.12.2011 18:41
1.
CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren. Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der Bereinigung rückgängig machen.

Lade DeFogger herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.
  • Es öffnet sich das Programm-Fenster des Tools.
  • Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
  • Klicke Ja, um fortzufahren.
  • Wenn die Nachricht 'Finished!' erscheint,
  • klicke OK.
  • DeFogger wird nun einen Reboot erfragen - klicke OK
  • Poste mir das defogger_disable.log hier in den Thread.
Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:57475
[2011.10.02 23:55:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files\SpeedItup Free\speeditupfree.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.) - F:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 20:11:56 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell - "" = AutoRun
O33 - MountPoints2\{d366cd31-1da0-11e1-9d56-001377ab8d4a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2010.09.27 20:11:56 | 003,812,720 | R--- | M] (Electronic Arts Inc.)

:Commands
[purity]
[emptytemp]

3.
MBR mit aswMBR von Avast prüfen

Lade aswMBR.exe von Avast herunter und speichere das Tool auf deinem Desktop (nicht woanders hin).
XP Benutzer: Doppelklick auf die aswMBR.exe, um das Tool zu starten.
Vista und Windows 7 Benutzer: Rechtsklick auf die aswMBR.exe und Als Administrator starten wählen.
Es wird sich ein Eingabe-Fenster mit einigen Angaben öffnen.

Klicke Scan, um den Suchlauf zu starten.

Wenn der Scan beendet ist, was mit Scan finished sucessfull! gemeldet wird, klicke Save log, um das Logfile zu speichern.
Poste mir den Inhalt von aswASW.log vom Desktop hier in den Thread.

laggy 07.12.2011 11:01
Code:

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Julius
->Temp folder emptied: 4074191 bytes
->Temporary Internet Files folder emptied: 1418486 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118617220 bytes
->Flash cache emptied: 3353 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 685502 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12072011_095738

Files\Folders moved on Reboot...
C:\Windows\temp\~DF96E3.tmp moved successfully.

Registry entries deleted on Reboot...


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:46 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19